~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014) ~ Lancé par Book (01/02/2014 13:11:29) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16484 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8 Pro, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel Windows ID Activation : OK ~ Windows Partial Key : J8CK4 ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.2.286 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.07 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer Pando Media Booster v2.6.0.7 ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Java 7 Update 10 Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 1973 MB (21% free) System Restore: Activé (Enable) System drive C: has 151 GB (70%) free of 215 GB ---\\ Mode de connexion au système ~ Computer Name: BOOK ~ User Name: Book ~ All Users Names: HomeGroupUser$, fbwuser, Book, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Book\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Book\AppData\Roaming\ ~ %Desktop% : C:\Users\Book\Desktop\ ~ %Favorites% : C:\Users\Book\Favorites\ ~ %LocalAppData% : C:\Users\Book\AppData\Local\ ~ %StartMenu% : C:\Users\Book\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 151 Go of 215 Go) D: Hard drive, Flash drive, Thumb drive (Free 192 Go of 251 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 48 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.BDE820861D8107C67E182DF66A27074F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/12/2012 - 01:29:16.) -- C:\Windows\System32\wininet.dll [2246656] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.877D60D6E4156EC4A2E0B6871D41BED9] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/11/2012 - 04:52:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [366080] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.11D7A4A4A1DA60F394F53B413DCDF0DE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/01/2013 - 02:29:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1934056] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/33 ~ Mes musiques (My Musics) : 1/364 ~ Mes Favoris (My Favorites) : 1/4 ~ Mes Documents (My Documents) : 3/4068 ~ Mon Bureau (My Desktop) : 2/5159 ~ Menu demarrer (Programs) : 1/51 ~ Hidden Files: Scanned in 00mn 28s ---\\ Processus lancés [MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3460] [MD5.AA2853F85CFDE861D8A9163E92E22DFD] - (.Skillbrains - Lightshot.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe [313120] [PID.4128] [MD5.615E58F9963734185756AEE4959BA964] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480] [PID.4144] [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.4316] [MD5.33BE35574E1081A91EACD2B98E0A472A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640] [PID.4332] =>Toolbar.Ask [MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe [866584] [PID.4828] [MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4152] [MD5.FDA1329BF7F5F92C71C692798B642BAC] - (.Avira Operations GmbH & Co. KG - Antivirus Control Center (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [661048] [PID.4508] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Book\AppData\Roaming\Mozilla\Firefox\Profiles\r91gvq7i.default\prefs.js M2 - MFEP: prefs.js [Book - r91gvq7i.default\battlefieldplay4free@ea.com] [] Battlefield Play4Free v1.0.96.0 (..) ~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve ~ IE Browser: 17 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 04s ~ Nombre de lignes (Lines number): 16115 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Bing Bar - [HKLM]{eec0f710-38b5-4aba-99bf-ec87564a4e13} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Actionaz.lnk . (...) -- C:\Program Files\Actionaz\actionaz.exe O4 - GS\Desktop [Public]: Acunetix Web Vulnerability Scanner 9.lnk . (.Acunetix - Web Vulnerability Scanner.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9\wvs.exe O4 - GS\Desktop [Public]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe O4 - GS\Desktop [Public]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe O4 - GS\Desktop [Public]: Pipix.lnk . (...) -- C:\Program Files (x86)\Pipix\Pipix-3.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Mullvad.lnk . (...) -- C:\Program Files (x86)\Mullvad\mullvad.exe (.not file.) O4 - GS\QuickLaunch [Book]: Auto Clicker.lnk . (...) -- C:\Program Files (x86)\Auto Clicker\AutoClicker.exe (.not file.) O4 - GS\QuickLaunch [Book]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe O4 - GS\QuickLaunch [Book]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Book]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Book]: Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.) O4 - GS\QuickLaunch [Book]: Yahoo! Messenger.lnk . (...) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (.not file.) O4 - GS\TaskBar [Book]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [Book]: Hardfight.lnk . (...) -- C:\Users\Book\Downloads\Hardfight.exe O4 - GS\TaskBar [Book]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Book]: Minecraft (2).lnk . (...) -- C:\Users\Book\Desktop\Launchers\Minecraft.exe O4 - GS\TaskBar [Book]: Minecraft(1).lnk . (...) -- C:\Users\Book\Desktop\Inutiles\Enorme\Minecraft.exe O4 - GS\TaskBar [Book]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar [Book]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe O4 - GS\TaskBar [Book]: Sénacraft (3).lnk . (...) -- C:\Users\Book\Desktop\Launchers\Sénacraft (3).exe O4 - GS\TaskBar [Book]: Sénacraft (4).lnk . (...) -- C:\Users\Book\Downloads\Sénacraft (4).exe O4 - GS\TaskBar [Book]: Wardfight.lnk . (...) -- C:\Users\Book\Desktop\Wardfight.exe O4 - GS\TaskBar [Book]: WarFury.lnk . (...) -- C:\Users\Book\Downloads\WarFury.exe O4 - GS\Program [Book]: Aut2Exe.lnk - Clé orpheline O4 - GS\Program [Book]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Book]: join.me.lnk . (.LogMeIn, Inc. - join.me.) -- C:\Users\Book\AppData\Local\join.me\join.me.exe O4 - GS\Program [Book]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe O4 - GS\SendTo [Book]: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.) O4 - GS\Desktop [Book]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe O4 - GS\Desktop [Book]: join.me.lnk . (.LogMeIn, Inc. - join.me.) -- C:\Users\Book\AppData\Local\join.me\join.me.exe O4 - GS\Desktop [Book]: Nmap - Zenmap GUI.lnk . (...) -- C:\Program Files (x86)\Nmap\zenmap.exe ~ Global Startup: 65 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Book]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Book\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox O4 - GS\Startup [Book]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Book\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [CraftMeBook] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Book\AppData\Local\Akamai\netsession_win.exe O4 - HKCU\..\Run: [Microsoft(R) Delayed Launcher] Clé orpheline O4 - HKCU\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe O4 - HKCU\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe O4 - HKCU\..\Run: [LightShot] . (.Pas de propriétaire - Starter Module.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\LightShot.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O4 - HKLM\..\Wow6432Node\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files (x86)\VNT\vntldr.exe =>Toolbar.Ask O4 - HKCU\..\policies\Explorer\Run: [Microsoft(R) Delayed Launcher] Clé orpheline O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Book\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [CraftMeBook] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Book\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Microsoft(R) Delayed Launcher] Clé orpheline O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [LightShot] . (.Pas de propriétaire - Starter Module.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\LightShot.exe O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{434A680E-C66E-4DCF-91FE-DC290F1091DF}: NameServer = 195.60.76.114 195.60.76.115 O17 - HKLM\System\CCS\Services\Tcpip\..\{1E65384B-BFEF-4826-BF47-CF98D7A88617}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{434A680E-C66E-4DCF-91FE-DC290F1091DF}: NameServer = 195.60.76.114 195.60.76.115 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E65384B-BFEF-4826-BF47-CF98D7A88617}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: Metasploit Pro Service (metasploitProSvc) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe O23 - Service: Metasploit Thin Service (metasploitThin) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe O23 - Service: Metasploit Worker (metasploitWorker) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe ~ Services: 13 Legitimates Filtered in 00mn 03s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-S-1-5-21-1957931178-653952670-3862380426-1001.job [396] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-sys.job [396] [MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd" [198] [MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (...) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.) [0] [MD5.71D63875DB82FB0BF3FAA16206761681] [APT] [update-sys] (...) