Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Lancé par Gilles (21/01/2014 00:12:35)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 51
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3068 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 359 GB (78%) free of 456 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-GILLES
~ User Name: Gilles
~ All Users Names: Gilles, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gilles\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gilles\AppData\Roaming\
~ %Desktop% : C:\Users\Gilles\Desktop\
~ %Favorites% : C:\Users\Gilles\Favorites\
~ %LocalAppData% : C:\Users\Gilles\AppData\Local\
~ %StartMenu% : C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 359 Go of 456 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 9 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 23:27:38.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.8777B44511D8BCCF47B5A7CBDC02DE11] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/04/2009 - 23:28:26.) -- C:\WINDOWS\System32\wininet.dll [828416]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 23:28:14.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.A201207363AA900ABF1A388468688570] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.10/04/2009 - 21:47:04.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273920]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 23:32:28.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.218D8AE46C88E82014F5D73D0236D9B2] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/04/2009 - 21:14:14.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.317EB668973951BAD512EE8BEBF9ED25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/04/2009 - 21:14:30.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [105984]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/04/2009 - 23:32:50.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.10/04/2009 - 23:32:56.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/12
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/240
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3696]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2360]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.3420]
[MD5.A9D8D4DF0EF4199A701137E0B5E9921A] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe [1863048] [PID.2288]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2932]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.2732]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1696]
[MD5.029DF21EB9FC3FF0D628278774C99DC0] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.5.) -- C:\Windows\system32\nvvsvc.exe [118784] [PID.896]
[MD5.EC9C5F6C0F58446545D839BC11A3692B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273] [PID.1172]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1400]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1488]
[MD5.6D0AC28C5BD8D8495F83F5929A45E559] - (.Hewlett-Packard Corporation - HpService.) -- C:\Windows\system32\Hpservice.exe [19456] [PID.1504]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1732]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376] [PID.1868]
[MD5.3B1B2EE9DF189F6BBB080BF393D1B2EE] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824] [PID.448]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376] [PID.544]
[MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.532] =>Toolbar.Ask
[MD5.984ECB68ED2A2B2E6A544E87E24FBA2D] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.780]
[MD5.431723F23D0E065BEF502389E8FFDC10] - (.Pas de propriétaire - STServices.) -- C:\Windows\SMINST\BLService.exe [361808] [PID.2076]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.3016]
[MD5.D13E6BFD7E9189D26A42E94CB2447044] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.2972]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.876]
~ Processes Running: Scanned in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (...) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll (.not file.) =>Adware.MetaStream
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Gilles]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Gilles]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Gilles]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Gilles]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Gilles]: Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
O4 - GS\Desktop [Gilles]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Gilles]: SIW.lnk . (.Topala Software Solutions - System Information.) -- C:\Program Files\SIW 2013 Home Edition\siw.exe
