Rapport de ZHPDiag v2013.4.18.101 par Nicolas Coolman, Update du 18/04/2013 Run by noële at 19/04/2013 15:11:50 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : WQD8Q Windows License : OK Windows Automatic Updates : OK ---\\ System Protection avast! Free Antivirus v8.0.1483.0 Malwarebytes Anti-Malware version 1.75.0.1300 Norton Internet Security v16.0.0.125 ---\\ System Optimizer CCleaner v3.20 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3068 MB (32% free) System Restore: Activé (Enable) System drive C: has 193 GB (67%) free of 288 GB ---\\ Logged in mode ~ Computer Name: PC-DE-NOËLE ~ User Name: noële ~ All Users Names: UpdatusUser, noële, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\noële\AppData\Roaming\ ~ %Desktop% : C:\Users\noële\Desktop\ ~ %Favorites% : C:\Users\noële\Favorites\ ~ %LocalAppData% : C:\Users\noële\AppData\Local\ ~ %StartMenu% : C:\Users\noële\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 193 Go of 288 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/11 ~ Mes musiques (My Musics) : 1/692 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 0/4 ~ Mes Documents (My Documents) : 1/103 ~ Mon Bureau (My Desktop) : 1/8 ~ Menu demarrer (Programs) : 0/55 ~ Hidden Files: Scanned in 00mn 02s ---\\ Processus lancés [MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.3788] [MD5.C18DAD67061885AE0D8BEA58726EA921] - (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688] [PID.3824] [MD5.F7CF218E5CAA6FC0BB55791AD31E2B3F] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [202032] [PID.3836] [MD5.8CB896C573FD15AE8B13180DA53E93D2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752] [PID.3880] [MD5.B236FE89F31893CDF6DB5A1DC6FCB369] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [450652] [PID.3904] [MD5.D610CDEDF1F702EB0A86B0FBD9BB49E5] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820520] [PID.4000] [MD5.72DE9723E5203A5C5D284C6D001A1D14] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\Launcher\Launcher.exe [717552] [PID.4072] [MD5.527F995C40417C0F4EBB74ACA98F915A] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe [90112] [PID.2776] [MD5.0D9F0763B213DF519012DF96F02E9633] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [81920] [PID.2964] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.3140] [MD5.30043A612F93B30CF086824701400BE5] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files\AVG Secure Search\vprot.exe [1219248] [PID.2324] =>Toolbar.AVGSearch [MD5.ABC9091B6D438381DBACFD1A82E0C0EA] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\systray\systrayapp.exe [282624] [PID.2872] [MD5.682DB04704A74F228A080B31003B6FC6] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe [974848] [PID.1740] [MD5.CAF2CCB6E9F5FDBE99EE8904EB9DC506] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe [495616] [PID.3852] [MD5.8E884B0A19679340BFFF5C157075D6B5] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe [53248] [PID.5252] [MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.5468] [MD5.8D07F0687318214A3CEF62EA1048D101] - (.Hewlett-Packard Development Company, L.P. - Module to process WiFi messages..) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.exe [316720] [PID.1868] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3744] [MD5.1EDC4865C8003A0251956835273904B1] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [685360] [PID.2928] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\noële\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.2272] [MD5.09E411E1DC92D813F49DFEEB4039CBCA] - (.Google - Google Talk Plugin.) -- C:\Users\noële\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [79384] [PID.5204] [MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.6136] [MD5.596C3DD487001E237CCE431EAE6F3EA0] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144] [PID.5708] [MD5.A778E395D5481138169D233AAE92757A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6861312] [PID.3800] [MD5.EB5A13F9139F20AD71ADF4BF79C3AA29] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.992] [MD5.2E3DB7DBC4D96949F4DA4383AA02AE72] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe [217170] [PID.1220] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1356] [MD5.C0BEB56ED79B59B7B33D0AA6C38A0BA6] - (.Hewlett-Packard Company - HpService.) -- C:\Windows\system32\Hpservice.exe [26168] [PID.1544] [MD5.C71F2B4D0151CFEDE5D405C5D60B6FCE] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864616] [PID.1576] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1996] [MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.276] [MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1904] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.2032] [MD5.827DBC22C96EECF6D36A13162FABAFD3] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [81920] [PID.1128] [MD5.B0C9FFF54F16DF2012F53A34736A0975] - (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632] [PID.2088] [MD5.2DFB151FD34DF104DAC0ADF070EDA83C] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [92216] [PID.2340] [MD5.ABF90FC5A127F481219B873C1B8DFC1C] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2444] [MD5.0D362785BEF9BDF5A6E1F4628D06716D] - (.Pas de propriétaire - STServices.) -- C:\Program Files\SMINST\BLService.exe [365952] [PID.2600] [MD5.805AE1F90C64758D19AAA001CF8CBA12] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734] [PID.2856] [MD5.BB313AE85EC95B7CB87FC5ED53F3A22B] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320] [PID.3248] [MD5.0C66E48654AFD8A6BCFBCE22E7FAB251] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096] [PID.3292] [MD5.E2CA898E105C3F2B62DB130F28C73322] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896] [PID.3316] =>Toolbar.AVGSearch [MD5.184C500CB9F69585F3FE85E1D2667CD8] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [751672] [PID.4576] [MD5.7795F8CEBC284A426B53F541E538695F] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [193840] [PID.6124] [MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.3304] [MD5.BE78357FB49759B79CCC01894BCFDDDB] - (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [126520] [PID.4804] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\noële\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\noële\AppData\Roaming\Mozilla\Firefox\Profiles\gji3cpa7.default\prefs.js (.not file.) C:\Users\noële\AppData\Roaming\Mozilla\Firefox\Profiles\rw8d7rkj.default\prefs.js (.not file.) C:\Users\noële\AppData\Roaming\Mozilla\Firefox\Profiles\szqn914x.default\prefs.js C:\Users\noële\AppData\Roaming\Mozilla\Firefox\Profiles\szqn914x.default\user.js M0 - MFSP: prefs.js [noële - szqn914x.default] http://isearch.avg.com P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (.AVG Technologies - npsitesafety.) -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll =>Toolbar.AVGSearch ~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} . (.ArcSoft, Inc. - ArcURLRecord Module.) -- C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: AOL Toolbar - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: (no name) - [HKLM]{265EEE8E-3228-44D3-AEA5-F7FDF5860049} Clé orpheline O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SmartMenu] . (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Orange Connection Kit.) -- C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\windows sidebar\sidebar.exe O4 - HKCU\..\Run: [orangeinside] . (...) -- C:\Users\noële\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\noële\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-2001441431-2361965922-2423994464-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\windows sidebar\sidebar.exe O4 - HKUS\S-1-5-21-2001441431-2361965922-2423994464-1000\..\Run: [orangeinside] . (...) -- C:\Users\noële\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe O4 - HKUS\S-1-5-21-2001441431-2361965922-2423994464-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\noële\AppData\Local\Google\Update\GoogleUpdate.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: AZR.lnk . (.DataNumen, Inc. - Pas de description.) -- C:\Program Files\AZR\AZR.exe O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Google Chrome (3).lnk . (.Google Inc. - Google Chrome.) -- C:\Users\noële\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: Advanced Uninstaller PRO 11.lnk . (.Innovative Solutions - Advanced Uninstaller.) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe O4 - GS\Desktop: Disk Cleanup.lnk . (.Microsoft Corporation - Gestionnaire de nettoyage de disque pour Wi.) -- C:\Windows\System32\cleanmgr.exe O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\noële\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: OpenOffice.org.lnk . (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe O4 - GS\Desktop: Traitement de texte Microsoft Works.lnk . (.Microsoft® Corporation - Microsoft® Works Word Processor.) -- C:\Windows\Installer\{3B160861-7250-451E-B5EE-8B92BF30A710}\WksWP.exe O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{618BBF21-303A-45C2-AEE8-023A95EFE6DD}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{618BBF21-303A-45C2-AEE8-023A95EFE6DD}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{618BBF21-303A-45C2-AEE8-023A95EFE6DD}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{618BBF21-303A-45C2-AEE8-023A95EFE6DD}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: (vToolbarUpdater15.0.0) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe =>Toolbar.AVGSearch O23 - Service: {55662437-DA8C-40c0-AADA-2C816A897A49} ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.Cyberlink Corp. - Pas de description.) - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl ~ Services: 19 Legitimates Filtered in 00mn 06s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ReclaimerUpdateFiles_noële.job [370] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ReclaimerUpdateXML_noële.job [366] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Registry Winner Schedule.job [404] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_noële.job [376] [MD5.884A69D4792AF25611934F0FE18F94C4] [APT] [Registry Winner Schedule] (.RegistryWinner.com.) -- C:\Program Files\Registry Winner\RegistryWinner.exe [7813360] [MD5.00000000000000000000000000000000] [APT] [{3CD99EA3-4DFB-4134-9E14-1480ED094161}] (...) -- C:\Program Files\Orange\Launcher\Launcher.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{40F796AA-DA78-4826-AF5E-34A72BBB0517}] (...) -- C:\Program Files\Orange\Launcher\Launcher.exe (.not file.) [0] ~ Scheduled Task: 29 Legitimates Filtered in 00mn 05s ---\\ Logiciels installés (O42) O42 - Logiciel: Advanced Zip Repair v1.8 - (...) [HKLM] -- Advanced Zip Repair v1.8 O42 - Logiciel: BESCHERELLE, Le dico des synonymes - (.Diagonal.) [HKLM] -- {FB3C7931-DFD8-4F09-85D7-C0AA9D2075F0} O42 - Logiciel: Registry Winner 6.3 - (.RegistryWinner.com.) [HKLM] -- Registry Winner_is1 O42 - Logiciel: Standard Edition - (.Encyclopaedia Britannica, Inc..) [HKLM] -- Standard Edition ~ Logic: 155 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AZR] [HKCU\Software\Diagonal] [HKCU\Software\digital publishing] [HKLM\Software\Britannica 7.0] [HKLM\Software\TSMSTV_Upgrade] [HKLM\Software\digital publishing] ~ Key Software: 233 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/09/2011 - 15:23:06 - [0,829] ----D C:\Program Files\AZR O43 - CFD: 12/05/2011 - 13:45:48 - [1318,580] ----D C:\Program Files\Britannica 7.0 O43 - CFD: 15/04/2011 - 21:38:24 - [5,762] ----D C:\Program Files\Diagonal O43 - CFD: 19/02/2011 - 14:53:58 - [-1484,601] ----D C:\Program Files\digital publishing O43 - CFD: 21/04/2012 - 20:00:02 - [14,012] ----D C:\Program Files\Registry Winner O43 - CFD: 10/01/2013 - 15:55:20 - [0,006] ----D C:\ProgramData\prolexisws O43 - CFD: 06/05/2011 - 14:02:52 - [33,621] ----D C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} O43 - CFD: 15/04/2011 - 21:38:39 - [0,121] ----D C:\Users\noële\AppData\Roaming\Diagonal O43 - CFD: 19/02/2011 - 15:48:02 - [0,099] ----D C:\Users\noële\AppData\Roaming\digital publishing O43 - CFD: 03/02/2013 - 11:20:23 - [0,032] ----D C:\Users\noële\AppData\Local\Temp(48) O43 - CFD: 12/05/2011 - 13:45:38 - [0,007] ----D C:\Users\noële\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Britannica 7.0 O43 - CFD: 19/02/2011 - 14:47:58 - [0,015] ----D C:\Users\noële\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\digital publishing ~ 4 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 232 Legitimates Filtered in 00mn 58s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.71F5CDE09BEB6945EAA79B170B28DFE9] - 19/04/2013 - 12:31:09 ---A- - C:\Windows\Prefetch\LIVEBOXUTILITIES.EXE-39FF901D.pf O45 - LFCP:[MD5.D156EB88D5F23623F0295CDC1C806F7E] - 26/03/2013 - 15:53:49 ---A- - C:\Windows\Prefetch\OLRSUBMISSION.EXE-1DADAD8F.pf O45 - LFCP:[MD5.83F720012C3FA5F76CACEDC49D4052CA] - 28/03/2013 - 17:53:53 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-86F774DE.pf O45 - LFCP:[MD5.B920F8DBD79E24A9EB6077AD7FE47A2C] - 28/03/2013 - 17:53:57 ---A- - C:\Windows\Prefetch\PDR.EXE-9084E397.pf O45 - LFCP:[MD5.CAD14D2FE25BF355DEF278D545BD84D5] - 28/03/2013 - 17:54:03 ---A- - C:\Windows\Prefetch\PDHANUMANSVR.EXE-C9AF27AC.pf ~ Prefetcher: 84 Legitimates Filtered in 00mn 02s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{7cd0455b-fa59-11e0-b0a9-00238b61f0c9}\AutoRun\command. (...) -- G:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\ROC_roc_ssl_v12 [Key] . (...) -- C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch ~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.CC1F1D3D70DC13C2C281488D347D4415] - 13/05/2011 - 17:57:20 ---A- . (.Hewlett-Packard Company - HP Accelerometer.) -- C:\Windows\System32\Drivers\Accelerometer.sys [35896] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 17/04/2013 - 14:40:52 ---A- C:\Users\noële\AppData\Local\AVG Secure Search\SiteSafety\l_2013_04_17_06_40_44.db [613968] =>Toolbar.AVGSearch O61 - LFC: 