~ Report of ZHPDiag v2014.11.26.167 - Nicolas Coolman (26.11.2014) ~ Launched by lolafab (29.11.2014 15:51:45) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : Updated version. ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v10.0.9200.17148 GCIE: Google Chrome v39.0.2171.71 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows 8, 64-bit (Build 9200) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software AVG 2015 v15.0.5577 Malwarebytes Anti-Malware version 2.0.3.1025 Norton Internet Security v20.4.0.40 Windows Defender W8 (Deactivate) ---\\ System optimization software ---\\ Sharing software PeerToPeer ---\\ Surveillance software ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 12220.0 MB (74% free) System Restore: Activé (Enable) System drive C: has 848 GB (93%) free of 909 GB ---\\ Connection to the system mode ~ Computer Name: LOLA ~ User Name: lolafab ~ All Users Names: UpdatusUser, lolafab, Gast, Administrator, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\lolafab\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\lolafab\AppData\Roaming\ ~ %Desktop% : C:\Users\lolafab\Desktop\ ~ %Favorites% : C:\Users\lolafab\Favorites\ ~ %LocalAppData% : C:\Users\lolafab\AppData\Local\ ~ %StartMenu% : C:\Users\lolafab\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 848 Go of 909 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 21 Go) E: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 44 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows-Explorer.) (.09.11.2013 - 23:43:08.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Windows-Startanwendung.) (.26.07.2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.4E0BA41211B870111B8DE9B03B49C18E] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.26.10.2014 - 02:56:17.) -- C:\Windows\System32\wininet.dll [2237952] [MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.12.04.2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Softwarelizenzierungsbibliothek.) (.26.07.2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Treiber für zusätzliche WinSock-Funktionen.) (.29.05.2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26.07.2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26.07.2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26.07.2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26.07.2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.28.09.2013 - 06:51:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - i8042-Anschlusstreiber.) (.26.07.2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26.07.2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.14EE56050E1637926F5CFA65B1F4209B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12.07.2014 - 05:34:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404480] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26.07.2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.28.09.2013 - 07:26:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Treiber für parallelen Anschluss.) (.26.07.2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26.07.2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Geräte-Redirector für Microsoft RDP.) (.26.07.2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26.07.2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Volumeschattenkopie-Treiber.) (.09.11.2013 - 23:43:08.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes Favoris (My Favorites) : 1/6 ~ Mes Documents (My Documents) : 1/3 ~ Mon Bureau (My Desktop) : 1/17 ~ Menu demarrer (Programs) : 1/21 ~ Hidden Files: Scanned in 00mn 00s ---\\ Process running [MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368] [PID.3800] [MD5.EFC5D323E170D859F26E4666C885484E] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3695912] [PID.2224] [MD5.FC9095973170EB63BAB2A8554E5D25A5] - (.No owner - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073768] [PID.5360] [MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.5240] [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.5252] [MD5.0E84A5A8C621F733621B270C717B4379] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [249320] [PID.5800] [MD5.BD9B0E544F4D70E20781A00A27FF98E5] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904] [PID.984] [MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.5524] [MD5.30D312FB9F4CD0DB48884AC58841D420] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.5956] [MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.5544] [MD5.4312B4DD07050FC58146756634058CE8] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136] [PID.6104] [MD5.966FE904599B9A0F80EA498851180829] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344] [PID.4932] [MD5.2188063885A90823624D8090986713BF] - (.AVG Technologies CZ, s.r.o. - AVG Configuration Management Application.) -- C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe [332304] [PID.8764] [MD5.0E144293FBAECD79A045B336FA6C0F0D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770704] [PID.7724] [MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.5064] [MD5.17D0F31B84A09B648A662AD5C06B5600] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8132608] [PID.5576] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\lolafab\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome Extension Folder ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: eBay.ch.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe =>Toolbar.eBay ~ Global Startup: 2 Legitimates Filtered in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Kurznotizen.) -- C:\WINDOWS\system32\StikyNot.exe O4 - HKCU\..\RunOnce: [Uninstall C:\Users\lolafab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Windows-Befehlsprozessor.) -- C:\WINDOWS\system32\cmd.exe O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe ~ Application: Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{268846F6-8274-4FD2-9FF3-6F063A4ABE76}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 311.) - C:\Windows\system32\nvinitx.