~ Global Startup: 39 Legitimates Filtered in 00mn 03s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll (.not file.)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -- C:\Program Files\MICROS~3\Office12\REFBARH.ICO (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{45296B27-3974-4490-9B41-2C438F26F5D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{45296B27-3974-4490-9B41-2C438F26F5D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{45296B27-3974-4490-9B41-2C438F26F5D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Audio Service (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
~ Services: 12 Legitimates Filtered in 00mn 09s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\Wallpaper\img24.jpg
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\Wallpaper\img24.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\MetaStream] =>Adware.MetaStream
~ Key Software: 164 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/01/2014 - 18:35:16 - [12,010] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 14/01/2014 - 23:00:37 - [0] ----D C:\ProgramData\APN
O43 - CFD: 20/01/2014 - 18:35:16 - [3,679] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 20/01/2014 - 18:42:19 - [0] ----D C:\Users\Gilles\AppData\Local\AskPartnerNetwork
O43 - CFD: 20/01/2014 - 17:45:05 - [3,669] ----D C:\Users\Gilles\AppData\Local\Temp(195)
O43 - CFD: 18/01/2014 - 13:43:06 - [1,661] ----D C:\Users\Gilles\AppData\Local\Temp(42)
~ 3 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 142 Legitimates Filtered in 00mn 58s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D6A819E6D0766B5BEE51CE3E44B8A79E] - 14/01/2014 - 15:30:24 ---A- . (...) -- C:\WINDOWS\TSSysprep.log [5949]
O44 - LFC:[MD5.6CA67D1D9DC8F1DF7EF3354D8E621173] - 14/01/2014 - 15:34:45 ---A- . (...) -- C:\WINDOWS\System32\oem4.inf [870480]
O44 - LFC:[MD5.D56339D3036EA0D4E04926EAC99303FC] - 14/01/2014 - 15:35:11 ---A- . (...) -- C:\WINDOWS\bcmwl.log [11226]
O44 - LFC:[MD5.947D63FFF37ABF36949859CAD6A67A8F] - 14/01/2014 - 15:41:08 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [8874]
O44 - LFC:[MD5.165B52C12CE4F710C584848981692959] - 14/01/2014 - 15:42:03 ---A- . (...) -- C:\WINDOWS\xUninstall.bat [125]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 14/01/2014 - 15:43:11 ---A- . (...) -- C:\WINDOWS\System32\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 14/01/2014 - 15:43:11 ---A- . (...) -- C:\WINDOWS\System32\bltinmic.ico [3774]
O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 14/01/2014 - 15:43:11 ---A- . (...) -- C:\WINDOWS\System32\nbspkrs.ico [15222]
O44 - LFC:[MD5.2449E01AA5EFCA4A6862B6D8B040A97C] - 14/01/2014 - 15:50:42 ---A- . (...) -- C:\WINDOWS\WMPrfFRA.prx [37916]
O44 - LFC:[MD5.105599ABA19E3ED318EC27041F8F05DE] - 14/01/2014 - 15:51:49 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [5506]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/01/2014 - 16:15:39 RSHA- . (...) -- C:\WINDOWS\System32\Drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCND8422WH3_E464632-052_4A_I30F4_SCompal_V99.67_F.12_T080828_WV3-1_L40C_M3069_J500_7Intel_86FD_92.00_#140114_N10EC8168;14E44315_(FP905EA#ABF)_XMOBILE_CN10_Z_2F.12.MRK [0]
O44 - LFC:[MD5.5978AF295893C271C47F3485419BF4D4] - 14/01/2014 - 16:18:19 --HA- . (...) -- C:\IPH.PH [373]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 14/01/2014 - 17:49:02 ---A- . (...) -- C:\WINDOWS\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 14/01/2014 - 17:49:02 ---A- . (...) -- C:\WINDOWS\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 14/01/2014 - 17:49:02 ---A- . (...) -- C:\WINDOWS\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.53BB1043A4212E49EEB1099E82474C06] - 14/01/2014 - 17:51:33 ---A- . (...) -- C:\WINDOWS\msxml4-KB973688-enu.LOG [290312]
O44 - LFC:[MD5.F37B6B0C63D3F2F73208E6089E58200D] - 14/01/2014 - 17:52:09 ---A- . (...) -- C:\WINDOWS\msxml4-KB954430-enu.LOG [283634]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 14/01/2014 - 17:59:48 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\WINDOWS\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 14/01/2014 - 18:49:23 ---A- . (...) -- C:\WINDOWS\System32\systemsf.ebd [130008]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 14/01/2014 - 18:49:26 ---A- . (...) -- C:\WINDOWS\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 14/01/2014 - 18:49:26 ---A- . (...) -- C:\WINDOWS\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 14/01/2014 - 18:49:29 ---A- . (...) -- C:\WINDOWS\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 14/01/2014 - 18:49:29 ---A- . (...) -- C:\WINDOWS\System32\StructuredQuerySchemaTrivial.bin [18904]
O44 - LFC:[MD5.7E49D1BB03C257BE165851F11C0B9320] - 14/01/2014 - 18:49:34 ---A- . (...) -- C:\WINDOWS\System32\wlan.tmf [2499629]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 14/01/2014 - 18:49:41 ---A- . (...) -- C:\WINDOWS\System32\WFP.TMF [208966]