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [112416] [MD5.984E28E70D1000272A2AB61E34D12D6E] [APT] [{7E0362EF-A72F-47B0-965E-AB5E94B59B05}] (...) -- C:\Users\Book\Desktop\Havij v1.16 Pro Portable.exe [5292723] [MD5.00000000000000000000000000000000] [APT] [{A10340D9-9D2C-4B70-980B-DEFAA596EB0B}] (...) -- C:\Program Files (x86)\Tiny Firewall\SysReport.exe (.not file.) [0] ~ Scheduled Task: 13 Legitimates Filtered in 00mn 08s ---\\ Logiciels installés (O42) O42 - Logiciel: DarkComet Remover version 2.0 - (.Phrozen ® Software 2013..) [HKLM][64Bits] -- DarkComet Remover_is1 O42 - Logiciel: Eazfuscator.NET - (.Gapotchenko.) [HKLM][64Bits] -- {FED0C86A-17AA-4157-ABA3-2AD47C815CE8} ~ Logic: 9 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKCU\Software\Crypted] [HKCU\Software\Cyber] [HKCU\Software\D-Guard] [HKCU\Software\Eazfuscator.NET] [HKCU\Software\HEViewer] [HKCU\Software\NetUtils] [HKCU\Software\Pando Networks] [HKCU\Software\VNT] [HKCU\Software\frobyd] [HKCU\Software\user32.dll] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\Wow6432Node\AskPartnerNetwork] [HKLM\Software\Wow6432Node\Eazfuscator.NET] [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\Pando Networks] ~ Key Software: 288 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 30/01/2014 - 23:35:11 - [12,262] ----D C:\Program Files (x86)\AskPartnerNetwork O43 - CFD: 17/01/2014 - 20:46:51 - [7,182] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 30/01/2014 - 23:35:11 - [0,333] ----D C:\Program Files (x86)\VNT O43 - CFD: 07/02/2013 - 18:59:06 - [0,004] ----D C:\ProgramData\610D O43 - CFD: 30/01/2014 - 23:35:11 - [2,254] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 05/10/2013 - 14:59:48 - [0,002] ----D C:\ProgramData\DYA_EGRQTWOKQVCBJBDAV O43 - CFD: 13/12/2013 - 21:34:32 - [0,168] ----D C:\ProgramData\Nimoru O43 - CFD: 18/12/2013 - 21:57:22 - [0] -SH-D C:\ProgramData\{$1284-9213-2940-1289$} O43 - CFD: 30/12/2013 - 02:24:25 - [191,524] ----D C:\Users\Book\AppData\Roaming\.allfight O43 - CFD: 22/06/2013 - 22:37:28 - [13,942] ----D C:\Users\Book\AppData\Roaming\.DayOfPvp O43 - CFD: 19/01/2014 - 15:40:52 - [156,218] ----D C:\Users\Book\AppData\Roaming\.hardfight O43 - CFD: 26/08/2013 - 15:25:53 - [107,833] ----D C:\Users\Book\AppData\Roaming\.playforcraft O43 - CFD: 27/12/2013 - 14:34:46 - [59,777] ----D C:\Users\Book\AppData\Roaming\.scclient O43 - CFD: 28/01/2014 - 22:16:40 - [76,287] ----D C:\Users\Book\AppData\Roaming\.senacraft O43 - CFD: 31/01/2014 - 21:22:21 - [263,438] ----D C:\Users\Book\AppData\Roaming\.wardfight O43 - CFD: 19/01/2014 - 02:07:10 - [43,614] ----D C:\Users\Book\AppData\Roaming\.WarFury O43 - CFD: 18/09/2013 - 17:17:55 - [29,488] ----D C:\Users\Book\AppData\Roaming\.WF O43 - CFD: 20/04/2013 - 17:01:29 - [0,032] --H-D C:\Users\Book\AppData\Roaming\422816A9 O43 - CFD: 10/03/2013 - 19:12:14 - [0] ----D C:\Users\Book\AppData\Roaming\ARA O43 - CFD: 27/01/2014 - 23:37:00 - [0,011] ----D C:\Users\Book\AppData\Roaming\FTPCracker O43 - CFD: 12/07/2013 - 18:38:08 - [0] ----D C:\Users\Book\AppData\Roaming\Target Folder O43 - CFD: 07/02/2013 - 19:04:33 - [0] ----D C:\Users\Book\AppData\Roaming\TFP O43 - CFD: 27/01/2014 - 23:30:15 - [0] ----D C:\Users\Book\AppData\Roaming\WebhostChecker O43 - CFD: 29/08/2013 - 21:13:53 - [0,001] ----D C:\Users\Book\AppData\Local\Gapotchenko O43 - CFD: 13/07/2013 - 23:23:29 - [0,003] ----D C:\Users\Book\AppData\Local\Oleksiy_Gapotchenko O43 - CFD: 05/07/2013 - 09:18:21 - [0,001] ----D C:\Users\Book\AppData\Local\PolarByte.net O43 - CFD: 30/01/2014 - 23:35:14 - [0,281] ----D C:\Users\Book\AppData\Local\VNT ~ Program Folder: 224 Legitimates Filtered in 01mn 28s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.7AD125D220791122A190A95C90C4EF8A] - 25/01/2014 - 22:25:13 ---A- . (...) -- C:\Windows\WVS_InstDBLogFile.csv [96] O44 - LFC:[MD5.707577FE6926B9DACA5F9B563D8114E4] - 27/01/2014 - 19:10:25 ---A- . (...) -- C:\Windows\Sandboxie.ini [1462] ~ Files: 14 Legitimates Filtered in 00mn 10s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.D168AE57558A6174FB35E0F82B32F62B] - 12/01/2013 - 18:06:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswnet.sys.sum [175] O58 - SDL:[MD5.571153E09F5A190F534DB1C5CE72A45B] - 07/03/2013 - 15:14:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswvmm.sys.sum [175] O58 - SDL:[MD5.361BC37EA7865AFA7899471E41DFA8B6] - 12/04/2013 - 19:53:02 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [46280] O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 15/12/2011 - 19:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232] O58 - SDL:[MD5.BD08C9D4FDA1ED615DD521B3510B550E] - 10/01/2013 - 20:43:36 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 17 Legitimates Filtered in 00mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.B910B1D8920332DF72A690ACACE88BB9] [SPRF][15/09/2013] (...) -- C:\ProgramData\Setting.dat [278] [MD5.91921A85B411BE4DC133B57518A0BC32] [SPRF][26/10/2013] (...) -- C:\Users\Book\AppData\Roaming\Booklog.dat [143650] [MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][01/02/2014] (...) -- C:\Users\Book\Desktop\adwcleaner.exe [1166132] [MD5.494FCD1061795018107893DF77385E1A] [SPRF][02/08/2013] (...) -- C:\Users\Book\Desktop\Ascentia.exe [833424] [MD5.A3F64DCF50255ED2D684DD8ECB1FFDED] [SPRF][02/01/2014] (.Isidar eBooks - CP Wizardry.) -- C:\Users\Book\Desktop\CPWizardry.exe [34952292] [MD5.3EBEED5D9F6B80282ACFD037E365C0DD] [SPRF][13/01/2014] (...) -- C:\Users\Book\Desktop\FTPCracked.exe [9514375] [MD5.984E28E70D1000272A2AB61E34D12D6E] [SPRF][22/09/2012] (...) -- C:\Users\Book\Desktop\Havij v1.16 Pro Portable.exe [5292723] [MD5.446F134A7CCD3C74CF5CA97193D60942] [SPRF][27/12/2013] (...) -- C:\Users\Book\Desktop\Icon Changer.exe [714666] [MD5.5E6B471E46B32F49F651157D68C371E5] [SPRF][01/01/2014] (...) -- C:\Users\Book\Desktop\ICryptex Binder.exe [1394848] [MD5.CB4139E72B5E09F0DE35315F68BDAD4F] [SPRF][23/04/2012] (...) -- C:\Users\Book\Desktop\MaXIsploit.exe [1953792] [MD5.0926ED1E5F0B5E4E99BDD47AACCD6970] [SPRF][26/01/2014] (...) -- C:\Users\Book\Desktop\minecraft_server.1.6.4.exe [6542715] [MD5.51ACE1640CCC63653C0B02D8EBC69863] [SPRF][30/01/2014] (...) -- C:\Users\Book\Desktop\RP Generator.exe [1573034] [MD5.2A7CF13ACB76BD371FC77250462DEB7D] [SPRF][25/12/2013] (.Gary's Hood - Pas de description.) -- C:\Users\Book\Desktop\rsclient.exe [61440] [MD5.6BCDD719DD53DA2F0E9F9D292C46D0E3] [SPRF][24/11/2013] (...) -- C:\Users\Book\Desktop\Shell Finder.exe [738304] [MD5.EBB746C9F3804C2ADB1E27B64147E35B] [SPRF][03/01/2014] (...) -- C:\Users\Book\Desktop\Wardfight.exe [411693] [MD5.BF8015E314305305D514E7C4D6529995] [SPRF][18/01/2014] (...) -- C:\Users\Book\Desktop\WarFury.exe [3756988] ~ Files: 21 Legitimates Filtered in 00mn 07s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{6E9AA82C-D760-477B-9EFD-2AA16C5DEAB7}" | In - Public - P6 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe O87 - FAEL: "{6ED6C293-2BEF-4958-B7D2-BB49F213F7BD}" | In - Public - P17 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe O87 - FAEL: "{0747BDBF-467C-41DE-AB3D-9CAA7372C643}" | In - Domain - P6 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe O87 - FAEL: "{B864E2E9-E377-434C-B49E-F7793D33A33C}" | In - Domain - P17 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe ~ Firewall: 269 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "25946514D214736534007A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-4300-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\WINDOWS\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing ~ Update Products: 64 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.AC0D283E857F8CA4469DE3657175AFBA] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\14fb2ec.msi [813568] =>Toolbar.Avira ~ WIS: 68 Legitimates Filtered in 00mn 06s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 28/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe SS - | Demand 19/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 26/04/2011 14848 | (OpenVPNService) . (...) - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe SS - | Demand 10/07/1658 0 | (rpcapd) . (...) - C:\Program Files (x86)\WinPcap\rpcapd.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 28/09/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 13/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 13/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 13/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe SR - | Auto 20/12/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 07/12/2013 79872 | (metasploitPostgreSQL) . (.PostgreSQL Global Development Group.) - C:\metasploit\postgresql\bin\pg_ctl.exe SR - | Auto 24/11/2013 70239 | (metasploitProSvc) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe SR - | Auto 24/11/2013 70239 | (metasploitThin) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe SR - | Auto 24/11/2013 70239 | (metasploitWorker) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe SR - | Auto 16/10/2013 186056 | (SbieSvc) . (.Sandboxie Holdings, LLC.) - C:\Program Files\Sandboxie\SbieSvc.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 10s ---\\ Scan Additionnel (O88) Database Version : 13030 - (25/01/2014) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 2 [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{eec0f710-38b5-4aba-99bf-ec87564a4e13} =>Toolbar.Bing^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^ C:\Windows\Installer\14fb2ec.msi =>Toolbar.Avira^ ~ Additionnel Scan: 262715 Items scanned in 00mn 31s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 1 link(s) detected in 00mn 31s ~ 1074 Legitimates filtered by white list End of the scan (504 lines in 04mn 31s)(0)