~ ZHPDiag v2015.12.13.184 By Nicolas Coolman (2015/12/11) ~ Run by Administrator (Administrator) (2015/12/14 12:05:40) ~ Web: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Documents and Settings\Administrator\Desktop\ZHPDiag.txt ~ Report: C:\Documents and Settings\Administrator\Application Data\ZHP\ZHPDiag.txt ~ UAC: Deactivate ~ System startup: Normal (Normal boot) Windows XPe, 32-bit Service Pack 3 (Build 1.511.1 () (Obsolete data - do not use)) ---\\ Internet Browsers (2) - 0s MFIE: Mozilla Firefox 42.0 (x86 fr) v42.0 MSIE: Internet Explorer v7.0.5730.11 ---\\ Windows Product Information (4) - 0s Windows Server License Manager Script : Absent (Not found) Windows ID Activation : Inconnue (Unknown) Windows Licence : Inconnue (Unknown) Windows Automatic Updates : OK ---\\ System protection software (1) - 3s Malwarebytes Anti-Malware version 2.2.0.1024 ---\\ System optimization software (1) - 3s CCleaner v5.12 ---\\ Surveillance software (1) - 3s Adobe Flash Player 20 NPAPI ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 6 Model 28 Stepping 2, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 1039.66 MB (40% free) System Restore: Désactivé (Disabled) System drive C: has 65 GB () free of 76 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: X650 ~ User Name: Administrator ~ Logged in as Administrator ---\\ Enumeration of the disk units (2) - 0s ~ Drive C: has 65 GB free of 76 GB (System) ~ Drive D: has 72 GB free of 76 GB ---\\ State of the Windows Security Center (12) - 0s [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (22) - 1s [MD5.414C183455630E34F8117F4AEA830CCE] - 09/10/2008 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [1040712] {610F784D000000000003} © [MD5.037B1E7798960E0420003D05BB577EE6] - 14/04/2008 - (.Microsoft Corporation - Run a DLL as an App.) -- C:\Windows\System32\rundll32.exe [33280] © [MD5.EF8EBA98145BFA44E80D17A3B3453300] - 26/08/2008 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [826368] © [MD5.D05F6E0B42142D5C77A087441992302D] - 09/10/2008 - (.Microsoft Corporation - Windows NT Logon Application.) -- C:\Windows\System32\Winlogon.exe [514888] {610F784D000000000003} © [MD5.5D3FDE8FB2801A2041D1B965372C4928] - 20/06/2008 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [147968] © [MD5.7E775010EF291DA96AD17CA4B17137D7] - 14/08/2008 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [138496] © [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - 30/04/2010 - (.Microsoft Corporation - IDE/ATAPI Port Driver.) -- C:\Windows\System32\drivers\atapi.sys [96512] © [MD5.C885B02847F5D2FD45A24E219ED93B32] - 14/04/2008 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [63744] © [MD5.1F4260CC5B42272D71F79E570A27A4FE] - 30/04/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [62976] © [MD5.D45926117EB9FA946A6AF572FBE1CAA3] - 14/04/2008 - (.Microsoft Corporation - FIPS Crypto Driver.) -- C:\Windows\System32\drivers\Fips.sys [44544] © [MD5.573C7D0A32852B48F3058CFD8026F511] - 30/04/2010 - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\Windows\System32\drivers\HDAudBus.sys [144384] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - 30/04/2010 - (.Microsoft Corporation - IMAPI Kernel Driver.) -- C:\Windows\System32\drivers\Imapi.sys [42112] © [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - 14/04/2008 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [152832] © [MD5.23C74D75E36E7158768DD63D92789A91] - 14/04/2008 - (.Microsoft Corporation - IPSec Driver.) -- C:\Windows\System32\drivers\IPSec.sys [75264] © [MD5.68755F0FF16070178B54674FE5B847B0] - 14/04/2008 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [456576] © [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - 14/04/2008 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [162816] © [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - 13/04/2008 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [574976] © [MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - 30/04/2010 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [80128] © [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - 14/04/2008 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [51328] © [MD5.15CABD0F7C00C47C70124907916AF3F1] - 14/04/2008 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [196224] © [MD5.F828DD7E1419B6653894A8F97A0094C5] - 30/04/2010 - (.Microsoft Corporation - Redbook Audio Filter Driver.) -- C:\Windows\System32\drivers\redbook.sys [57600] © [MD5.4C8FCB5CC53AAB716D810740FE59D025] - 14/04/2008 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [52352] © ---\\ Non Microsoft non disabled Windows Services (10) - 2s O23 - Service: BIOSGammaOS.exe (BIOSGammaOS.exe) . (...) - C:\Documents and Settings\Administrator\Local Settings\Application Data\BIOSGammaOS\BIOSGammaOS.exe O23 - Service: DCScheduler (DCScheduler) . (...) - C:\Program Files\FarStone\DriveClone\Client\CBP\DCSchdlerSRVC.exe {0CBC293F8E24848F085261525258CAEF} O23 - Service: File Backup Agent (FBAgent) . (.Farstone Technology Inc. - File Backup and Restore Agent.) - C:\Program Files\FarStone\DriveClone\Client\Efb\FBPAgent.