17/04/2013 - 14:48:07 ---A- C:\Users\noële\.recently-used.xbel [2703] O61 - LFC: 19/04/2013 - 12:30:45 ---A- C:\Users\noële\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk [3921] O61 - LFC: 19/04/2013 - 12:30:52 ---A- C:\Users\noële\AppData\Local\AVG Secure Search\SiteSafety\l_2013_04_19_04_30_36.db [613968] =>Toolbar.AVGSearch O61 - LFC: 19/04/2013 - 12:39:59 ---A- C:\Users\noële\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268315] O61 - LFC: 19/04/2013 - 13:33:27 ---A- C:\Users\noële\RACCOURCIS PROGRAMMES\AdwCleaner.exe [613083] O61 - LFC: 19/04/2013 - 14:13:54 ---A- C:\Users\noële\AppData\Local\Google\Chrome\User Data\Local State [27698] ~ 6 Fichiers temporaires (Temporary files) ~ Files: 196 Legitimates Filtered in 00mn 50s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\noële\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {2E4C7146-FEAE-4CC5-8C65-ED909144EE36} [DefaultScope] - (AOL Recherche) - http://slirsredirect.search.aol.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://rws.search.ke.voila.fr O69 - SBI: SearchScopes [HKCU] {91E89DD9-6220-4F21-A416-186CC567BB77} - (Kelkoo) - http://fr.kelkoopartners.net O69 - SBI: SearchScopes [HKCU] {93B8115B-FF23-40BC-BDED-33B52D5A517C} - (Yahoo!) - http://fr.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.A9A1A20E28D8BE8B22AA224CC1EE4882] [SPRF][26/07/2011] (...) -- C:\ProgramData\nvModes.dat [31871] [MD5.DA8D33A063272D4F30C1A12C10B692C6] [SPRF][08/12/2010] (...) -- C:\Users\noële\AppData\Local\d3d8caps.dat [552] [MD5.F65E6E4C0F394A6AF607F8DB1B6F92B7] [SPRF][29/09/2012] (...) -- C:\Users\noële\AppData\Local\d3d9caps.dat [7916] [MD5.7BDB6EE80ED4DBF12B64EAF3B72C0CA6] [SPRF][12/01/2013] (...) -- C:\Users\noële\AppData\Roaming\wklnhst.dat [16416] [MD5.AF59DE458776D6F5570047749588E460] [SPRF][19/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\noële\Desktop\ZHPDiag2.exe [5583119] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11580 - (18/04/2013) Clés trouvées (Keys found) : 30 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.Agent [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.Agent [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.Agent [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent C:\Program Files\AVG Secure Search =>Toolbar.AVGSearch C:\Program Files\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch C:\Users\noële\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch C:\Users\noële\AppData\LocalLow\AVG Secure Search =>Toolbar.AVGSearch ~ Additionnel: Scanned in 00mn 32s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1397C3BF8DFD90F4587D0CAAD902570F" . (.BESCHERELLE, Le dico des synonymes.) -- C:\Windows\Installer\{FB3C7931-DFD8-4F09-85D7-C0AA9D2075F0}\_6FEFF9B68218417F98F549.exe ~ Update Products: 124 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 17/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 02/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Demand 03/04/2008 193840 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SR - | Auto 24/08/2009 69632 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SS - | Demand 05/05/2008 165416 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe SR - | Auto 15/11/2010 126520 | (HP Health Check Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe SR - | Auto 14/10/2010 92216 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Demand 14/10/2010 751672 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 13/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Auto 09/06/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 02/10/2012 645992 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SS - | Auto 02/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 365952 | (Recovery Service for Windows) . (...) - C:\Program Files\SMINST\BLService.exe SR - | Auto 241734 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 03/06/2009 217170 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe SR - | Auto 296320 | (TVCapSvc) . (...) - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe SR - | Auto 116096 | (TVSched) . (...) - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe SR - | Auto 990896 | (vToolbarUpdater15.0.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe =>Toolbar.AVGSearch SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 26/09/2008 59376 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.Cyberlink Corp..) - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by noële at 19/04/2013 15:16:43 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1540 Legitimates filtered by white list End of the scan (572 lines in 04mn 52s)(0)