O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 14/01/2014 - 18:49:45 ---A- . (...) -- C:\WINDOWS\System32\korwbrkr.lex [11967524]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 14/01/2014 - 18:49:54 ---A- . (...) -- C:\WINDOWS\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 14/01/2014 - 18:50:12 ---A- . (...) -- C:\WINDOWS\System32\dot3.tmf [442788]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 14/01/2014 - 18:50:13 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\WINDOWS\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 14/01/2014 - 18:50:16 ---A- . (...) -- C:\WINDOWS\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 14/01/2014 - 18:50:24 ---A- . (...) -- C:\WINDOWS\System32\RacUR.xml [9212]
O44 - LFC:[MD5.4C58B5E71FEEFD18BB7F537343C7219A] - 14/01/2014 - 18:50:24 ---A- . (...) -- C:\WINDOWS\System32\RacUREx.xml [153]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 14/01/2014 - 18:50:26 ---A- . (...) -- C:\WINDOWS\System32\onex.tmf [392170]
O44 - LFC:[MD5.08FD8FE820DE7C78AE640D583BC2C78D] - 14/01/2014 - 20:44:33 ---A- . (...) -- C:\WINDOWS\SynInst.log [561]
O44 - LFC:[MD5.C4DB51062A395115CDBBB46A0E656134] - 14/01/2014 - 21:38:15 ---A- . (...) -- C:\WINDOWS\HPQLB.LOG [2118]
O44 - LFC:[MD5.D3B166815B3DADA7060EBEC7B9FF6EF6] - 16/01/2014 - 10:10:34 ---A- . (...) -- C:\WINDOWS\IE9_main.log [4287]
O44 - LFC:[MD5.027A9C8C639C182C9526935579198125] - 19/01/2014 - 20:28:05 ---A- . (...) -- C:\WINDOWS\certutil.log [925]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 19/01/2014 - 21:27:16 ---A- . (...) -- C:\WINDOWS\System32\DOErrors.log [52]
O44 - LFC:[MD5.4A6C4591C33C545BA73B92873A3D110E] - 20/01/2014 - 18:57:18 ---A- . (...) -- C:\WINDOWS\hpoins30.dat [187698]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/01/2014 - 19:13:14 ---A- . (...) -- C:\END [0]
~ Files: 813 Legitimates Filtered in 03mn 31s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{91943e8c-7d2b-11e3-b0d8-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\QPService [Key] . (...) -- C:\Program Files\HP\QuickPlay\QPService.exe (.not file.)
~ SMSR Keys: 20 Legitimates Filtered in 00mn 01s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.4CD6B056C5FD9E97C06FE74C81479517] - 24/01/2008 - 14:23:12 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome.) -- C:\WINDOWS\System32\Drivers\enecir.sys [52736]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 13/12/2013 - 15:03:37 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.21CC262AB5F42F7A6B91DC7304C2F267] - 27/06/2008 - 16:44:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\WINDOWS\System32\Drivers\stwrt.sys [380928]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\WINDOWS\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\WINDOWS\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\WINDOWS\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\WINDOWS\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\WINDOWS\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\WINDOWS\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\WINDOWS\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\WINDOWS\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\WINDOWS\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\WINDOWS\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\WINDOWS\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\WINDOWS\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\WINDOWS\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\WINDOWS\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {230C22EE-865B-4F83-92C2-08CF69DA6578} [DefaultScope] - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {B3D1C463-0C12-4F24-BCB2-7943255E8DC0} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.05D5B9351D0EDE9AC2DD868C3E25CB28] [SPRF][20/01/2014] (...) -- C:\ProgramData\nvModes.dat [49326]
[MD5.D593C3D10B78BC928A1FCD17CE47969D] [SPRF][14/01/2014] (.AOL - Pas de description.) -- C:\Users\Gilles\AppData\Local\Temp\A~NSISu_.exe [94038]
[MD5.E1EDABA8ECD8CEA6DA219C00F38691A8] [SPRF][14/01/2014] (...) -- C:\Users\Gilles\AppData\Local\Temp\isDel.bat [169]
[MD5.4E41301AB03814EABE37FCF194B728A6] [SPRF][13/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Gilles\AppData\Local\Temp\Offercast_AVIRAV7_.exe [1326512]
[MD5.7C7E8D982119475648C7536388D09C4E] [SPRF][13/01/2014] (...) -- C:\Users\Gilles\Desktop\Calcul Resistance.exe [2049536]
[MD5.006C83751B9F17934B58085D0B7BDA2C] [SPRF][24/01/2007] (.America Online, Inc. - AOL Media Playback Control.) -- C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll [841304]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][14/01/2014] (...) -- C:\WINDOWS\Downloaded Program Files\unagiuninst.exe [38428]
~ Files: 10 Legitimates Filtered in 00mn 03s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A902F76A-5468-4241-BD8F-8C938C5FF74F}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui01.exe (.not file.)
