~ Rapport de ZHPDiag v2014.5.15.64 - Nicolas Coolman (15/05/2014) ~ Lancé par georges (16/05/2014 22:54:00) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Blog d'analyse software : http://nicolascoolman.byethost7.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16899 MFIE: Mozilla Firefox 29.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : X73HT Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.3.350 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.13 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4010 MB (65% free) System Restore: Activé (Enable) System drive C: has 844 GB (93%) free of 905 GB ---\\ Mode de connexion au système ~ Computer Name: GEORGES ~ User Name: georges ~ All Users Names: HomeGroupUser$, georges, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\georges\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\georges\AppData\Roaming\ ~ %Desktop% : C:\Users\georges\Desktop\ ~ %Favorites% : C:\Users\georges\Favorites\ ~ %LocalAppData% : C:\Users\georges\AppData\Local\ ~ %StartMenu% : C:\Users\georges\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 905 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.07/03/2014 - 01:08:30.) -- C:\Windows\System32\wininet.dll [2240000] [MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/6 Mes musiques (My Musics) : 2/2 (Modified) ~ Mes Videos (My Videos) : 2/45 ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 1/11 ~ Mon Bureau (My Desktop) : 2/19 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.392C496D80D57B6DA347148D3A4A1D11] - (.Pas de propriétaire - ChangeIcon MFC Application.) -- C:\Windows\SysWOW64\UMonit.exe [28672] [PID.3172] [MD5.17716C3DD52BF815291D80FAAF329AC7] - (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\Windows\jmesoft\hotkey.exe [118784] [PID.3680] [MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3748] [MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3396] [MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.3008] [MD5.254B28136B946880155025E40D150D3D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7875584] [PID.1944] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [georges]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\georges\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 1 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [UMonit] . (.Pas de propriétaire - ChangeIcon MFC Application.) -- C:\WINDOWS\SysWOW64\UMonit.exe O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Classic Start Menu] . (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Wow6432Node\Run: [jmekey] . (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\WINDOWS\jmesoft\hotkey.exe O4 - HKLM\..\Wow6432Node\Run: [jmesoft] . (...) -- C:\Windows\jmesoft\ServiceLoader.exe O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe O4 - HKLM\..\Wow6432Node\Run: [LVT] . (.Lenovo - Lenovo.) -- C:\Program Files\Lenovo\LVT\LJYZ.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{583BDA63-8B19-43F2-BF81-7AE2E3A91EEF}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{583BDA63-8B19-43F2-BF81-7AE2E3A91EEF}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe ~ Services: 13 Legitimates Filtered in 00mn 01s ---\\ Tâches planifiées en automatique (O39) O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] ~ Scheduled Task: 6 Legitimates Filtered in 00mn 04s ---\\ Logiciels installés (O42) O42 - Logiciel: FreeRide Games - (.Exent Technologies.) [HKLM][64Bits] -- {6C26A305-4549-4A8A-9F03-25719C03B0FB} ~ Logic: 21 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\Wow6432Node\AskPartnerNetwork] [HKLM\Software\Wow6432Node\Shortcut_Module] ~ Key Software: 224 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04/02/2014 - 19:58:14 - [] ----D C:\Program Files (x86)\AskPartnerNetwork O43 - CFD: 26/09/2013 - 05:26:45 - [] ----D C:\Program Files (x86)\FreeRide Games O43 - CFD: 04/02/2014 - 19:57:40 - [] ----D C:\ProgramData\APN O43 - CFD: 04/02/2014 - 19:58:14 - [] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 26/09/2013 - 05:26:51 - [] ----D C:\ProgramData\FreeRide Games O43 - CFD: 16/05/2014 - 22:52:01 - [] ----D C:\Users\georges\AppData\Roaming\ClassicShell O43 - CFD: 10/04/2014 - 01:16:52 - [] ----D C:\Users\georges\AppData\Local\AskPartnerNetwork ~ Program Folder: 140 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.5495D4F00A79C4C356574E072AD16026] - 16/05/2014 - 21:40:50 ---A- . (...) -- C:\Shortcut_Module_16_05_2014_22_40_50.txt [34399] ~ Files: 44 Legitimates Filtered in 00mn 39s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:06/07/2012 - 06:50:36 ---A- . (.GenesysLogic - GeneStor.) -- C:\Windows\System32\Drivers\GeneStor.sys [60928] O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] ~ Drivers: 46 Legitimates Filtered in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\Firefox.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.9C038759E5993C0B3BFD8F2192C12747] [SPRF][16/05/2014] (...) -- C:\Users\georges\Desktop\adwcleaner_3.208.exe [1325827] [MD5.73F8FD303C821566BCD6FC0C15C74D6F] [SPRF][16/05/2014] (.Pas de propriétaire - Shortcut_Module.) -- C:\Users\georges\Desktop\Shortcut_Module.exe [2560000] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{89FAA95F-37B8-471C-942F-9BF12D4C1F16}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\georges\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{658CD612-BCFB-4EC8-9E49-C6BBE07CB948}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\georges\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.B9DD25E962EBAF270D77820FD0B02781] [WIS][16/05/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\81b7d5.msi [813568] =>Adware.Bandoo ~ WIS: 1 Legitimates Filtered in 00mn 01s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira ~ BCK: 4912 Legitimates Filtered in 00mn 03s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 25/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Demand 06/05/2014 1663880 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 13/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 13/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 13/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe SR - | Auto 13/02/2014 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 30/01/2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 16/08/2011 32768 | (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe SR - | Auto 30/01/2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 24/05/2013 230408 | (NitroDriverReadSpool8) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe SR - | Auto 24/05/2013 70152 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\WINDOWS\SysWOW64\NLSSRV32.exe SR - | Auto 14/05/2013 390632 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13045 - (15/05/2014) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 2 [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ C:\Program Files (x86)\FreeRide Games =>Toolbar.FreeRide C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\FreeRide Games =>Toolbar.FreeRide C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Users\georges\AppData\Local\AskPartnerNetwork =>Toolbar.Ask C:\Windows\Installer\81b7d5.msi =>Adware.Bandoo^ [HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^ ~ Additionnel Scan: 200001 Items scanned in 00mn 14s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.byethost7.com/toolbar-ask =>Toolbar.Ask http://nicolascoolman.byethost7.com/adware-bandoo =>Adware.Bandoo ~ MSI: 2 link(s) detected in 00mn 00s ~ 592 Legitimates filtered by white list End of the scan (386 lines in 01mn 21s)(0)