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files\Firebird\bin\fbguard.exe © O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc® O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation® O23 - Service: Serveur NexusDB - XL Soft (NXDBServerXLSoft) . (...) - C:\Program Files\XL Soft\XL Pos 9\Serveur\NxServer.exe O23 - Service: TeamViewer 11 (TeamViewer) . (.TeamViewer GmbH - TeamViewer 11.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe =>.TeamViewer® O23 - Service: DCNTranProc (Tran_Process_Proc) . (...) - C:\Program Files\FarStone\DriveClone\Client\DCNTranProc.exe O23 - Service: Serveur HTTP XLPos (XLPosHTTPService) . (...) - C:\Program Files\XL Soft\XL Pos 9\Serveur\XLPosServer.exe ---\\ Process running (10) - 5s [MD5.9768DAAEAD351A54FD04FE68DFB2C692] - (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BIOSGammaOS\BIOSGammaOS.exe [160768] [PID.1048] [MD5.A0A2EB3681AC71CC2D6C3DE807EAC495] - (...) -- C:\Program Files\FarStone\DriveClone\Client\CBP\DCSchdler.exe [195088] [PID.1220] {0CBC293F8E24848F085261525258CAEF} [MD5.05ED1C8CD0DD738EFDD6429E6F123D97] - (.Farstone Technology Inc. - File Backup and Restore Agent.) -- C:\Program Files\FarStone\DriveClone\Client\Efb\FBPAgent.exe [86016] [PID.1276] [MD5.11FF65D84AC822474074E21798B3967D] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\bin\fbguard.exe [81920] [PID.1628] © [MD5.7670ED4C0976448F5048221634BE9C86] - (...) -- C:\Program Files\FarStone\DriveClone\Client\DCNTranProc.exe [77824] [PID.2252] [MD5.9A4B72D6C6874F1E47CD9B23C2503C0B] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\bin\fbserver.exe [2764800] [PID.3632] © [MD5.214BED9D4FF00022B8E4E4448397E036] - (...) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BIOSGammaOS\FolderKernelPrivacy.exe [368128] [PID.3676] [MD5.1CDA845FECBCC100CBBB2902C1A1BBFF] - (.Nicolas Coolman - ZHPCleaner.) -- C:\Documents and Settings\Administrator\Application Data\ZHP\ZHPCleaner.exe [1938944] [PID.3256] © [MD5.B2FDAEBE80EB9490B92F17D310225E9A] - (.Copyright (C) 2015 Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrator\Desktop\ZHPDiag3.exe [2012672] [PID.2880] © [MD5.B2FDAEBE80EB9490B92F17D310225E9A] - (.Copyright (C) 2015 Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrator\Desktop\ZHPDiag3.exe [2012672] [PID.1712] © ---\\ Google Chrome, Start,Search,Extensions (11) - 0s G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com G0 - GCSP: Preferences [User Data\Default][HomePage] http://veterances.org G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.nicolascoolman.fr G0 - GCSP: Preferences [User Data\Default][HomePage] http://zpdiag G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com G0 - GCSP: Preferences [User Data\Default][HomePage] http://id.google.fr G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.fr G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (3) - 1s M0 - MFSP: prefs.js [Administrator - 1xvubi0q.default] http://inoao.com/ P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} © P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll © ---\\ Internet Explorer Extensions, Start, Search (15) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = www.google.com R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ---\\ Internet Explorer, Proxy Management (7) - 1s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*origin.com;*ea.com;*akamaihd.net R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:20601 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) © F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) © F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Hosts file redirection (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (19) ---\\ Auto loading programs from Registry and folders (5) - 0s O4 - HKLM\..\RunOnce: [ZHPCleaner] Notepad C:\Documents and Settings\Administrator\Application Data\ZHP\ZHPCleaner.txt (.not file.) O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\Windows\system32\ctfmon.exe © O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd® O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\Windows\system32\ctfmon.exe © O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\Windows\system32\ctfmon.exe © ---\\ Lop.com/Domain Hijackers (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Extra protocols (25) - 1s O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll © O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\system32\msvidctl.dll © O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\system32\itss.dll © O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll © O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll © O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\Windows\system32\inetcomm.dll © O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\system32\itss.dll © O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll © O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\system32\msvidctl.dll © O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll © O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\Windows\system32\wiascr.dll © O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll {610F784D000000000003} © O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll {610F784D000000000003} © O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll {610F784D000000000003} © O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll © O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\system32\shell32.dll {610F784D000000000003} © ---\\ Software installed (52) - 28s O42 - Logiciel: 1 Media Player version 1.7.7 - (.OneFloorApp Ltd..) [HKLM] -- {6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA9}_is1 {647DCD036A8DB2A49C8C7D9D34A859E4} O42 - Logiciel: Adobe Flash Player 20 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated® O42 - Logiciel: Canon iP2700 series Printer Driver - (...) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series {442F9C58B61E1D9833719F449E43668A} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner =>.Piriform Ltd® O42 - Logiciel: Crisalid OPOS Drivers Set v1.12 - (.Crisalid.) [HKLM] -- CrisalidOPOS2_is1 © O42 - Logiciel: DriveClone Pro 6.0 - (.FarStone Inc..) [HKLM] -- {74449814-B2A1-41FB-890C-60CF2FD0DA96} O42 - Logiciel: Firebird 2.1.4.18393 - Crisalid Edition - (.Firebird Project - Crisalid.) [HKLM] -- FBDBServer21CE_is1 O42 - Logiciel: Google Chrome - (.Google, Inc..) [HKLM] -- {C529D155-657E-35C0-8A38-95AE8B671B9A} © O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} © O42 - Logiciel: Hotfix for Windows XP (KB942288-v3) - (.Microsoft Corporation.) [HKLM] -- KB942288-v3 =>.Microsoft Corporation® O42 - Logiciel: Hotfix for Windows XP (KB942766-v6) - (.Microsoft Corporation.) [HKLM] -- KB942766-v6 =>.Microsoft Corporation® O42 - Logiciel: Hotfix for Windows XP (KB952287) - (.Microsoft Corporation.) [HKLM] -- KB952287 =>.Microsoft Corporation® O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 © O42 - Logiciel: Hotfix for Windows XP (KB959252-v2) - (.Microsoft Corporation.) [HKLM] -- KB959252-v2 =>.Microsoft Corporation® O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (...) [HKLM] -- HDMI =>.Intel Corporation® O42 - Logiciel: Intel(R) Network Connections 13.2.8.0 - (.Intel.) [HKLM] -- {AAA4850F-7E20-40D7-A4C3-3697E7FA4A54} © O42 - Logiciel: Lucent Technologies Soft Modem AMR - (...) [HKLM] -- Lucent Technologies Soft Modem O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.0.1024 - (.Malwarebytes.) [HKLM] -- Malwarebytes Anti-Malware_is1 © O42 - Logiciel: Microsoft POS for .NET 1.12 - (.Microsoft Corporation.) [HKLM] -- {5B8A87B3-F137-48B4-9009-0A52C94828CB} © O42 - Logiciel: Mozilla Firefox 42.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 42.0 (x86 fr) =>.Mozilla Corporation® O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService © O42 - Logiciel: MSR Setter(Serial Type) 1.7 - (...) [HKLM] -- MSR Setter_is1 O42 - Logiciel: Nyelvi csomag a Microsoft .NET-keretrendszer 3.5 1. szervizcsomagjához – HU - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - hun {610F784D000000000003} © O42 - Logiciel: OPOS Drivers 1.12 for RZ-X650 - (.SHARP Corporation.) [HKLM] -- OPOS Drivers 1.12 for RZ-X650_is1 O42 - Logiciel: OPOS Utility Version 1.0.1 - (.SHARP Corporation.) [HKLM] -- OPOS Utility_is1 O42 - Logiciel: PenMount Windows Universal Driver V2.2.0.290 - (.PenMount.) [HKLM] -- PenMount Touch Solutions O42 - Logiciel: POS Test Program 1.0.6 for RZ-X650 - (.SHARP Corporation.) [HKLM] -- POS Test Program 1.0.6_is1 O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} © O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB956390) - (.Microsoft Corporation.) [HKLM] -- KB956390-IE7 {6105875800030000005A} © O42 - Logiciel: Security Update for Windows XP (KB938464) - (.Microsoft Corporation.) [HKLM] -- KB938464 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB941569) - (.Microsoft Corporation.) [HKLM] -- KB941569 {6105875800030000005A} © O42 - Logiciel: Security Update for Windows XP (KB950974) - (.Microsoft Corporation.) [HKLM] -- KB950974 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB951066) - (.Microsoft Corporation.) [HKLM] -- KB951066 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB951748) - (.Microsoft Corporation.) [HKLM] -- KB951748 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB952954) - (.Microsoft Corporation.) [HKLM] -- KB952954 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB953155) - (.Microsoft Corporation.) [HKLM] -- KB953155 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB956391) - (.Microsoft Corporation.) [HKLM] -- KB956391 