~ Firewall: 171 Legitimates Filtered in 00mn 03s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D214736534007A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 50 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.165E54B9DC251CD2EECC04B98323AD90] [WIS][20/01/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\189e73.msi [809472] =>Toolbar.Avira
[MD5.E5C1F8F8EB92D965D02EFB7E79387E56] [WIS][20/01/2014] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\189eb6.msi [121344]
~ WIS: 63 Legitimates Filtered in 00mn 23s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 10/07/1658 0 | (Com4QLBEx) . (...) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 24/07/2007 181800 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SS - | Demand 08/01/2008 148832 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 10/07/1658 0 | (MozillaMaintenance) . (...) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 25/06/2008 292216 | (QPCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
SS - | Auto 25/06/2008 116080 | (QPSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
SR - | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
SR - | Auto 13/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 20/12/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 15/04/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) - C:\WINDOWS\System32\Hpservice.exe
SR - | Auto 26/02/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 14/05/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\System32\nvvsvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 26/04/2008 361808 | (Recovery Service for Windows) . (...) - C:\Windows\SMINST\BLService.exe
SR - | Auto 27/06/2008 221273 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 28s
---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 2
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\MetaStream] =>Adware.MetaStream
[HKLM\Software\Viewpoint] =>Adware.MetaStream
[HKLM\Software\MozillaPlugins\@viewpoint.com/VMP] =>Adware.MetaStream
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
C:\Program Files\Viewpoint =>Adware.MetaStream
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\Viewpoint =>Adware.MetaStream
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\Gilles\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\Gilles\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Windows\Installer\189e73.msi =>Toolbar.Avira^
~ Additionnel Scan: 192562 Items scanned in 00mn 43s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27046242-adware-metastream =>Adware.MetaStream
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 3 link(s) detected in 00mn 44s
~ 1712 Legitimates filtered by white list
End of the scan (497 lines in 07mn 05s)(0)
~ Lancé par Gilles (21/01/2014 00:12:35)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 51
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3068 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 359 GB (78%) free of 456 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-GILLES
~ User Name: Gilles
~ All Users Names: Gilles, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gilles\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gilles\AppData\Roaming\
~ %Desktop% : C:\Users\Gilles\Desktop\
~ %Favorites% : C:\Users\Gilles\Favorites\
~ %LocalAppData% : C:\Users\Gilles\AppData\Local\
~ %StartMenu% : C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 359 Go of 456 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 9 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 23:27:38.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.8777B44511D8BCCF47B5A7CBDC02DE11] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/04/2009 - 23:28:26.) -- C:\WINDOWS\System32\wininet.dll [828416]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 23:28:14.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.A201207363AA900ABF1A388468688570] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.10/04/2009 - 21:47:04.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273920]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 23:32:28.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.218D8AE46C88E82014F5D73D0236D9B2] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/04/2009 - 21:14:14.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.317EB668973951BAD512EE8BEBF9ED25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/04/2009 - 21:14:30.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [105984]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/04/2009 - 23:32:50.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.10/04/2009 - 23:32:56.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/12
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/240
