Rapport de ZHPDiag v2013.4.14.81 par Nicolas Coolman, Update du 14/04/2013 Run by Jean-Michel at 15/04/2013 18:34:36 State : Your version is update. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) MFIE: Mozilla Firefox 18.0.1 v18.0.1 ---\\ Windows Product Information ~ Langage: Anglais Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ System Protection avast! Free Antivirus v8.0.1483.0 ---\\ System Optimizer CCleaner v3.26 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 17 ---\\ System Information ~ Processor: x86 Family 15 Model 4 Stepping 8, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 511 MB (53% free) System Restore: Activé (Enable) System drive C: has 60 GB (64%) free of 93 GB ---\\ Logged in mode ~ Computer Name: MERGER-26EA99F6 ~ User Name: Jean-Michel ~ All Users Names: SUPPORT_388945a0, Jean-Michel, HelpAssistant, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Jean-Michel\Application Data\ ~ %Desktop% : C:\Documents and Settings\Jean-Michel\Bureau\ ~ %Favorites% : C:\Documents and Settings\Jean-Michel\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Jean-Michel\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 93 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Search Generic System Files [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 01s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/2 ~ Mes Videos (My Videos) : 0/0 ~ Mes Favoris (My Favorites) : 1/9 ~ Mes Documents (My Documents) : 1/62 ~ Mon Bureau (My Desktop) : 0/248 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Scanned in 00mn 00s ---\\ Running Processes [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1976] [MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.160] [MD5.17DF01717058EAD5298EB3F1851D3778] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 56.77.) -- C:\WINDOWS\system32\nvsvc32.exe [110659] [PID.364] [MD5.0765EE4A7A0D6609BF91CA2E4700E885] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.1740] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1576] [MD5.A7DE471B5403DBF8AFA4138A92B8012F] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363] [PID.1840] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304] [PID.1704] [MD5.2DF81CB002F5EFD9A6F1391B71C723FF] - (.SPX Service Solutions - ASDE communication Server.) -- C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe [315492] [PID.2120] [MD5.37FFF683AEE7F09F5F7087138192BF02] - (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [131072] [PID.2140] [MD5.1ACBA585D47FB69C12F26074517EFE5A] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [1644680] [PID.2428] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2488] [MD5.BC431F556635C1096B9AAD8A1736C034] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6750720] [PID.2312] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3488] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\prefs.js M3 - MFPP: Plugins - [Jean-Michel] -- C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\searchplugins\askcom.xml M3 - MFPP: Plugins - [Jean-Michel] -- C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\searchplugins\askcomsearch.xml M0 - MFSP: prefs.js [Jean-Michel - bvaxiv65.default-1358453874625] http://www.sfr.fr M2 - MFEP: prefs.js [Jean-Michel - bvaxiv65.default-1358453874625\toolbar@ask.com] [] v (..) ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sfr.fr R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects (O2) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask ~ BHO: 5 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask ~ Toolbar: Scanned in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (.NVIDIA Corporation - NVIDIA nView Wizard, Version 56.77.) -- C:\WINDOWS\system32\nwiz.exe O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [ServeurIPAsde] . (.SPX Service Solutions - ASDE communication Server.) -- C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe O4 - HKLM\..\Run: [NVMixerTray] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-746137067-1637723038-725345543-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Application: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico O4 - GS\Programs: Microsoft Access.