~ Rapport de ZHPDiag v2013.12.26.23 - Nicolas Coolman (26/12/2013) ~ Lancé par patricia pagnoul (27/12/2013 08:36:34) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 (Defaut) GCIE: Google Chrome v31.0.1650.63 ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.2.286 COMODO Internet Security Premium v6.3.39949.2976 Microsoft Security Client v4.4.0304.0 ---\\ Logiciels d'optimisation du système CCleaner v4.08 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Adobe Reader XI ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 4 Stepping 3, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 511 MB (26% free) System Restore: Activé (Enable) System drive C: has 61 GB (39%) free of 153 GB ---\\ Mode de connexion au système ~ Computer Name: LAFAMILL-E96E32 ~ User Name: patricia pagnoul ~ All Users Names: SUPPORT_388945a0, patricia pagnoul, manuel exposito, HelpAssistant, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\patricia pagnoul\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\patricia pagnoul\Application Data\ ~ %Desktop% : C:\Documents and Settings\patricia pagnoul\Bureau\ ~ %Favorites% : C:\Documents and Settings\patricia pagnoul\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\patricia pagnoul\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 61 Go of 153 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 37 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.F8A2979A0A33389A1D2BA4C967F6EDD6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/10/2013 - 08:25:45.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/75456 ~ Mes musiques (My Musics) : 1/2 ~ Mes Videos (My Videos) : 0/0 ~ Mes Favoris (My Favorites) : 1/16 ~ Mes Documents (My Documents) : 2/75599 ~ Mon Bureau (My Desktop) : 0/30 ~ Menu demarrer (Programs) : 1/22 ~ Hidden Files: Scanned in 02mn 29s ---\\ Processus lancés [MD5.BB76C416AC9064F184A1C715179DE7A9] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4832192] [PID.144] [MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.204] [MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376] [PID.1076] [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.992] [MD5.33BE35574E1081A91EACD2B98E0A472A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640] [PID.1156] =>Toolbar.Ask [MD5.CBF3641DFEF37FEE125F456C3CA6218B] - (.AdTrustMedia - PrivDog Service.) -- C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480] [PID.1236] [MD5.0F41A0EC520934A82A2D4BF3FDB169A1] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1576152] [PID.1280] [MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1292] [MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.1628] =>Toolbar.Ask [MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.3488] [MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.1300] [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe [638816] [PID.3736] [MD5.1E9D4BD3851251B0F888745D50A23DFC] - (.Microsoft Corporation - Microsoft Help and Support Center.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe [769024] [PID.1860] [MD5.D68FF3EE79F7B01AA1D922FF5B439A16] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe [7022808] [PID.2724] [MD5.20A098A4D12E49342228D3AFE98EAFDF] - (.Microsoft Corporation - Windows Live Toolbar User Elevation Helper.) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe [223584] [PID.1700] [MD5.E5517D0908CA75EEF9633A93FF3F0408] - (.Microsoft Corporation - Microsoft Help Center Service.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe [744448] [PID.2328] [MD5.D8702D5999CD6BB517A129286E587A59] - (.APN LLC. - Service Locator.) -- C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe [115664] [PID.1192] =>Toolbar.Ask [MD5.D1F1CBD93DC3E33770CAA9E12C1E3344] - (.APN LLC. - Toolbar Core.