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3696]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2360]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.3420]
[MD5.A9D8D4DF0EF4199A701137E0B5E9921A] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe [1863048] [PID.2288]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2932]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.2732]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1696]
[MD5.029DF21EB9FC3FF0D628278774C99DC0] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.5.) -- C:\Windows\system32\nvvsvc.exe [118784] [PID.896]
[MD5.EC9C5F6C0F58446545D839BC11A3692B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273] [PID.1172]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1400]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1488]
[MD5.6D0AC28C5BD8D8495F83F5929A45E559] - (.Hewlett-Packard Corporation - HpService.) -- C:\Windows\system32\Hpservice.exe [19456] [PID.1504]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1732]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376] [PID.1868]
[MD5.3B1B2EE9DF189F6BBB080BF393D1B2EE] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824] [PID.448]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376] [PID.544]
[MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.532] =>Toolbar.Ask
[MD5.984ECB68ED2A2B2E6A544E87E24FBA2D] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.780]
[MD5.431723F23D0E065BEF502389E8FFDC10] - (.Pas de propriétaire - STServices.) -- C:\Windows\SMINST\BLService.exe [361808] [PID.2076]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.3016]
[MD5.D13E6BFD7E9189D26A42E94CB2447044] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.2972]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.876]
~ Processes Running: Scanned in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (...) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll (.not file.) =>Adware.MetaStream
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Gilles]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Gilles]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Gilles]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Gilles]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Gilles]: Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
O4 - GS\Desktop [Gilles]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Gilles]: SIW.lnk . (.Topala Software Solutions - System Information.) -- C:\Program Files\SIW 2013 Home Edition\siw.exe
~ Global Startup: 39 Legitimates Filtered in 00mn 03s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll (.not file.)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -- C:\Program Files\MICROS~3\Office12\REFBARH.ICO (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{45296B27-3974-4490-9B41-2C438F26F5D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{45296B27-3974-4490-9B41-2C438F26F5D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{45296B27-3974-4490-9B41-2C438F26F5D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Audio Service (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
~ Services: 12 Legitimates Filtered in 00mn 09s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\Wallpaper\img24.jpg
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\Wallpaper\img24.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\MetaStream] =>Adware.MetaStream
~ Key Software: 164 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/01/2014 - 18:35:16 - [12,010] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 14/01/2014 - 23:00:37 - [0] ----D C:\ProgramData\APN
O43 - CFD: 20/01/2014 - 18:35:16 - [3,679] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 20/01/2014 - 18:42:19 - [0] ----D C:\Users\Gilles\AppData\Local\AskPartnerNetwork
O43 - CFD: 20/01/2014 - 17:45:05 - [3,669] ----D C:\Users\Gilles\AppData\Local\Temp(195)
O43 - CFD: 18/01/2014 - 13:43:06 - [1,661] ----D C:\Users\Gilles\AppData\Local\Temp(42)
~ 3 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 142 Legitimates Filtered in 00mn 58s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D6A819E6D0766B5BEE51CE3E44B8A79E] - 14/01/2014 - 15:30:24 ---A- . (...) -- C:\WINDOWS\TSSysprep.log [5949]
O44 - LFC:[MD5.6CA67D1D9DC8F1DF7EF3354D8E621173] - 14/01/2014 - 15:34:45 ---A- . (...) -- C:\WINDOWS\System32\oem4.inf [870480]
O44 - LFC:[MD5.D56339D3036EA0D4E04926EAC99303FC] - 14/01/2014 - 15:35:11 ---A- . (...) -- C:\WINDOWS\bcmwl.log [11226]
O44 - LFC:[MD5.947D63FFF37ABF36949859CAD6A67A8F] - 14/01/2014 - 15:41:08 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [8874]
