~ Report of ZHPDiag v2014.4.11.17 - Nicolas Coolman (11/04/2014) ~ Launched by ___ ___ (11/04/2014 14:50:39) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Not Found ---\\ Internet browsers MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 28.0 (Defaut) ---\\ Windows product information ~ Langage: Anglais Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ System protection software Malwarebytes Anti-Malware version 1.75.0.1300 ESET Online Scanner v3 ---\\ System optimization software CCleaner v4.09 =>.Piriform Ltd ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 11 Plugin Java 7 Update 51 ---\\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1014 MB (23% free) System Restore: Activé (Enable) System drive C: has 20 GB (30%) free of 66 GB ---\\ Connection to the system mode ~ Computer Name: MY-PC ~ User Name: ___ ___ ~ All Users Names: test, SUPPORT_388945a0, IWAM____-PC, IUSR____-PC, HelpAssistant, ___ ___, gss, ASPNET, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\___ ___\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\___ ___\Application Data\ ~ %Desktop% : C:\Documents and Settings\___ ___\Bureau\ ~ %Favorites% : C:\Documents and Settings\___ ___\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\___ ___\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\___ ___\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 20 Go of 66 Go) D: Hard drive, Flash drive, Thumb drive (Free 76 Go of 100 Go) E: Hard drive, Flash drive, Thumb drive (Free 97 Go of 100 Go) F: Hard drive, Flash drive, Thumb drive (Free 188 Go of 200 Go) H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 20 Go) I: Hard drive, Flash drive, Thumb drive (Free 5 Go of 20 Go) J: Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go) K: Hard drive, Flash drive, Thumb drive (Free 5 Go of 16 Go) L: CD-ROM drive (Free 0 Go of 1 Go) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 44 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 18:58:52.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.7618D5218F2A614672EC61A80D854A37] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.16/10/2008 - 15:43:01.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.F3AEFB11ABC521122B67095044169E98] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/02/2010 - 14:11:07.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455680] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/26 ~ Mes musiques (My Musics) : 1/2 ~ Mes Favoris (My Favorites) : 1/212 ~ Mes Documents (My Documents) : 1/693 ~ Mon Bureau (My Desktop) : 0/98913 ~ Menu demarrer (Programs) : 1/80 ~ Hidden Files: Scanned in 01mn 22s ---\\ Process running [MD5.70149A8B2A9B171D07C20D5595282550] - (.Apache Software Foundation - Apache HTTP Server.) -- d:\AppServ\Apache2.2\bin\httpd.exe [20539] [PID.1504] [MD5.4CB575D97653FA91FFB02DA3105EB084] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752] [PID.1548] [MD5.3FE5A84FAC62753A20F539BE3E7BFC56] - (.Microsoft Corporation - Services Internet (IIS).) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.1604] [MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1628] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1696] [MD5.C32E6295D7D024B2302EFF1A7FEFD720] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.1932] [MD5.FCE5499C5CD3364037D83C55B3C00DEA] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe [12493152] [PID.2484] [MD5.E89B5502726C2B2B54751644FF587B1E] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe [202592] [PID.2724] [MD5.263A715660C2624F75AE5D7365C04FF6] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [141848] [PID.2912] [MD5.4AA4DEB55D61BEB851D5A12089E990D3] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.2968] [MD5.30854A339582C70B522FB46B1AF62800] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.3012] [MD5.BCC4348A76435AC7A2AF6E824DCB02A8] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.3032] [MD5.255E405D801CF01247390F38F92D8042] - (...) -- D:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.3108] [MD5.DE9BA389EB53B8A499FF0C12E8C8ABB4] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672] [PID.3164] [MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3208] [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3868] [MD5.54C7A2002D6E88DA4F8125EC609C9329] - (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe [3298712] [PID.2372] [MD5.909053C7518E06DED23E90054F7E809C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8209920] [PID.2308] ~ Processes Running: Scanned in 00mn 05s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) (No version) -- (.not file.) ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Internet Explorer toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Program [AllUsers]: Cisco ConfigMaker v2.6.lnk . (.Cisco Systems, Inc. - Cisco ConfigMaker.) -- D:\Program\cmaker.exe O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [AllUsers]: RegExr.lnk . (...) -- D:\Program Files\RegExr\RegExr.exe O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Program [test]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [test]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [___ ___]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [___ ___]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [gss]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [gss]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation ~ Global Startup: 26 Legitimates Filtered in 00mn 04s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [OSSelectorReinstall] . (...) -- C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- D:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- d:\Program Files\USB Disk Security\USBGuard.exe O4 - HKLM\..\Run: [NiwradSoft Welcome] . (.NiwradSoft - Seven Remix XP Welcome Center.) -- C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- D:\Program Files\QuickTime\qttask.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-448539723-746137067-1801674531-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-448539723-746137067-1801674531-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{F42A24A7-087E-4814-B517-FCAD1D275275}: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{F42A24A7-087E-4814-B517-FCAD1D275275}: NameServer = 8.8.8.8 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: XAMPP Service (XAMPP) . (...) - J:\xampp\service.exe (.not file.) ~ Services: 8 Legitimates Filtered in 00mn 02s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Compil' de Ti Version 1.0 - (...) [HKLM] -- Compil' de Ti Version 1.0 O42 - Logiciel: Falco CheckersII 1.0 - (.Falco Software, Inc..) [HKLM] -- Falco CheckersII_is1 O42 - Logiciel: MZ-Tools 3.0 pour VBA - (.MZTools Software.) [HKLM] -- {2B69AD59-FA30-47fc-B950-FA27E7D16A73}_is1 O42 - Logiciel: OstroSoft Winsock Component - (...) [HKLM] -- ST6UNST #1 O42 - Logiciel: RegExr - (.gskinner.com, inc..) [HKLM] -- RegExr.8CE3EE8FC37F7781C562DFF80977CFBA322DD1EF.1 O42 - Logiciel: RegExr - (.gskinner.com, inc..) [HKLM] -- {EA1B6EBB-B623-22ED-B5EB-7D574DCAD521} O42 - Logiciel: Smart Indenter v3.5 for Office 2000-2003 - (...) [HKLM] -- Smart Indenter v3.5 for Office 2000-2003 ~ Logic: 26 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\DeepDefragoVista] [HKCU\Software\DemoRACLang] [HKCU\Software\Dual2011] ~ Key Software: 268 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 04/04/2014 - 15:51:06 - [13,968] ----D C:\Program Files\Falco CheckersII O43 - CFD: 31/12/2011 - 23:21:32 - [0,050] ----D C:\Program Files\merg O43 - CFD: 25/04/2013 - 19:59:55 - [2,441] ----D C:\Program Files\MZTools3VBA O43 - CFD: 10/04/2013 - 22:41:12 - [0,171] ----D C:\Program Files\OSWINSCK O43 - CFD: 12/09/2012 - 23:47:49 - [0,316] ----D C:\Program Files\Test O43 - CFD: 02/03/2011 - 19:23:06 - [0,002] ----D C:\Documents and Settings\___ ___\Application Data\TotalValidatorTool O43 - CFD: 03/07/2013 - 20:37:47 - [0] ----D C:\Documents and Settings\___ ___\Menu Démarrer\Programmes\Compil de Ti Version 1.0 ~ Program Folder: 158 Legitimates Filtered in 00mn 24s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.3B28D6BA281E5DAF1692CF4BF7C40665] - 08/04/2014 - 08:40:59 ---A- . (...) -- C:\WINDOWS\Q-Dir.ini [4000] O44 - LFC:[MD5.5F41CE41393E74C71642C18BEE8B8B71] - 08/04/2014 - 23:35:55 ---A- . (...) -- C:\WINDOWS\DHCPUPG.LOG [534] O44 - LFC:[MD5.57CC17DD57881EBD4BC4EEAF50321D0E] - 08/04/2014 - 23:36:51 ---A- . (...) -- C:\WINDOWS\wsdu.log [1445] O44 - LFC:[MD5.A27C5A2886CFB8D54EA464E594594D57] - 08/04/2014 - 23:36:55 ---A- . (...) -- C:\WINDOWS\UPGRADE.TXT [1645] O44 - LFC:[MD5.095A040775E3907F364065E492092D24] - 08/04/2014 - 23:37:08 ---A- . (...) -- C:\WINDOWS\WINNT32.LOG [3251] O44 - LFC:[MD5.40C50A5527EC7465502A9EEA9B5555B5] - 09/04/2014 - 07:58:21 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355] O44 - LFC:[MD5.CED93F96AFCD008BBD45BFED58C90672] - 09/04/2014 - 07:58:52 ---A- . (...) -- C:\WINDOWS\msgsocm.log [2163] O44 - LFC:[MD5.FFE0898BCF0D2FC6C941D1AF7018C14B] - 09/04/2014 - 07:58:52 ---A- . (...) -- C:\WINDOWS\tabletoc.log [2177] O44 - LFC:[MD5.0803C0665927134E41247C7FCB3D3565] - 09/04/2014 - 23:25:15 ---A- . (...) -- C:\DelFix.txt [2484] O44 - LFC:[MD5.86C472C40C360C9B6B9778F608BF5E28] - 11/04/2014 - 14:45:28 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.FE2B155004A26960359137FFDE3AECF5] - 11/04/2014 - 14:45:29 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] O44 - LFC:[MD5.A5824B758A4B123A974E4D1474D6ADDE] - 28/03/2014 - 01:40:43 ---A- . (...) -- C:\WINDOWS\system.ini [227] ~ Files: 31 Legitimates Filtered in 00mn 40s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 ~ MWPS: 9 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 15/08/2004 - 03:56:20 R--A- . (.No owner - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810] O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [10296] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.EB5A63ADBF35314465CFBC33558CDAF7] - 08/02/2012 - 02:13:32 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [104456] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 9 Legitimates Filtered in 00mn 02s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (CKF) (O82) I:\Arabswell\FTP\WS_FTP 2006 pro\Keygen.rar =>.Crack,Keygen K:\Download\Snagit 8.1.1\keygen\keygen.exe =>.Crack,Keygen K:\Download\Snagit 8.1.1\keygen.rar =>.Crack,Keygen K:\Download\Webmasters\Tools\KyoSoft Link Checker pro 311\KyoSoft.Link.Checker.Pro.v3.3.11.WinAll.Cracked-EiTheL\Crack\linkcheckerpro.exe =>.Crack,Keygen K:\Download\Webmasters\Tools\Picaloader V1.5 keyGen TSZ.rar =>.Crack,Keygen K:\Download\WinZip 11\WinZIP.KeyGen.rar =>.Crack,Keygen K:\Logiciels\Dépannage\TuneUp Utilities 2008 Fr\tuneup utilities 2008 7.0.8007.0 keygen by marnwl.rar =>.Crack,Keygen K:\Logiciels\Programmation\Delphi7Ent\2 - Crack & Keygen.rar =>.Crack,Keygen ~ Files: Scanned in 20mn 16s ---\\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.5E7EA8E0B6E42EB85748B0E1F659D19B] [WIS][20/02/2011] (.gskinner.com, inc. - RegExr.) -- C:\Windows\Installer\c8fd9.msi [21504] ~ WIS: 62 Legitimates Filtered in 00mn 04s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 02/03/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 22/10/2008 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - J:\st2\DreamweaverPortable\App\FLEXnetPublisher\FNPLicensingService.exe SS - | Auto 05/01/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 05/01/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Auto 10/07/1658 0 | (XAMPP) . (...) - J:\xampp\service.exe SR - | Auto 09/01/2007 20539 | (Apache2.2) . (.Apache Software Foundation.) - d:\AppServ\Apache2.2\bin\httpd.exe SR - | Auto 12/09/2013 1337752 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe SR - | Auto 09/04/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 05/02/2014 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe ~ Services: Scanned in 00mn 08s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by ___ ___ at 11/04/2014 15:14:16 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13044 - (11/04/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 188969 Items scanned in 00mn 23s ~ 926 Legitimates filtered by white list End of the scan (452 lines in 24mn 01s)(8)