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe [366032] [PID.964] =>Toolbar.Ask [MD5.FF4E23CF960482133C573A2C328944AA] - (.Microsoft Corporation - Application MFC WORDPAD.) -- C:\Program Files\Windows NT\Accessoires\wordpad.exe [221696] [PID.892] [MD5.870DF389D7676EDBB635141336A867C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8302080] [PID.3960] ~ Processes Running: Scanned in 00mn 06s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [cmaiofennmphjldldcpphcechfnnohja] PrivDog v.1.8.0.18, (Activé) ~ Google Browser: 14 Legitimates Filtered in 00mn 12s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@Microsoft.com/DownloadManager,version=1.1] - (...) -- (.not file.) ~ Firefox Browser: 7 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://skynet.be ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline ~ Toolbar: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Program [patricia pagnoul]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [patricia pagnoul]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [manuel exposito]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [manuel exposito]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation ~ Global Startup: 14 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [Synchronization Manager] . (.Microsoft Corporation - Gestionnaire de synchronisation Microsoft.) -- C:\WINDOWS\system32\mobsync.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O4 - HKLM\..\Run: [PrivDogService] . (.AdTrustMedia - PrivDog Service.) -- C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe O4 - HKLM\..\Run: [mobilegeni daemon] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe =>.Epson Seiko Corporation O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-854245398-527237240-725345543-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Application: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} . (.AdTrustMedia - PrivDog Extension.) -- C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} ((no name)) - http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{C21E15ED-E193-4F1D-9A93-F126C323F6A8}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{C21E15ED-E193-4F1D-9A93-F126C323F6A8}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{C21E15ED-E193-4F1D-9A93-F126C323F6A8}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpDomain = lan O17 - HKLM\System\CS3\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS3\Services\Tcpip\..\{C21E15ED-E193-4F1D-9A93-F126C323F6A8}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS3\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{4D40D1A7-2C5C-4BAD-A025-87E83B7676F5}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 01s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 7 Legitimates Filtered in 00mn 18s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job [440] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job [440] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job [440] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job [440] ~ Scheduled Task: 9 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKCU\Software\ForumerIT] =>Toolbar.Forumer [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\AskPartnerNetwork] ~ Key Software: 112 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 30/11/2013 - 23:09:43 - [12,780] ----D C:\Program Files\AskPartnerNetwork O43 - CFD: 04/12/2013 - 14:35:51 - [0] ----D C:\Program Files\BuzzSearch =>PUP.BuzzSearch O43 - CFD: 26/12/2013 - 14:52:51 - [20,292] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 30/11/2013 - 23:08:53 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN O43 - CFD: 30/11/2013 - 23:09:43 - [5,074] ----D C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork O43 - CFD: 07/12/2013 - 16:55:06 - [0] -SH-D C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 30/11/2013 - 23:11:17 - [0,360] ----D C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\AskPartnerNetwork ~ Program Folder: 101 Legitimates Filtered in 00mn 10s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/12/2013 - 11:06:35 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0] O44 - LFC:[MD5.E16534B1836CB9E80C3E80C27C2CAD5E] - 24/12/2013 - 13:09:39 ---A- . (...) -- C:\WINDOWS\ModemLog_Modem 56000 bps Standard.txt [5570] O44 - LFC:[MD5.6744E3802F636A9195480CA780D1292E] - 26/12/2013 - 12:29:23 ---A- . (...) -- C:\WINDOWS\wiadebug.log [216] O44 - LFC:[MD5.51CFCB795633F32C41A6782FDA9E3B2D] - 26/12/2013 - 12:29:24 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.95476A882730EB0108A8C3DFA75C04B7] - 26/12/2013 - 15:43:24 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [86690] O44 - LFC:[MD5.B8E1D955E4187C012D6DABCA1EEB3FE9] - 26/12/2013 - 15:51:36 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664] O44 - LFC:[MD5.8C5D98825C4A3F840290D3000BCBD751] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_BP.cfg [6347] O44 - LFC:[MD5.4522750EA97E574F092B463A5072F5D3] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_CF.cfg [6195] O44 - LFC:[MD5.3B085599D53A8E49A02B42316167791D] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_DU.cfg [6122] O44 - LFC:[MD5.87CC3262E60487AC2A7DF54E7A94405E] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_EN.cfg [13732] O44 - LFC:[MD5.D74F30976FC27C4134AC650747E141F6] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_ES.cfg [6103] O44 - LFC:[MD5.4522750EA97E574F092B463A5072F5D3] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_FR.cfg [6195] O44 - LFC:[MD5.5AF012AA8CF511EBA96E1FB620800406] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_GE.cfg [6335] O44 - LFC:[MD5.C97F01641F82529F811750CC8BA8F6BE] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_IT.cfg [6442] O44 - LFC:[MD5.EFBB67A52E13B74D9504C72A7FFBAC66] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_KO.cfg [5817] O44 - LFC:[MD5.8C5D98825C4A3F840290D3000BCBD751] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_PT.cfg [6347] O44 - LFC:[MD5.3310F4A726ABF152C54C6AEF9FF6A73C] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_RU.cfg [2889] O44 - LFC:[MD5.6CD8BBC5EFB7F458A8FE3AC3F566D48E] - 26/12/2013 - 16:01:33 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_SC.cfg [5436] O44 - LFC:[MD5.01BDBCEABF472323F62D879A7A2AACF9] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICLocal_TC.cfg [2426] O44 - LFC:[MD5.11CEF97EC383B4A9268CEBCAFDA1C0BF] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern1.dat [26154] O44 - LFC:[MD5.99B39A991604A09125A63D1F83A1668F] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern121.dat [27417] O44 - LFC:[MD5.C35D83EF6773F875E85A37CD389FC98A] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern131.dat [31053] O44 - LFC:[MD5.AED88E22D1F234668E0FF2F1C6D80AD1] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern2.dat [20148] O44 - LFC:[MD5.EA23048F088AAC681C4FE4EC051A8663] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern3.dat [24903] O44 - LFC:[MD5.DAEF4897E14EFB7050F7E0FC6887379F] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern4.dat [11811] O44 - LFC:[MD5.7124C6AA586A840A5AE1F2972D4F6E12] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern5.dat [21390] O44 - LFC:[MD5.E000BC718432CBB8F8AF9A2DD4EBCC59] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPattern6.dat [4943] O44 - LFC:[MD5.17252792B6016C58F15C9A04AC834147] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_BP.dat [1139] O44 - LFC:[MD5.EC10E010C637383D566C95CEA4307737] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_CF.dat [1129] O44 - LFC:[MD5.7C52CC8596D832C902FD194EBBB2CB2E] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_DU.dat [1146] O44 - LFC:[MD5.4843A0BA0A20A81373086ACCAD81725B] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_EN.dat [1104] O44 - LFC:[MD5.A40E9AED5BB4DF99EEC5C973DA0C0B42] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_ES.dat [1136] O44 - LFC:[MD5.EC10E010C637383D566C95CEA4307737] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_FR.dat [1129] O44 - LFC:[MD5.968070015D107F9353471E2CCA8F432E] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_GE.dat [1107] O44 - LFC:[MD5.1E58B11A525A5C324F4BCF86E62E1826] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_IT.dat [1120] O44 - LFC:[MD5.17252792B6016C58F15C9A04AC834147] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPresetData_PT.dat [1139] O44 - LFC:[MD5.7AA6FCF74FEA8DE3F1E71CF579E9BCB9] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\EPPICPrinterDB.dat [111932] O44 - LFC:[MD5.0F23634D5375EBC97A1D77838730A55D] - 26/12/2013 - 16:01:34 ---A- . (...) -- C:\WINDOWS\system32\PICSDK.ini [97] O44 - LFC:[MD5.A78BA837961CFFCEAEFB953DEC917506] - 27/12/2013 - 08:41:11 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sfi.dat [1474832] ~ Files: 83 Legitimates Filtered in 02mn 24s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.A6082B684C5CEFD24FC79BE7A4BBCA3C] - 26/12/2013 - 12:32:51 ---A- - C:\WINDOWS\Prefetch\TBNOTIFIER.EXE-2CFF45A3.pf O45 - LFCP:[MD5.F4DBF4FF20A7E93859D9373E42508CBB] - 26/12/2013 - 14:51:12 ---A- - C:\WINDOWS\Prefetch\UNINST.EXE-09B8D022.pf O45 - LFCP:[MD5.7CE044D56635351769D3B6C65FD7C5BE] - 26/12/2013 - 14:51:34 ---A- - C:\WINDOWS\Prefetch\NS97.TMP-02875F2C.pf