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB956803) - (.Microsoft Corporation.) [HKLM] -- KB956803 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB956841) - (.Microsoft Corporation.) [HKLM] -- KB956841 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB957095) - (.Microsoft Corporation.) [HKLM] -- KB957095 =>.Microsoft Corporation® O42 - Logiciel: Security Update for Windows XP (KB958644) - (.Microsoft Corporation.) [HKLM] -- KB958644 =>.Microsoft Corporation® O42 - Logiciel: TeamViewer 11 - (.TeamViewer.) [HKLM] -- TeamViewer =>.TeamViewer® O42 - Logiciel: Toshiba Soft Modem AMR - (...) [HKLM] -- Toshiba Soft Modem O42 - Logiciel: Update for Windows XP (KB898461) - (.Microsoft Corporation.) [HKLM] -- KB898461 {6105875800030000005A} © O42 - Logiciel: Update for Windows XP (KB951978) - (.Microsoft Corporation.) [HKLM] -- KB951978 =>.Microsoft Corporation® O42 - Logiciel: WebFldrs XP - (.Microsoft Corporation.) [HKLM] -- {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} © O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify © O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC =>.Microsoft Corporation® O42 - Logiciel: Windows Internet Explorer 7 Multilingual User Interface (MUI) - (.Microsoft Corporation.) [HKLM] -- IE7-MUI {6105875800030000005A} © O42 - Logiciel: XL Pos 9 pour Windows - Version Textile - (...) [HKLM] -- XL Pos 9 pour Windows - Version Textile O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP {6105875800030000005A} © O42 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 © ---\\ HKCU & HKLM Software Keys (79) - 28s HKLM\SOFTWARE\3Com HKLM\SOFTWARE\AdwCleaner HKLM\SOFTWARE\Ammyy HKLM\SOFTWARE\Apple Inc. HKLM\SOFTWARE\ATI Technologies HKLM\SOFTWARE\Aureal HKLM\SOFTWARE\BCMDM HKLM\SOFTWARE\Brother HKLM\SOFTWARE\Canon HKLM\SOFTWARE\Creative Tech HKLM\SOFTWARE\Crisalid HKLM\SOFTWARE\Digi HKLM\SOFTWARE\EPSON HKLM\SOFTWARE\FarStone HKLM\SOFTWARE\Firebird Project HKLM\SOFTWARE\Gemplus HKLM\SOFTWARE\Generic HKLM\SOFTWARE\GenericSoftModemUninstallInfo HKLM\SOFTWARE\Google HKLM\SOFTWARE\Insoft HKLM\SOFTWARE\InstalledOptions HKLM\SOFTWARE\Intel HKLM\SOFTWARE\Logitech HKLM\SOFTWARE\Lucent HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Malwarebytes' Anti-Malware HKLM\SOFTWARE\MAPPER HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\NeoMagic HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\OLEforRetail HKLM\SOFTWARE\PCTEL HKLM\SOFTWARE\PenMount HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\POSfor.NET HKLM\SOFTWARE\Realtek HKLM\SOFTWARE\Realtek Semiconductor Corp. HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\S3 HKLM\SOFTWARE\Schlumberger HKLM\SOFTWARE\Specialix HKLM\SOFTWARE\TeamViewer HKLM\SOFTWARE\TOSHIBA HKLM\SOFTWARE\Vid_0471 HKLM\SOFTWARE\Vid_05A9 HKLM\SOFTWARE\VN_VUIns HKLM\SOFTWARE\Windows 3.1 Migration Status HKLM\SOFTWARE\Wow6432Node HKLM\SOFTWARE\XL Soft HKCU\SOFTWARE\Ammyy HKCU\SOFTWARE\Angryziber HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Chromium HKCU\SOFTWARE\CREATIVE TECH HKCU\SOFTWARE\Crisalid HKCU\SOFTWARE\DoctorPCLanguage HKCU\SOFTWARE\Google HKCU\SOFTWARE\Hilgraeve Inc HKCU\SOFTWARE\Intel HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\Nexus HKCU\SOFTWARE\PenMount HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\Re-mark-it HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\rollercoasterpark HKCU\SOFTWARE\Software HKCU\SOFTWARE\TeamViewer HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\Xerox HKCU\SOFTWARE\XL Soft HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software ---\\ Contents of the Common Files folders (101) - 11s O43 - CFD: 24/03/2015 - [] D -- C:\Program Files\1 Media Player O43 - CFD: 14/02/2012 - [] HD -- C:\Program Files\CanonBJ O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\CCleaner O43 - CFD: 02/04/2015 - [] D -- C:\Program Files\Cinetonic O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\Clock O43 - CFD: 12/10/2015 - [] D -- C:\Program Files\Common Files O43 - CFD: 30/04/2010 - [0] D -- C:\Program Files\ComPlus Applications O43 - CFD: 20/02/2012 - [] D -- C:\Program Files\Crisalid O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\ezLinkPreview O43 - CFD: 15/02/2011 - [] D -- C:\Program Files\FarStone O43 - CFD: 10/02/2012 - [] D -- C:\Program Files\Firebird O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\GExtend O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\Gismeteo O43 - CFD: 23/06/2015 - [] D -- C:\Program Files\Google O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\Groolu the Social Coupon Guru O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\Guitar Hero 3D O43 - CFD: 02/12/2015 - [0] D -- C:\Program Files\GUM5C1.tmp O43 - CFD: 02/04/2015 - [] D -- C:\Program Files\Instair New Tab O43 - CFD: 15/02/2011 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 25/05/2011 - [] D -- C:\Program Files\Intel