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\accicons.exe O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\xlicons.exe O4 - GS\Programs: Microsoft FrontPage.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\misc.exe O4 - GS\Programs: Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\outicon.exe O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\pptico.exe O4 - GS\Programs: Microsoft Publisher.lnk . (...) -- C:\WINDOWS\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\pubs.exe O4 - GS\Programs: Microsoft Reader.lnk . (.Microsoft Corporation - Microsoft Reader.) -- C:\Program Files\Microsoft Reader\msreader.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphean Key O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365933343718 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{7CD8F587-E0AE-4007-9840-51BA57EA98AC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{7CD8F587-E0AE-4007-9840-51BA57EA98AC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{7CD8F587-E0AE-4007-9840-51BA57EA98AC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 56.77.) - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Services: 4 Legitimates Filtered in 00mn 03s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp ~ Desktop Component: 1 Legitimates Filtered in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [246] =>Toolbar.Ask ~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: (oreans32) . (...) - C:\WINDOWS\system32\drivers\oreans32.sys ~ Drivers: 86 Legitimates Filtered in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask O42 - Logiciel: CD7 Dialogys - (.Renault S.A.S..) [HKLM] -- {EED515E3-1B52-43C4-BB21-C8C12F4B3A1B} O42 - Logiciel: CLIP - (.SPX.) [HKLM] -- {9D143A8C-C66A-4E27-A602-C004F14EBA92} O42 - Logiciel: CLIP RENAULT Autoformation - (.JCAE.) [HKLM] -- {6EED89DA-D011-46BC-BC62-16F7BF369484} O42 - Logiciel: DVD2 + Dialogys - (.Renault S.A.S..) [HKLM] -- {B6F96A16-B6F4-435C-B93B-72E0583722BD} O42 - Logiciel: Dialogys DVD0 - (.Renault S.A.S..) [HKLM] -- {1F14EB89-8074-4F3A-AF81-ACD4795FF1A3} O42 - Logiciel: IBM ViaVoice 98 Home Edition - Français - (...) [HKLM] -- DeleteProdVVoice98Home_FR O42 - Logiciel: Language Reader 1.0 - (.Authorsoft Corporation.) [HKLM] -- Language Reader_is1 O42 - Logiciel: Lernout & Hauspie TruVoice American English TTS Engine - (...) [HKLM] -- tv_enua O42 - Logiciel: NvMixer - (...) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698} O42 - Logiciel: Sweetpacks Bundle Uninstaller - (.SweetPacks LTD.) [HKLM] -- Sweetpacks Bundle Uninstaller =>PUP.SweetIM O42 - Logiciel: VAG-COM Release 704.1 - (.Ross-Tech.) [HKLM] -- VAG-COM Release ~ Logic: 99 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN] [HKCU\Software\Ask.com] [HKCU\Software\AskToolbar] [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\APN] [HKLM\Software\AskToolbar] [HKLM\Software\Axtive] [HKLM\Software\Dialogys] [HKLM\Software\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Hardware structure] [HKLM\Software\JCAE] [HKLM\Software\PCBD] [HKLM\Software\Ross-Tech] [HKLM\Software\SPX] ~ Key Software: 155 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 03/03/2013 - 13:10:50 - [3,514] ----D C:\Program Files\Ask.com O43 - CFD: 06/01/2013 - 15:13:41 - [-1768,029] ----D C:\Program Files\Dialogys O43 - CFD: 05/01/2013 - 18:02:11 - [0] ----D C:\Program Files\JCAE O43 - CFD: 26/01/2013 - 19:35:38 - [35,571] ----D C:\Program Files\Language Reader O43 - CFD: 09/01/2013 - 16:27:37 - [7,200] ----D C:\Program Files\VAG-COM O43 - CFD: 06/01/2013 - 15:13:58 - [85,854] ----D C:\Program Files\_jvm O43 - CFD: 17/01/2013 - 18:05:13 - [0,001] ----D C:\Documents and Settings\Jean-Michel\Application Data\ExpressFiles =>Adware.ExpressFiles O43 - CFD: 03/03/2013 - 13:10:44 - [0,000] ----D C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\APN O43 - CFD: 22/03/2013 - 22:34:04 - [0,474] ----D C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\AskToolbar O43 - CFD: 09/01/2013 - 16:27:40 - [0,004] ----D C:\Documents and Settings\Jean-Michel\Menu Démarrer\Programmes\VAG-COM ~ Program Folder: 102 Legitimates Filtered in 10mn 14s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.8D35392051EA02061E511B68D7FD52ED] - 15/04/2013 - 17:32:43 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [3725] O44 - LFC:[MD5.D7CD03CD5DDF0DF0EC2C3854BC8ECB38] - 15/04/2013 - 14:08:09 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [92762] O44 - LFC:[MD5.A9F9121D6D21B50B6C21E88DF4252AE0] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [807795] O44 - LFC:[MD5.000CA17A99A288F3DAC4A68EC1023D73] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\comsetup.log [281093] O44 - LFC:[MD5.5295AD6B9A2F1F0A1D1986713A085E71] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\iis6.log [126400] O44 - LFC:[MD5.680BCA9B4E08B91D7C03D8A5C67F30CE] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.3912A261D42B05578B26C484E4D0C2B8] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\msgsocm.log [40835] O44 - LFC:[MD5.4A05EEE0172E1DFD884406038B338D53] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [168712] O44 - LFC:[MD5.F675579C15C9197B6A51F6F9C0819AAE] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\ocgen.log [404375] O44 - LFC:[MD5.EEDDF3656DAB7802E203A7A6EB3FDD01] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\ocmsn.log [45440] O44 - LFC:[MD5.3E2CCA4211F754AF11E73AC47E970154] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\tsoc.log [313293] O44 - LFC:[MD5.1D75138C95886CEE7BF4FF153BEBC54D] - 15/04/2013 - 13:59:36 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.0E1DF87DC4D3DCBFE081A363E200F9E5] - 15/04/2013 - 13:58:17 ---A- . (...) -- C:\WINDOWS\updspapi.log [233738] O44 - LFC:[MD5.6F4251287703A79B4A3763A8942FC0C5] - 15/04/2013 - 13:55:21 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6280] O44 - LFC:[MD5.F4FB14CE11F507A6A3F42FECD5E25A0C] - 15/04/2013 - 13:55:15 ---A- . (...) -- C:\WINDOWS\wmsetup.log [3446] O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 14/04/2013 - 12:00:45 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640] O44 - LFC:[MD5.B91129E03367337CB0B14E3CDCAA1CA9] - 14/04/2013 - 12:00:00 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [1178] O44 - LFC:[MD5.4A0DB92FD9E5A80DB7BB4CB9AC4BD0CA] - 14/04/2013 - 11:59:53 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [359] O44 - LFC:[MD5.544E86E8EAE19B2FD2FAFAD8A9D1AEA2] - 14/04/2013 - 11:57:43 ---A- . (...) -- C:\WINDOWS\spupdsvc.log.1.log [187] O44 - LFC:[MD5.6FCCB1FD50FBDAA92FBC6108082ADA23] - 14/04/2013 - 11:57:40 ---A- . (...) -- C:\WINDOWS\system32\spupdwxp.log [269] O44 - LFC:[MD5.36B9B1AF836CB087D29781420C067C8B] - 14/04/2013 - 11:57:21 ---A- . (...) -- C:\WINDOWS\setuplog.txt [814807] O44 - LFC:[MD5.8E18E905F6ED8634A1AD615136191920] - 14/04/2013 - 11:55:12 ---A- . (...) -- C:\WINDOWS\svcpack.log [479641] O44 - LFC:[MD5.389EDA628BC15013E75AA37D4F4408EE] - 14/04/2013 - 11:40:03 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [373] O44 - LFC:[MD5.1D0F6DD5CF492F60ACA79FD5356D204D] - 14/04/2013 - 11:39:49 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1281] O44 - LFC:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2013 - 11:29:15 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 14/04/2013 - 11:28:26 RSHA- . (...) -- C:\ntldr [252240] O44 - LFC:[MD5.DAA93DC3FDAB8CC621F3F3F6F0140746] - 14/04/2013 - 11:21:42 ---A- . (...) -- C:\WINDOWS\medctroc.Log [605] O44 - LFC:[MD5.99A6A6825DD0A3F5FAC7693376905212] - 13/04/2013 - 13:18:55 ---A- . (...) -- C:\WINDOWS\Zone.Identifier [26] O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 02/04/2007 - 08:06:04 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045] O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 29/12/2006 - 06:51:08 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352] O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 29/12/2006 - 06:32:50 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866] O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 28/12/2006 - 11:01:32 ---A- . (...) -- C:\WINDOWS\002758_.tmp [19569] ~ Files: 331 Legitimates Filtered in 01mn 10s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\SAGEM SA\DgIpSvr.exe" [Enabled] .