O45 - LFCP:[MD5.FFC6D73EE52BE8CC20730DE75F5BFBBB] - 26/12/2013 - 14:51:35 ---A- - C:\WINDOWS\Prefetch\NS98.TMP-10DCB47F.pf O45 - LFCP:[MD5.CD115D792AE12C00033131C13001277F] - 26/12/2013 - 14:51:45 ---A- - C:\WINDOWS\Prefetch\NS99.TMP-28EED9C1.pf O45 - LFCP:[MD5.E337CD8A5A53FAB4779DC11A9B73C6E0] - 26/12/2013 - 14:51:45 ---A- - C:\WINDOWS\Prefetch\REGISTEREXTENSIONDOTNET20_X86-094E4779.pf O45 - LFCP:[MD5.B529F2D72A12271B570DF4BAE0E80729] - 26/12/2013 - 14:51:45 ---A- - C:\WINDOWS\Prefetch\UNREGISTEREXTENSIONS.EXE-37AAF980.pf O45 - LFCP:[MD5.EF21D6E1E6F2D4680E1752D8B6F8BD92] - 26/12/2013 - 14:57:51 ---A- - C:\WINDOWS\Prefetch\IS-UAI2B.TMP-04C1BE43.pf O45 - LFCP:[MD5.0584C0CE0DB10EC90E0D5CDA69FE9EB6] - 26/12/2013 - 15:05:25 ---A- - C:\WINDOWS\Prefetch\IS-4PR4D.TMP-0CEEFDED.pf O45 - LFCP:[MD5.3E6DF38032241DBE2D9ABBE1271C90DE] - 26/12/2013 - 15:39:29 ---A- - C:\WINDOWS\Prefetch\DAEMONPROCESS.EXE-038874F6.pf O45 - LFCP:[MD5.47AE15D2A7BD00E4DC9AA313869B01AC] - 27/12/2013 - 05:35:32 ---A- - C:\WINDOWS\Prefetch\WLTUSER.EXE-05A5B196.pf O45 - LFCP:[MD5.01B6D8E0D1B4270845811709D6F7FC0F] - 27/12/2013 - 05:36:23 ---A- - C:\WINDOWS\Prefetch\SERVICELOCATOR.EXE-16236344.pf O45 - LFCP:[MD5.147E35B40BBBA5B84DC6D7EA8CF05901] - 27/12/2013 - 05:38:50 ---A- - C:\WINDOWS\Prefetch\TOOLBAR.EXE-30242997.pf O45 - LFCP:[MD5.76F414BE0780DEE68CF2E380FCEA69FE] - 27/12/2013 - 06:23:27 ---A- - C:\WINDOWS\Prefetch\SET33.TMP-10FAB2E1.pf O45 - LFCP:[MD5.BCD5416C0AA58191A5601AC95F3989BF] - 27/12/2013 - 06:38:55 ---A- - C:\WINDOWS\Prefetch\MSEINSTALL ANTIVIRUS.EXE-3B4FF12D.pf O45 - LFCP:[MD5.7FA556B7AC87527F4CE7794F2BB2AD03] - 27/12/2013 - 07:53:55 ---A- - C:\WINDOWS\Prefetch\EPSON375867EU[1].EXE-00364C28.pf O45 - LFCP:[MD5.A23571D09D4865497EF28ECCACB023F4] - 27/12/2013 - 07:57:58 ---A- - C:\WINDOWS\Prefetch\WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf ~ Prefetcher: 127 Legitimates Filtered in 00mn 05s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/04/2008 - 11:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/04/2008 - 11:23:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/04/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/04/2008 - 11:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/04/2008 - 11:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/04/2008 - 11:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/04/2008 - 11:23:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/04/2008 - 11:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/04/2008 - 11:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 30/11/2013 - 23:04:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 5 Legitimates Filtered in 00mn 11s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 24/12/2013 - 08:43:13 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Application Data\Microsoft\IdentityCRL\production\MetaConfig.xml [163] O61 - LFC: 24/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [145] O61 - LFC: 24/12/2013 - 08:44:03 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [145] O61 - LFC: 24/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [8192] O61 - LFC: 24/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336] O61 - LFC: 24/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2 [8192] O61 - LFC: 24/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3 [8192] O61 - LFC: 24/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\index [262512] O61 - LFC: 24/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [32920] O61 - LFC: 24/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [15446] O61 - LFC: 24/12/2013 - 08:44:24 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage [3072] O61 - LFC: 24/12/2013 - 08:44:24 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal [3608] O61 - LFC: 24/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000055.ldb [145] O61 - LFC: 24/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000057.ldb [62693] O61 - LFC: 24/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [266] O61 - LFC: 24/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072] O61 - LFC: 26/12/2013 - 08:43:15 -SHA- . (...) -- C:\Documents and Settings\patricia pagnoul\Application Data\Microsoft\Internet Explorer\Desktop.htt [2724] O61 - LFC: 26/12/2013 - 08:43:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Bureau\DxDiag.txt [33935] O61 - LFC: 26/12/2013 - 08:43:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Bureau\EVEREST Home Edition.lnk [767] O61 - LFC: 26/12/2013 - 08:43:41 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [377118] O61 - LFC: 26/12/2013 - 08:44:01 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [266549] O61 - LFC: 26/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [53248] O61 - LFC: 26/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384] O61 - LFC: 26/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session [179951] O61 - LFC: 26/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs [550] O61 - LFC: 26/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16] O61 - LFC: 26/12/2013 - 08:44:02 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [145] O61 - LFC: 26/12/2013 - 08:44:03 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000031.ldb [303] O61 - LFC: 26/12/2013 - 08:44:03 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16] O61 - LFC: 26/12/2013 - 08:44:03 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [766] O61 - LFC: 26/12/2013 - 08:44:03 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000028 [900] =>.Google Inc O61 - LFC: 26/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [98304] O61 - LFC: 26/12/2013 - 08:44:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384] O61 - LFC: 26/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\History [151552] O61 - LFC: 26/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [31881] O61 - LFC: 26/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384] O61 - LFC: 26/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage [1911808] O61 - LFC: 26/12/2013 - 08:44:23 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal [16384] O61 - LFC: 26/12/2013 - 08:44:24 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [79872] O61 - LFC: 26/12/2013 - 08:44:24 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384] O61 - LFC: 26/12/2013 - 08:44:24 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [18432] O61 - LFC: 26/12/2013 - 08:44:24 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [4640] O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [107947] O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000060.ldb [66714] O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16] O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [266] O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000059 [201] =>.Google Inc O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288] O61 - LFC: 26/12/2013 - 08:44:25 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [12824] O61 - LFC: 26/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3 [221184] O61 - LFC: 26/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3-journal [16384] O61 - LFC: 26/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [1902] O61 - LFC: 26/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [77824] O61 - LFC: 26/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Local State [49314] O61 - LFC: 26/12/2013 - 08:44:26 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\lockfile [0] O61 - LFC: 26/12/2013 - 08:44:28 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [9888844] O61 - LFC: 26/12/2013 - 08:44:28 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1703176] O61 - LFC: 26/12/2013 - 08:44:28 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144] O61 - LFC: 26/12/2013 - 08:44:28 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [2576] O61 - LFC: 26/12/2013 - 08:44:28 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135440] O61 - LFC: 26/12/2013 - 08:44:29 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [1077052] O61 - LFC: 26/12/2013 - 08:44:29 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19504] O61 - LFC: 26/12/2013 - 08:44:29 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6908] O61 - LFC: 26/12/2013 - 08:48:16 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Mes documents\Downloads\vinyl_v700b.zip [7288855] O61 - LFC: 26/12/2013 - 10:03:59 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Recent\DxDiag.lnk [499] O61 - LFC: 27/12/2013 - 08:43:21 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Application Data\ZHP\Log.txt [20338] =>.Nicolas Coolman O61 - LFC: 27/12/2013 - 08:43:21 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Application Data\ZHP\TestsZHPDiag.txt [3480] =>.Nicolas Coolman O61 - LFC: 27/12/2013 - 08:43:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman O61 - LFC: 27/12/2013 - 08:43:22 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman O61 - LFC: 27/12/2013 - 08:43:27 -SHA- . (...) -- C:\Documents and Settings\patricia pagnoul\IECompatCache\index.dat [16384] O61 - LFC: 27/12/2013 - 08:43:27 -SHA- . (...) -- C:\Documents and Settings\patricia pagnoul\IETldCache\index.dat [262144] O61 - LFC: 27/12/2013 - 08:44:34 -SHA- . (...) -- C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-854245398-527237240-725345543-1004\Credentials [12138] O61 - LFC: 27/12/2013 - 10:03:58 -SHA- . (...) -- C:\Documents and Settings\patricia pagnoul\PrivacIE\index.dat [655360] O61 - LFC: 27/12/2013 - 10:03:59 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Recent\EPSON.lnk [650] O61 - LFC: 27/12/2013 - 10:03:59 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Recent\EpsonScan.lnk [674] O61 - LFC: 27/12/2013 - 10:03:59 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\Recent\EpsonScan_1.lnk [684] O61 - LFC: 27/12/2013 - 10:04:00 ---A- . (...) -- C:\Documents and Settings\patricia pagnoul\UserData\index.dat [32768] ~ 76 Fichiers temporaires (Temporary files) ~ 56 Fichiers cookies (Cookies files) ~ Files: 477 Legitimates Filtered in 20mn 49s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 20/12/2013 - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (APNMCP) .(.APN LLC. - APN Updater.) - LEGACY_APNMCP =>Toolbar.Ask ~ Legacy: 126 Legitimates Filtered in 00mn 04s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.5785D4CF90ADEC279BDDCAF7D240587C] [SPRF][02/12/2013] (.EaseUS - EaseUS Data Recovery Wizard 7.0 Setup.) -- C:\Documents and Settings\patricia pagnoul\Bureau\drw_free.exe [4980016] [MD5.E5DB2210D0C8C7EAB9928F5A6A56AD9F] [SPRF][30/11/2013] (...) -- C:\Documents and Settings\patricia pagnoul\Bureau\windows-xp-service-pack3.exe [651976] ~ Files: 5 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "25946514D2147365007A7A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira ~ Update Products: 36 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.4D66B69EAC9C237222F1370BE6D1BBBC] [WIS][23/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\714cf.msi [809472] =>Toolbar.Avira ~ WIS: 37 Legitimates Filtered in 00mn 06s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 27/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 24/09/2013 131288 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 03/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 03/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 30/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 19/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe SR - | Auto 20/12/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask SR - | Auto 20/10/2013 4832192 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe ~ Services: Scanned in 00mn 09s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 13s ---\\ Scan Additionnel (O88) Database Version : 13013 - (26/12/2013) Clés trouvées (Keys found) : 6 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 6 [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ C:\Program Files\BuzzSearch =>PUP.BuzzSearch^ C:\Program Files\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files\AskPartnerNetwork =>Toolbar.Ask C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork =>Toolbar.Ask C:\Documents and Settings\patricia pagnoul\Local Settings\Application Data\AskPartnerNetwork =>Toolbar.Ask C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^ C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^ C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe =>Toolbar.Ask^ C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe =>Toolbar.Ask^ [HKCU\Software\ForumerIT] =>Toolbar.Forumer^ C:\Windows\Installer\714cf.msi =>Toolbar.Avira^ ~ Additionnel Scan: 115457 Items scanned in 00mn 49s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/36784739-pup-buzzsearch =>PUP.BuzzSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox ~ MSI: 7 link(s) detected in 00mn 49s ~ 1365 Legitimates filtered by white list End of the scan (651 lines in 30mn 49s)(0)