O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\Malwarebytes Anti-Malware O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Microsoft Point Of Service O43 - CFD: 02/04/2015 - [] D -- C:\Program Files\Moon Phase O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Movie Maker O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\Mozilla Maintenance Service O43 - CFD: 15/02/2011 - [] D -- C:\Program Files\MSBuild O43 - CFD: 14/06/2011 - [] D -- C:\Program Files\MSR Setter O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\Nimbus Note O43 - CFD: 21/11/2008 - [0] D -- C:\Program Files\Online Services O43 - CFD: 09/02/2012 - [] D -- C:\Program Files\Opos O43 - CFD: 15/02/2011 - [] D -- C:\Program Files\PenMount Windows Universal Driver O43 - CFD: 15/02/2011 - [] D -- C:\Program Files\Realtek O43 - CFD: 15/02/2011 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 02/04/2015 - [] D -- C:\Program Files\rikaikun O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\Spicy Protection O43 - CFD: 02/04/2015 - [] D -- C:\Program Files\TabInfoCopy O43 - CFD: 14/12/2015 - [] D -- C:\Program Files\TeamViewer O43 - CFD: 02/12/2015 - [] D -- C:\Program Files\uBlock Origin O43 - CFD: 30/04/2010 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 25/05/2011 - [] D -- C:\Program Files\Valcretec O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Windows Media Connect 2 O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Windows NT O43 - CFD: 30/04/2010 - [0] HD -- C:\Program Files\WindowsUpdate O43 - CFD: 08/02/2012 - [] D -- C:\Program Files\XL Soft O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\ZHPFix O43 - CFD: 24/03/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\1 Media Player O43 - CFD: 30/04/2010 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories O43 - CFD: 16/02/2011 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools O43 - CFD: 14/02/2012 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP2700 series O43 - CFD: 02/12/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner O43 - CFD: 13/05/2010 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\FarStone O43 - CFD: 23/06/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome O43 - CFD: 03/12/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware O43 - CFD: 01/06/2011 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\MSR Setter O43 - CFD: 09/02/2012 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\OPOS O43 - CFD: 27/09/2011 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\OPOS Drivers O43 - CFD: 15/02/2011 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\PenMount Windows Universal Driver O43 - CFD: 16/09/2011 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\POS Test Program O43 - CFD: 07/01/2015 - [] RD -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup O43 - CFD: 02/12/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 11 O43 - CFD: 02/12/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7 O43 - CFD: 03/12/2015 - [] D -- C:\Documents and Settings\All Users\Start Menu\Programs\ZHP O43 - CFD: 23/07/2013 - [] D -- C:\Documents and Settings\All Users\Application Data\AMMYY O43 - CFD: 14/02/2012 - [] HD -- C:\Documents and Settings\All Users\Application Data\CanonBJ O43 - CFD: 15/02/2011 - [] D -- C:\Documents and Settings\All Users\Application Data\Farstone O43 - CFD: 27/09/2011 - [0] D -- C:\Documents and Settings\All Users\Application Data\fscltdcn O43 - CFD: 02/04/2015 - [] D -- C:\Documents and Settings\All Users\Application Data\Malwarebytes O43 - CFD: 30/04/2010 - [] D -- C:\Documents and Settings\All Users\Application Data\Microsoft O43 - CFD: 27/01/2015 - [0] D -- C:\Documents and Settings\All Users\Application Data\Package Cache O43 - CFD: 15/02/2011 - [] D -- C:\Documents and Settings\All Users\Application Data\PenMount O43 - CFD: 10/05/2010 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 21/11/2008 - [] D -- C:\Program Files\Common Files\MSSoap O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Common Files\ODBC O43 - CFD: 30/04/2010 - [] D -- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 21/11/2008 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 08/10/2012 - [] D -- C:\Documents and Settings\Administrator\Application Data\Adobe O43 - CFD: 08/10/2012 - [] D -- C:\Documents and Settings\Administrator\Application Data\Macromedia O43 - CFD: 30/04/2010 - [] D -- C:\Documents and Settings\Administrator\Application Data\Microsoft O43 - CFD: 27/01/2015 - [] D -- C:\Documents and Settings\Administrator\Application Data\mozilla O43 - CFD: 02/04/2015 - [0] D -- C:\Documents and Settings\Administrator\Application Data\Protect O43 - CFD: 03/12/2015 - [] D -- C:\Documents and Settings\Administrator\Application Data\TeamViewer O43 - CFD: 14/12/2015 - [] D -- C:\Documents and Settings\Administrator\Application Data\ZHP O43 - CFD: 