cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.4.11.17 - Nicolas Coolman (11/04/2014)
~ Launched by ___ ___ (11/04/2014 14:50:39)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 28.0 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
ESET Online Scanner v3

---\\ System optimization software
CCleaner v4.09 =>.Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Java 7 Update 51

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (23% free)
System Restore: Activé (Enable)
System drive C: has 20 GB (30%) free of 66 GB

---\\ Connection to the system mode
~ Computer Name: MY-PC
~ User Name: ___ ___
~ All Users Names: test, SUPPORT_388945a0, IWAM____-PC, IUSR____-PC, HelpAssistant, ___ ___, gss, ASPNET, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\___ ___\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\___ ___\Application Data\
~ %Desktop% : C:\Documents and Settings\___ ___\Bureau\
~ %Favorites% : C:\Documents and Settings\___ ___\Favoris\
~ %LocalAppData% : C:\Documents and Settings\___ ___\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\___ ___\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 20 Go of 66 Go)
D: Hard drive, Flash drive, Thumb drive (Free 76 Go of 100 Go)
E: Hard drive, Flash drive, Thumb drive (Free 97 Go of 100 Go)
F: Hard drive, Flash drive, Thumb drive (Free 188 Go of 200 Go)
H: Hard drive, Flash drive, Thumb drive (Free 0 Go of 20 Go)
I: Hard drive, Flash drive, Thumb drive (Free 5 Go of 20 Go)
J: Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
K: Hard drive, Flash drive, Thumb drive (Free 5 Go of 16 Go)
L: CD-ROM drive (Free 0 Go of 1 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 18:58:52.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.7618D5218F2A614672EC61A80D854A37] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.16/10/2008 - 15:43:01.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.F3AEFB11ABC521122B67095044169E98] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/02/2010 - 14:11:07.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455680]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/26
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/212
~ Mes Documents (My Documents) : 1/693
~ Mon Bureau (My Desktop) : 0/98913
~ Menu demarrer (Programs) : 1/80
~ Hidden Files: Scanned in 01mn 22s