O44 - LFC:[MD5.165B52C12CE4F710C584848981692959] - 14/01/2014 - 15:42:03 ---A- . (...) -- C:\WINDOWS\xUninstall.bat [125]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 14/01/2014 - 15:43:11 ---A- . (...) -- C:\WINDOWS\System32\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 14/01/2014 - 15:43:11 ---A- . (...) -- C:\WINDOWS\System32\bltinmic.ico [3774]
O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 14/01/2014 - 15:43:11 ---A- . (...) -- C:\WINDOWS\System32\nbspkrs.ico [15222]
O44 - LFC:[MD5.2449E01AA5EFCA4A6862B6D8B040A97C] - 14/01/2014 - 15:50:42 ---A- . (...) -- C:\WINDOWS\WMPrfFRA.prx [37916]
O44 - LFC:[MD5.105599ABA19E3ED318EC27041F8F05DE] - 14/01/2014 - 15:51:49 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [5506]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/01/2014 - 16:15:39 RSHA- . (...) -- C:\WINDOWS\System32\Drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCND8422WH3_E464632-052_4A_I30F4_SCompal_V99.67_F.12_T080828_WV3-1_L40C_M3069_J500_7Intel_86FD_92.00_#140114_N10EC8168;14E44315_(FP905EA#ABF)_XMOBILE_CN10_Z_2F.12.MRK [0]
O44 - LFC:[MD5.5978AF295893C271C47F3485419BF4D4] - 14/01/2014 - 16:18:19 --HA- . (...) -- C:\IPH.PH [373]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 14/01/2014 - 17:49:02 ---A- . (...) -- C:\WINDOWS\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 14/01/2014 - 17:49:02 ---A- . (...) -- C:\WINDOWS\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 14/01/2014 - 17:49:02 ---A- . (...) -- C:\WINDOWS\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.53BB1043A4212E49EEB1099E82474C06] - 14/01/2014 - 17:51:33 ---A- . (...) -- C:\WINDOWS\msxml4-KB973688-enu.LOG [290312]
O44 - LFC:[MD5.F37B6B0C63D3F2F73208E6089E58200D] - 14/01/2014 - 17:52:09 ---A- . (...) -- C:\WINDOWS\msxml4-KB954430-enu.LOG [283634]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 14/01/2014 - 17:59:48 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\WINDOWS\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 14/01/2014 - 18:49:23 ---A- . (...) -- C:\WINDOWS\System32\systemsf.ebd [130008]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 14/01/2014 - 18:49:26 ---A- . (...) -- C:\WINDOWS\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 14/01/2014 - 18:49:26 ---A- . (...) -- C:\WINDOWS\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 14/01/2014 - 18:49:29 ---A- . (...) -- C:\WINDOWS\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 14/01/2014 - 18:49:29 ---A- . (...) -- C:\WINDOWS\System32\StructuredQuerySchemaTrivial.bin [18904]
O44 - LFC:[MD5.7E49D1BB03C257BE165851F11C0B9320] - 14/01/2014 - 18:49:34 ---A- . (...) -- C:\WINDOWS\System32\wlan.tmf [2499629]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 14/01/2014 - 18:49:41 ---A- . (...) -- C:\WINDOWS\System32\WFP.TMF [208966]
O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 14/01/2014 - 18:49:45 ---A- . (...) -- C:\WINDOWS\System32\korwbrkr.lex [11967524]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 14/01/2014 - 18:49:54 ---A- . (...) -- C:\WINDOWS\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 14/01/2014 - 18:50:12 ---A- . (...) -- C:\WINDOWS\System32\dot3.tmf [442788]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 14/01/2014 - 18:50:13 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\WINDOWS\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 14/01/2014 - 18:50:16 ---A- . (...) -- C:\WINDOWS\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 14/01/2014 - 18:50:24 ---A- . (...) -- C:\WINDOWS\System32\RacUR.xml [9212]
O44 - LFC:[MD5.4C58B5E71FEEFD18BB7F537343C7219A] - 14/01/2014 - 18:50:24 ---A- . (...) -- C:\WINDOWS\System32\RacUREx.xml [153]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 14/01/2014 - 18:50:26 ---A- . (...) -- C:\WINDOWS\System32\onex.tmf [392170]
O44 - LFC:[MD5.08FD8FE820DE7C78AE640D583BC2C78D] - 14/01/2014 - 20:44:33 ---A- . (...) -- C:\WINDOWS\SynInst.log [561]
O44 - LFC:[MD5.C4DB51062A395115CDBBB46A0E656134] - 14/01/2014 - 21:38:15 ---A- . (...) -- C:\WINDOWS\HPQLB.LOG [2118]
O44 - LFC:[MD5.D3B166815B3DADA7060EBEC7B9FF6EF6] - 16/01/2014 - 10:10:34 ---A- . (...) -- C:\WINDOWS\IE9_main.log [4287]
O44 - LFC:[MD5.027A9C8C639C182C9526935579198125] - 19/01/2014 - 20:28:05 ---A- . (...) -- C:\WINDOWS\certutil.log [925]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 19/01/2014 - 21:27:16 ---A- . (...) -- C:\WINDOWS\System32\DOErrors.log [52]
O44 - LFC:[MD5.4A6C4591C33C545BA73B92873A3D110E] - 20/01/2014 - 18:57:18 ---A- . (...) -- C:\WINDOWS\hpoins30.dat [187698]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/01/2014 - 19:13:14 ---A- . (...) -- C:\END [0]
~ Files: 813 Legitimates Filtered in 03mn 31s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{91943e8c-7d2b-11e3-b0d8-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\QPService [Key] . (...) -- C:\Program Files\HP\QuickPlay\QPService.exe (.not file.)