23/07/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\%PRODUCTNAME% O43 - CFD: 29/11/2014 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe O43 - CFD: 27/11/2014 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BIOSGammaOS O43 - CFD: 02/01/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo O43 - CFD: 20/11/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google O43 - CFD: 02/04/2015 - [0] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ICSharpCode.net O43 - CFD: 22/06/2012 - [] SD -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft O43 - CFD: 03/12/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla O43 - CFD: 20/08/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SetupSkin O43 - CFD: 02/12/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TeamViewer O43 - CFD: 20/11/2015 - [] D -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp O43 - CFD: 16/02/2011 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories O43 - CFD: 21/11/2008 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools O43 - CFD: 02/04/2015 - [] RD -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup O43 - CFD: 09/02/2012 - [] D -- C:\Documents and Settings\Administrator\Start Menu\Programs\XL Soft ---\\ ShellIconOverlayIdentifiers (SIOI) (1) - 1s O106 - SIOI: Offline Files Menu [Offline Files] - {750fdf0e-2a26-11d1-a3ea-080036587f03}. (.Microsoft Corporation - Client Side Caching UI.) -- C:\Windows\system32\cscui.dll © ---\\ ShareTools MSconfig StartupReg (11) - 1s O53 - SMSR:HKLM\...\startupreg\Alcmtr [Key] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- ALCMTR.EXE (.not file.) © O53 - SMSR:HKLM\...\startupreg\Bench Communicator Watcher [Key] . (...) -- C:\Program Files\Bench\Proxy\pwdg.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Bench Settings Cleaner [Key] . (...) -- C:\Program Files\Bench\Proxy\cl.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\BluetoothAuthenticationAgent [Key] . (.Microsoft Corporation - Run a DLL as an App.) -- rundll32.exe (.not file.) © O53 - SMSR:HKLM\...\startupreg\BService [Key] . (...) -- C:\Program Files\Bench\BService\1.1\bservice.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\Windows\system32\ctfmon.exe © O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe © O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe © O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe © O53 - SMSR:HKLM\...\startupreg\RTHDCPL [Key] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- RTHDCPL.EXE (.not file.) © O53 - SMSR:HKLM\...\startupreg\Wd [Key] . (...) -- C:\Program Files\Bench\Wd\wd.exe (.not file.) ---\\ System Drivers List (40) - 5s O58 - SDL:2001/08/17 20:49:02 A . (.Acer Laboratories Inc. - ALi Fast Infrared Device Driver.) -- C:\Windows\System32\drivers\alifir.sys [26624] © O58 - SDL:2009/04/21 05:35:34 A . (...) -- C:\Windows\System32\drivers\dcsnap.sys [78127] O58 - SDL:2008/04/14 08:14:50 A . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\Windows\System32\drivers\dmboot.sys [799744] © O58 - SDL:2008/04/14 08:14:48 A . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\Windows\System32\drivers\dmio.sys [153344] © O58 - SDL:2001/08/17 20:58:20 A . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\Windows\System32\drivers\dmload.sys [5888] © O58 - SDL:2008/08/05 21:28:10 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 5.x driver.) -- C:\Windows\System32\drivers\e1q5132.sys [144992] =>.Intel Corporation® O58 - SDL:2009/05/12 08:42:04 A . (...) -- C:\Windows\System32\drivers\FarMntIo.sys [13440] O58 - SDL:2010/04/30 23:41:48 A . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\Windows\System32\drivers\hdaudbus.sys [144384] O58 - SDL:2008/06/13 14:17:06 A . (.Intel Corporation - NDIS 5.1 Advanced Networking Services..) -- C:\Windows\System32\drivers\ianswxp.sys [114824] =>.Intel Corporation® O58 - SDL:2007/12/19 04:32:12 A . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\Windows\System32\drivers\igxpmp32.sys [5854688] © O58 - SDL:2008/07/30 09:43:46 A . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) -- C:\Windows\System32\drivers\iqvw32.sys [30816] =>.Intel Corporation® O58 - SDL:2001/08/17 20:49:04 A . (.MKNet Corporation - NDIS 5.0 driver.) -- C:\Windows\System32\drivers\irmk7.sys [23552] O58 - SDL:2001/08/17 20:49:10 A . (.SigmaTel, Inc. - NDIS 5.0 USB Infra-Red Driver.) -- C:\Windows\System32\drivers\irstusb.sys [26624] O58 - SDL:2015/10/05 09:50:04 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [23256] =>.Malwarebytes Corporation® O58 - SDL:2015/10/05 09:50:10 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [121560] =>.Malwarebytes Corporation® O58 - SDL:2015/12/03 10:28:50 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200] =>.Malwarebytes Corporation® O58 - SDL:2008/04/14 08:24:38 A . (.National Semiconductor Corporation - NSC Fast Infrared Driver..) -- C:\Windows\System32\drivers\nscirda.sys [28672] © O58 - SDL:2010/01/08 22:17:42 A . (.PenMount Touch Solutions - PenMount HID USB Filter Driver.) -- C:\Windows\System32\drivers\pmhidusb.sys [56320] O58 - SDL:2010/01/08 23:42:12 A . (.PenMount Touch Solutions - Penmount HID Mouse Filter Driver.) -- C:\Windows\System32\drivers\pmmouhid.sys [6144] O58 - SDL:2001/08/17 20:49:58 A . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\Windows\System32\drivers\ptilink.sys [17792] © O58 - SDL:2008/07/30 11:08:22 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RtkHDAud.sys [4751872] © O58 - SDL:2001/08/17 19:10:28 A . (.SMC - SMC IrCC NDIS 5.0 IrDA FIR Device Driver.) -- C:\Windows\System32\drivers\smcirda.sys [35913] O58 - SDL:2001/08/17 19:10:26 A . (.TOSHIBA Corporation - TOSHIBA FIR Type-O Miniport Driver.) -- C:\Windows\System32\drivers\tos4mo.sys [28232] © O58 - SDL:2001/08/17 20:49:04 A . (.VIA Technologies, Inc. - VIA Fast Infrared Driver..) -- C:\Windows\System32\drivers\viairda.sys [24576] © O58 - SDL:2001/08/17 19:10:30 A . (.Winbond Electronics Corp. - Winbond Fast Infrared Driver..) -- C:\Windows\System32\drivers\wbfirdma.sys [35871] O58 - SDL:2001/08/17 20:31:52 A . (...) -- C:\Windows\System32\ansi.sys [9029] O58 - SDL:2001/08/17 20:31:58 A . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:2001/08/17 20:31:50 A . (...) -- C:\Windows\System32\himem.sys [4768] O58 - SDL:2001/08/17 20:31:58 A . (...) -- C:\Windows\System32\key01.sys [42809] O58 - SDL:2003/01/17 18:52:06 A . (...) -- C:\Windows\System32\keyboard.sys [42537] O58 - SDL:2001/08/17 20:31:44 A . (...) -- C:\Windows\System32\ntdos.sys [27866] O58 - SDL:2001/08/17 20:31:48 A . (...) -- C:\Windows\System32\ntdos404.sys [29146] O58 - SDL:2001/08/17 20:31:48 A . (...) -- C:\Windows\System32\ntdos411.sys [29370] O58 - SDL:2001/08/17 20:31:52 A . (...) -- C:\Windows\System32\ntdos412.sys [29274] O58 - SDL:2001/08/17 20:31:46 A . (...) -- C:\Windows\System32\ntdos804.sys [29146] O58 - SDL:2004/08/04 06:45:10 A . (...) -- C:\Windows\System32\ntio.sys [33840] O58 - SDL:2004/08/04 06:45:16 A . (...) -- C:\Windows\System32\ntio404.sys [34560] O58 - SDL:2004/08/04 06:45:12 A . (...) -- C:\Windows\System32\ntio411.sys [35648] O58 - SDL:2004/08/04 06:45:16 A . (...) -- C:\Windows\System32\ntio412.sys [35424] O58 - SDL:2004/08/04 06:45:14 A . (...) -- C:\Windows\System32\ntio804.sys [34560] ---\\ Last modified or created user files (1) - 7s O61 - LFC: 2015/12/14 11:58:30 A . (..) -- C:\Documents and Settings\Administrator\Application Data\appdataFr2.bin [20] ---\\ File Associations Shell Spawning (10) - 1s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Run a DLL as an App.) -- rundll32.exe © O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe {6106BFFE000000000014} © O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\system32\wscript.exe © O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe © O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® ---\\ Start Menu Internet (12) - 0s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe © O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- iexplore.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - 'Firefox' Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\system32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - 'Firefox' Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\system32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - 'Firefox' Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\system32\ie4uinit.exe © ---\\ Search Browser Infection (3) - 9s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com/ O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com/ O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com/ ---\\ Search Svchost Services (41) - 2s O83 - Search Svchost Services: ersvc (ersvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\Windows\system32\ersvc.dll [23040] © O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Quarantine Agent Service Run-Time.) -- C:\Windows\system32\qagentrt.dll [291328] © O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [61440] © O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\Windows\system32\xmlprov.dll [129024] © O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\Windows\system32\wscsvc.dll [80896] © O83 - Search Svchost Services: 6to4 (6to4) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\system32\6to4svc.dll [100352] © O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\system32\appmgmts.dll [167936] © O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\system32\audiosrv.dll [42496] © O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\system32\browser.dll [77824] © O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\Windows\system32\cryptsvc.dll [62464] © O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Logical Disk Manager service dll.) -- C:\Windows\system32\dmserver.dll [23552] © O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - DHCP Client Service.) -- C:\Windows\system32\dhcpcsvc.dll [126976] © O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - .) -- C:\Windows\system32\es.dll [253952] © O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\system32\shsvcs.dll [135168] © O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\Windows\system32\hidserv.dll [21504] © O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\Windows\system32\irmon.dll [28160] © O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [96768] © O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\Windows\system32\wkssvc.dll [132096] © O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\Windows\system32\msgsvc.dll [33792] © O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Network Connections Manager.) -- C:\Windows\system32\netman.dll [198144] © O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\Windows\system32\mswsock.dll [245248] © O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Removable Storage Manager.) -- C:\Windows\system32\ntmssvc.dll [435200] © O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\system32\rasauto.dll [88576] © O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\system32\rasmans.dll [186368] © O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\system32\mprdim.dll [53248] © O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [18944] © O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\system32\sens.dll [39424] © O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\system32\ipnathlp.dll [331264] © O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - System Restore Service.) -- C:\Windows\system32\srsvc.dll [171008] © O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\system32\tapisrv.dll [249856] © O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\system32\shsvcs.dll [135168] © O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\Windows\system32\w32time.dll [175104] © O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Wireless Zero Configuration Service.) -- C:\Windows\system32\wzcsvc.dll [483840] © O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\Windows\system32\advapi32.dll [617472] © O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\system32\qmgr.dll [409088] © O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\system32\shsvcs.dll [135168] © O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\Windows\PCHEALTH\HELPCTR\Binaries\pchsvc.dll [38400] © O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Task Scheduler Engine.) -- C:\Windows\system32\schedsvc.dll [192512] © O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\Windows\system32\wuauserv.dll [25944] {6105EFF5000000000004} © O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\wmisvc.dll [144896] © O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\Windows\system32\mspmsnsv.dll [27136] © ---\\ Services not Microsoft (SR=Run, SS=Stop) (15) - 20s SS - Demand [09/12/2015] [ 269504] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated® SR - Auto [17/10/2014] [ 160768] BIOSGammaOS.exe (BIOSGammaOS.exe) . (...) - C:\Documents and Settings\Administrator\Local Settings\Application Data\BIOSGammaOS\BIOSGammaOS.exe SS - Auto [18/02/2009] [ 104976] DCScheduler (DCScheduler) . (...) - C:\Program Files\FarStone\DriveClone\Client\CBP\DCSchdlerSRVC.exe {0CBC293F8E24848F085261525258CAEF} SR - Auto [05/02/2010] [ 86016] File Backup Agent (FBAgent) . (.Farstone Technology Inc..) - C:\Program Files\FarStone\DriveClone\Client\Efb\FBPAgent.exe SR - Auto [01/02/2011] [ 81920] Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files\Firebird\bin\fbguard.exe © SR - Demand [01/02/2011] [ 2764800] Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files\Firebird\bin\fbserver.exe © SS - Auto [02/12/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc® SS - Demand [02/12/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc® SS - Auto [05/10/2015] [ 1135416] (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation® SS - Demand [30/10/2015] [ 147624] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation® SR - Auto [25/10/2011] [ 5043712] Serveur NexusDB - XL Soft (NXDBServerXLSoft) . (...) - C:\Program Files\XL Soft\XL Pos 9\Serveur\NxServer.exe SR - Auto [30/11/2015] [ 6887696] TeamViewer 11 (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe =>.TeamViewer® SR - Auto [18/02/2009] [ 77824] DCNTranProc (Tran_Process_Proc) . (...) - C:\Program Files\FarStone\DriveClone\Client\DCNTranProc.exe SR - Auto [01/12/2011] [ 1567232] Serveur HTTP XLPos (XLPosHTTPService) . (...) - C:\Program Files\XL Soft\XL Pos 9\Serveur\XLPosServer.exe ---\\ Additional Scan (O88) (1) - 0s ~ No malicious or unnecessary items found. ---\\ Summary of the elements found (1) - 0s ~ No malicious or unnecessary items found. ~ End of the scan, 24417 items in 117 seconds (550)(0)