---\\ Process running
[MD5.70149A8B2A9B171D07C20D5595282550] - (.Apache Software Foundation - Apache HTTP Server.) -- d:\AppServ\Apache2.2\bin\httpd.exe [20539] [PID.1504]
[MD5.4CB575D97653FA91FFB02DA3105EB084] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752] [PID.1548]
[MD5.3FE5A84FAC62753A20F539BE3E7BFC56] - (.Microsoft Corporation - Services Internet (IIS).) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.1604]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1628]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1696]
[MD5.C32E6295D7D024B2302EFF1A7FEFD720] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.1932]
[MD5.FCE5499C5CD3364037D83C55B3C00DEA] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe [12493152] [PID.2484]
[MD5.E89B5502726C2B2B54751644FF587B1E] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe [202592] [PID.2724]
[MD5.263A715660C2624F75AE5D7365C04FF6] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [141848] [PID.2912]
[MD5.4AA4DEB55D61BEB851D5A12089E990D3] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.2968]
[MD5.30854A339582C70B522FB46B1AF62800] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.3012]
[MD5.BCC4348A76435AC7A2AF6E824DCB02A8] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.3032]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- D:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.3108]
[MD5.DE9BA389EB53B8A499FF0C12E8C8ABB4] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672] [PID.3164]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3208]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3868]
[MD5.54C7A2002D6E88DA4F8125EC609C9329] - (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe [3298712] [PID.2372]
[MD5.909053C7518E06DED23E90054F7E809C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8209920] [PID.2308]
~ Processes Running: Scanned in 00mn 05s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Cisco ConfigMaker v2.6.lnk . (.Cisco Systems, Inc. - Cisco ConfigMaker.) -- D:\Program\cmaker.exe
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: RegExr.lnk . (...) -- D:\Program Files\RegExr\RegExr.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [test]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [test]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [___ ___]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [___ ___]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [gss]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [gss]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 26 Legitimates Filtered in 00mn 04s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] . (...) -- C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- D:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- d:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [NiwradSoft Welcome] . (.NiwradSoft - Seven Remix XP Welcome Center.) -- C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- D:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-448539723-746137067-1801674531-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-448539723-746137067-1801674531-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- D:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F42A24A7-087E-4814-B517-FCAD1D275275}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{F42A24A7-087E-4814-B517-FCAD1D275275}: NameServer = 8.8.8.8
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: XAMPP Service (XAMPP) . (...) - J:\xampp\service.exe (.not file.)
~ Services: 8 Legitimates Filtered in 00mn 02s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Compil' de Ti Version 1.0 - (...) [HKLM] -- Compil' de Ti Version 1.0
O42 - Logiciel: Falco CheckersII 1.0 - (.Falco Software, Inc..) [HKLM] -- Falco CheckersII_is1
O42 - Logiciel: MZ-Tools 3.0 pour VBA - (.MZTools Software.) [HKLM] -- {2B69AD59-FA30-47fc-B950-FA27E7D16A73}_is1
O42 - Logiciel: OstroSoft Winsock Component - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: RegExr - (.gskinner.com, inc..) [HKLM] -- RegExr.8CE3EE8FC37F7781C562DFF80977CFBA322DD1EF.1
O42 - Logiciel: RegExr - (.gskinner.com, inc..) [HKLM] -- {EA1B6EBB-B623-22ED-B5EB-7D574DCAD521}
O42 - Logiciel: Smart Indenter v3.5 for Office 2000-2003 - (...) [HKLM] -- Smart Indenter v3.5 for Office 2000-2003
~ Logic: 26 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\DeepDefragoVista]
[HKCU\Software\DemoRACLang]
[HKCU\Software\Dual2011]
~ Key Software: 268 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 04/04/2014 - 15:51:06 - [13,968] ----D C:\Program Files\Falco CheckersII
O43 - CFD: 31/12/2011 - 23:21:32 - [0,050] ----D C:\Program Files\merg
O43 - CFD: 25/04/2013 - 19:59:55 - [2,441] ----D C:\Program Files\MZTools3VBA
O43 - CFD: 10/04/2013 - 22:41:12 - [0,171] ----D C:\Program Files\OSWINSCK
O43 - CFD: 12/09/2012 - 23:47:49 - [0,316] ----D C:\Program Files\Test
O43 - CFD: 02/03/2011 - 19:23:06 - [0,002] ----D C:\Documents and Settings\___ ___\Application Data\TotalValidatorTool
O43 - CFD: 03/07/2013 - 20:37:47 - [0] ----D C:\Documents and Settings\___ ___\Menu Démarrer\Programmes\Compil de Ti Version 1.0
~ Program Folder: 158 Legitimates Filtered in 00mn 24s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.3B28D6BA281E5DAF1692CF4BF7C40665] - 08/04/2014 - 08:40:59 ---A- . (...) -- C:\WINDOWS\Q-Dir.ini [4000]
O44 - LFC:[MD5.5F41CE41393E74C71642C18BEE8B8B71] - 08/04/2014 - 23:35:55 ---A- . (...) -- C:\WINDOWS\DHCPUPG.LOG [534]
O44 - LFC:[MD5.57CC17DD57881EBD4BC4EEAF50321D0E] - 08/04/2014 - 23:36:51 ---A- . (...) -- C:\WINDOWS\wsdu.log [1445]
O44 - LFC:[MD5.A27C5A2886CFB8D54EA464E594594D57] - 08/04/2014 - 23:36:55 ---A- . (...) -- C:\WINDOWS\UPGRADE.TXT [1645]
O44 - LFC:[MD5.095A040775E3907F364065E492092D24] - 08/04/2014 - 23:37:08 ---A- . (...) -- C:\WINDOWS\WINNT32.LOG [3251]
O44 - LFC:[MD5.40C50A5527EC7465502A9EEA9B5555B5] - 09/04/2014 - 07:58:21 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.CED93F96AFCD008BBD45BFED58C90672] - 09/04/2014 - 07:58:52 ---A- . (...) -- C:\WINDOWS\msgsocm.log [2163]
O44 - LFC:[MD5.FFE0898BCF0D2FC6C941D1AF7018C14B] - 09/04/2014 - 07:58:52 ---A- . (...) -- C:\WINDOWS\tabletoc.log [2177]
O44 - LFC:[MD5.0803C0665927134E41247C7FCB3D3565] - 09/04/2014 - 23:25:15 ---A- . (...) -- C:\DelFix.txt [2484]
O44 - LFC:[MD5.86C472C40C360C9B6B9778F608BF5E28] - 11/04/2014 - 14:45:28 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.FE2B155004A26960359137FFDE3AECF5] - 11/04/2014 - 14:45:29 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.A5824B758A4B123A974E4D1474D6ADDE] - 28/03/2014 - 01:40:43 ---A- . (...) -- C:\WINDOWS\system.ini [227]
~ Files: 31 Legitimates Filtered in 00mn 40s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 9 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 15/08/2004 - 03:56:20 R--A- . (.No owner - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [10296]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.EB5A63ADBF35314465CFBC33558CDAF7] - 08/02/2012 - 02:13:32 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [104456]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 9 Legitimates Filtered in 00mn 02s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
I:\Arabswell\FTP\WS_FTP 2006 pro\Keygen.rar =>.Crack,Keygen
K:\Download\Snagit 8.1.1\keygen\keygen.exe =>.Crack,Keygen
K:\Download\Snagit 8.1.1\keygen.rar =>.Crack,Keygen
K:\Download\Webmasters\Tools\KyoSoft Link Checker pro 311\KyoSoft.Link.Checker.Pro.v3.3.11.WinAll.Cracked-EiTheL\Crack\linkcheckerpro.exe =>.Crack,Keygen
K:\Download\Webmasters\Tools\Picaloader V1.5 keyGen TSZ.rar =>.Crack,Keygen
K:\Download\WinZip 11\WinZIP.KeyGen.rar =>.Crack,Keygen
K:\Logiciels\Dépannage\TuneUp Utilities 2008 Fr\tuneup utilities 2008 7.0.8007.0 keygen by marnwl.rar =>.Crack,Keygen
K:\Logiciels\Programmation\Delphi7Ent\2 - Crack & Keygen.rar =>.Crack,Keygen
~ Files: Scanned in 20mn 16s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.5E7EA8E0B6E42EB85748B0E1F659D19B] [WIS][20/02/2011] (.gskinner.com, inc. - RegExr.) -- C:\Windows\Installer\c8fd9.msi [21504]
~ WIS: 62 Legitimates Filtered in 00mn 04s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 02/03/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 22/10/2008 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - J:\st2\DreamweaverPortable\App\FLEXnetPublisher\FNPLicensingService.exe
SS - | Auto 05/01/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/01/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (XAMPP) . (...) - J:\xampp\service.exe

SR - | Auto 09/01/2007 20539 | (Apache2.2) . (.Apache Software Foundation.) - d:\AppServ\Apache2.2\bin\httpd.exe
SR - | Auto 12/09/2013 1337752 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
SR - | Auto 09/04/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 05/02/2014 4915040 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

~ Services: Scanned in 00mn 08s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ___ ___ at 11/04/2014 15:14:16

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (11/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 188969 Items scanned in 00mn 23s



~ 926 Legitimates filtered by white list
End of the scan (452 lines in 24mn 01s)(8)

Publicité


Signaler le contenu de ce document

Publicité