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.No owner - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe O23 - Service: (vToolbarUpdater18.1.10) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch ~ Services: 20 Legitimates Filtered in 00mn 12s ---\\ Task Planned Automatically (039) O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1118] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1122] O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForlolafab [350] ~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 14.11.2014 - 15:31:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection O43 - CFD: 14.11.2014 - 15:31:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services O43 - CFD: 26.07.2012 - 08:52:57 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 14.11.2014 - 15:28:44 - [] -SH-D C:\Users\lolafab\AppData\Local\Verlauf ~ Program Folder: 144 Legitimates Filtered in 00mn 00s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.74ACA27B3285B34B35A11A539B18405F] - 14.11.2014 - 17:25:30 ---A- . (...) -- C:\Windows\System32\spe__l.smt [357] O44 - LFC:[MD5.9A214019AE20DF7711C0DB8FF26783F7] - 14.11.2014 - 17:25:30 ---A- . (.No owner - UPD Co-Installer.) -- C:\Windows\System32\spe__ci.exe [158040] O44 - LFC:[MD5.FC21BF5A1667FC745FE53D05DA4CB8A2] - 14.11.2014 - 17:25:30 ---A- . (.SS - SSCoInst.) -- C:\Windows\System32\spe__ci.dll [89600] O44 - LFC:[MD5.0BF28DEE7BFB7F2D787756A2009AD5F8] - 14.11.2014 - 17:25:31 ---A- . (.No owner - Language Monitor for Status Monitor.) -- C:\Windows\System32\spe__l.dll [34304] O44 - LFC:[MD5.1C27CEECA7EAECC2A74C3D9D9DF68CA6] - 14.11.2014 - 17:27:07 ----- . (...) -- C:\Windows\uninstall.ico [26694] O44 - LFC:[MD5.FC6E1C59AF69E285BE6EA3AB55C405E2] - 14.11.2014 - 17:27:07 ----- . (.No owner - Printer Software Uninstaller.) -- C:\Windows\TotalUninstaller.exe [1571160] O44 - LFC:[MD5.C12CBBCFA32EB159E08B6F5751C231F0] - 14.11.2014 - 17:27:23 ---A- . (...) -- C:\Autoconfig.ini [72] O44 - LFC:[MD5.B6F423906D3E10BE38C16726C0905033] - 29.11.2014 - 11:32:54 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [388729] O44 - LFC:[MD5.7CA09731EB7FC99B910C7F239E57720F] - 29.11.2014 - 13:30:44 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752] ~ Files: 235 Legitimates Filtered in 00mn 01s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:13.02.2013 - 10:28:26 ---A- . (.No owner - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [21048] O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [21048] O58 - SDL:13.02.2013 - 10:28:28 ---A- . (.No owner - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46568] O58 - SDL:26.07.2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:05.02.2013 - 12:59:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [544768] O58 - SDL:29.11.2014 - 13:30:44 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752] ~ Drivers: 74 Legitimates Filtered in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {65D2F53C-15FF-4BE4-A4E0-09A3162351A9} - (Amazon Suchvorschläge) - http://www.amazon.de O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay ~ Keys: Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 22.03.2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 14.11.2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 14.11.2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 10.12.2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Auto 10.07.1658 0 | (vToolbarUpdater18.1.10) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe =>Toolbar.AVGSearch SS - | Demand 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Demand 28.09.2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 09.11.2014 1486664 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe SR - | Auto 09.11.2014 3488784 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe SR - | Auto 09.11.2014 298080 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe SR - | Auto 31.01.2013 1626872 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Demand 10.01.2013 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe SR - | Auto 07.02.2013 1641768 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe SR - | Auto 27.09.2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Demand 05.11.2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 01.03.2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 01.02.2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe SR - | Auto 10.04.2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 10.12.2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 22.02.2013 129848 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 13.02.2013 180200 | (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe SR - | Auto 22.02.2013 167736 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 22.02.2013 364856 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 21.05.2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe SR - | Auto 07.03.2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 07.03.2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 05.02.2013 332800 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Demand 07.01.2013 401856 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe SR - | Demand 10.07.1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe ~ Services: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13026 - (26.11.2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.10] =>Toolbar.AVGSearch^ ~ Additionnel Scan: 256421 Items scanned in 00mn 10s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Summary of the detections found on your workstation ~ MSI: 0 link(s) detected in 00mn 00s ~ 784 Legitimates filtered by white list End of the scan (378 lines in 00mn 39s)(0)