(.SPX Service Solutions.) -- C:\Program Files\Fichiers communs\SAGEM SA\DgIpSvr.exe O47 - AAKE:Key Export SP - "C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe" [Enabled] .(.SPX.) -- C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe O47 - AAKE:Key Export SP - "C:\CLIP\Lib\Application\ClipLauncher.exe" [Enabled] .(.JCAE.) -- C:\CLIP\Lib\Application\ClipLauncher.exe O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\expressdl.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\ExpressFiles.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles O47 - AAKE:Key Export SP - "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [Enabled] .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM ~ Keys Export: 13 Legitimates Filtered in 00mn 01s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{8491a096-6622-11e2-bb31-000fb0459097}\AutoRun\command. (...) -- E:\InstallTomTomHOME.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.A7D5C71FF4A5B8FEE626FE65B39D71D0] - 19/03/2004 - 13:40:54 ---A- . (.Agere Systems - SoftModem Device Driver.) -- C:\WINDOWS\system32\Drivers\AGRSM.sys [1205292] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 05/01/2013 - Unknown owner (oreans32) .(...) - LEGACY_OREANS32 ~ Legacy: 117 Legitimates Filtered in 00mn 02s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 17 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\searchplugins\askcom.xml O69 - SBI: prefs.js [Jean-Michel - bvaxiv65.default-1358453874625] user_pref("extensions.asktb.ff-original-keyword-url", ""); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {17FC2E89-A942-49BD-ADA7-B5BE59FF42E7} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {C6FC35DB-88D0-4300-8874-ACE7BD3EE971} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.C7A117E7370406448BD32FC99BA5C593] [SPRF][14/04/2013] (.The GIMP Team - GIMP Setup.) -- C:\Documents and Settings\Jean-Michel\Bureau\gimp-2.8.4-setup.exe [76902472] [MD5.E25D2B5DC6DE1A1C335B919828FEFA8A] [SPRF][28/08/2012] (...) -- C:\Documents and Settings\Jean-Michel\Bureau\Renault Pin Extractor.exe [1212928] [MD5.1E9F240E7B04EAFFCBAA634F3EF5F4B8] [SPRF][24/01/2013] (...) -- C:\Documents and Settings\Jean-Michel\Bureau\TomTomHOME2winlatest.exe [30685480] [MD5.A9A9A86E7330BFFAF64AE2ACFB73D959] [SPRF][14/04/2013] (.Microsoft Corporation - Auto-extraction de fichier CAB.) -- C:\Documents and Settings\Jean-Michel\Bureau\windows-xp-service-pack-3_windows_xp_service_pack_3_francais_242026.exe [324222504] [MD5.0A87275730E86DFE98AD3B1F873D72F5] [SPRF][06/01/2013] (...) -- C:\Program Files\dialogysclip.bat [63] [MD5.F3760CE405DD87822F0C1B2F5A42FF6D] [SPRF][06/01/2013] (...) -- C:\Program Files\DialogysUninstWPS.bat [1809] ~ Files: Scanned in 00mn 39s ---\\ Additionnal Scan (O88) Database Version : v2.11536 - (14/04/2013) Clés trouvées (Keys found) : 49 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKCU\Software\APN] =>Toolbar.Ask [HKLM\Software\APN] =>Toolbar.Ask [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\AskToolbar] =>Toolbar.AskTBar [HKLM\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade C:\Program Files\Ask.com =>Toolbar.AskBar C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\AskToolbar =>Toolbar.AskTBar C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\Extensions\toolbar@ask.com =>Toolbar.AskTBar ~ Additionnel: Scanned in 07mn 20s ---\\ Product Upgrade Codes (O90) O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>Toolbar.Ask ~ Update Products: 25 Legitimates Filtered in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 10/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SS - | Demand 28/10/2012 312264 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe SR - | Auto 13/04/2004 110659 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe SR - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Services: Scanned in 00mn 03s ~ 998 Legitimates filtered by white list End of the scan (557 lines in 19mn 52s)(0)