~ SMSR Keys: 20 Legitimates Filtered in 00mn 01s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.4CD6B056C5FD9E97C06FE74C81479517] - 24/01/2008 - 14:23:12 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome.) -- C:\WINDOWS\System32\Drivers\enecir.sys [52736]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 13/12/2013 - 15:03:37 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.21CC262AB5F42F7A6B91DC7304C2F267] - 27/06/2008 - 16:44:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\WINDOWS\System32\Drivers\stwrt.sys [380928]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\WINDOWS\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\WINDOWS\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\WINDOWS\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\WINDOWS\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\WINDOWS\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\WINDOWS\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\WINDOWS\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\WINDOWS\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\WINDOWS\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\WINDOWS\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\WINDOWS\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\WINDOWS\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\WINDOWS\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\WINDOWS\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {230C22EE-865B-4F83-92C2-08CF69DA6578} [DefaultScope] - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {B3D1C463-0C12-4F24-BCB2-7943255E8DC0} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.05D5B9351D0EDE9AC2DD868C3E25CB28] [SPRF][20/01/2014] (...) -- C:\ProgramData\nvModes.dat [49326]
[MD5.D593C3D10B78BC928A1FCD17CE47969D] [SPRF][14/01/2014] (.AOL - Pas de description.) -- C:\Users\Gilles\AppData\Local\Temp\A~NSISu_.exe [94038]
[MD5.E1EDABA8ECD8CEA6DA219C00F38691A8] [SPRF][14/01/2014] (...) -- C:\Users\Gilles\AppData\Local\Temp\isDel.bat [169]
[MD5.4E41301AB03814EABE37FCF194B728A6] [SPRF][13/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Gilles\AppData\Local\Temp\Offercast_AVIRAV7_.exe [1326512]
[MD5.7C7E8D982119475648C7536388D09C4E] [SPRF][13/01/2014] (...) -- C:\Users\Gilles\Desktop\Calcul Resistance.exe [2049536]
[MD5.006C83751B9F17934B58085D0B7BDA2C] [SPRF][24/01/2007] (.America Online, Inc. - AOL Media Playback Control.) -- C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll [841304]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][14/01/2014] (...) -- C:\WINDOWS\Downloaded Program Files\unagiuninst.exe [38428]
~ Files: 10 Legitimates Filtered in 00mn 03s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A902F76A-5468-4241-BD8F-8C938C5FF74F}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui01.exe (.not file.)
~ Firewall: 171 Legitimates Filtered in 00mn 03s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D214736534007A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 50 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.165E54B9DC251CD2EECC04B98323AD90] [WIS][20/01/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\189e73.msi [809472] =>Toolbar.Avira
[MD5.E5C1F8F8EB92D965D02EFB7E79387E56] [WIS][20/01/2014] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\189eb6.msi [121344]
~ WIS: 63 Legitimates Filtered in 00mn 23s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 10/07/1658 0 | (Com4QLBEx) . (...) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 24/07/2007 181800 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SS - | Demand 08/01/2008 148832 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 10/07/1658 0 | (MozillaMaintenance) . (...) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 25/06/2008 292216 | (QPCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
SS - | Auto 25/06/2008 116080 | (QPSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
SR - | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
SR - | Auto 13/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 20/12/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 15/04/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) - C:\WINDOWS\System32\Hpservice.exe
SR - | Auto 26/02/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 14/05/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\System32\nvvsvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 26/04/2008 361808 | (Recovery Service for Windows) . (...) - C:\Windows\SMINST\BLService.exe
SR - | Auto 27/06/2008 221273 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 28s
---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 2
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\MetaStream] =>Adware.MetaStream
[HKLM\Software\Viewpoint] =>Adware.MetaStream
[HKLM\Software\MozillaPlugins\@viewpoint.com/VMP] =>Adware.MetaStream
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
C:\Program Files\Viewpoint =>Adware.MetaStream
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\Viewpoint =>Adware.MetaStream
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\Gilles\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\Gilles\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Windows\Installer\189e73.msi =>Toolbar.Avira^
~ Additionnel Scan: 192562 Items scanned in 00mn 43s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27046242-adware-metastream =>Adware.MetaStream
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 3 link(s) detected in 00mn 44s
~ 1712 Legitimates filtered by white list
End of the scan (497 lines in 07mn 05s)(0)