Rapport de ZHPDiag v2013.4.20.122 par Nicolas Coolman, Update du 20/04/2013 Run by Christian at 21/04/2013 12:51:31 State : WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 21.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : XM76F Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Kaspersky PURE 2.0 v12.0.2.733 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ System Optimizer CCleaner v4.00 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 15 Java 7 Update 21 ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4029 MB (52% free) System Restore: Activé (Enable) System drive C: has 414 GB (88%) free of 466 GB ---\\ Logged in mode ~ Computer Name: CHRISTIAN-PC ~ User Name: Christian ~ All Users Names: HomeGroupUser$, Christian, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Christian\AppData\Roaming\ ~ %Desktop% : C:\Users\Christian\Desktop\ ~ %Favorites% : C:\Users\Christian\Favorites\ ~ %LocalAppData% : C:\Users\Christian\AppData\Local\ ~ %StartMenu% : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 414 Go of 466 Go) D:\ CD-ROM drive (Not Inserted) E:\ Hard drive, Flash drive, Thumb drive (Free 262 Go of 451 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 15 Go of 15 Go) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) L:\ Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go) N:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 1 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.87A00ED70FEC36D0DD968E5058C29AA1] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/08/2010 - 10:37:49.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B8965FB53551B5455630A4B804D0791F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 07:04:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1655656] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/47 ~ Mes musiques (My Musics) : 1/12 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/20 ~ Mes Documents (My Documents) : 0/550 ~ Mon Bureau (My Desktop) : 3/19 ~ Menu demarrer (Programs) : 1/30 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.25306651A6252E8E84CB4B0E73E551AA] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2115416] [PID.2084] [MD5.4F17353DA4564D44EA81C6C954811946] - (.TomTom - MyTomTom.) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [436728] [PID.1764] [MD5.47CA2F039FDB67697EE60C260CB8083C] - (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3297280] [PID.3592] [MD5.531153A474B0EBF616F9B8A8F61191D5] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.3184] [MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3124] [MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.4224] [MD5.AEFC1353D0FB4E92A23CFB7E3372356D] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328] [PID.1728] [MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4448] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.808] [MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4868] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4952] [MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.5460] [MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.6080] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.5532] [MD5.7DC4759F1D9D590B3D1310F7DB43256C] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [101888] [PID.700] [MD5.FC23F9D6BCBF9C25563DEEB9AC2514F9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6919680] [PID.6072] [MD5.C4C4736DCE60276E9B0CB0FE3A848586] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184] [PID.916] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1608] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1640] [MD5.6E5B42219F1FE4A3D087D9D501E343D5] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992] [PID.1876] [MD5.7C35F557654ED9E65E3C0DEDC280F1B5] - (.SFR & Celliance - Service Windows SFR ABCd.) -- C:\Program Files (x86)\SFR\Gestionnaire de Connexion 3G SFR\SFRABCDService.exe [657536] [PID.2200] [MD5.3AD1E72748978D8B0B3B674741E4C3E2] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880] [PID.2636] =>Toolbar.AVGSearch [MD5.C5A75EB48E2344ABDC162BDA79E16841] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384] [PID.3680] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe O4 - HKCU\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe O4 - HKCU\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [googletalk] . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-2725115198-119000725-272072459-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-2725115198-119000725-272072459-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-21-2725115198-119000725-272072459-1001\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe O4 - HKUS\S-1-5-21-2725115198-119000725-272072459-1001\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe O4 - HKUS\S-1-5-21-2725115198-119000725-272072459-1001\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe O4 - GS\TaskBar: Centre de solutions HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe O4 - GS\TaskBar: Ciel Comptes personnels.lnk . (.Sage activité Ciel - Comptes Personnels.) -- C:\Program Files (x86)\Ciel\Comptes Personnels\WCP.exe O4 - GS\TaskBar: CréditCalc.lnk . (.- - Pas de description.) -- C:\Program Files (x86)\CréditCalc\CréditCalc.exe O4 - GS\TaskBar: Google Talk.lnk . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe O4 - GS\TaskBar: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Users\Christian\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe O4 - GS\QuickLaunch: 22find.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>Hijacker.22Find O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office 15\root\office15\outlook.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Desk 365.lnk . (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Microsoft Lync add-on [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.) O9 - Extra button: Clavier &virtuel [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\kbrd.ico O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Analyse des &liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{6D789C56-79FC-454D-9498-94A75483EAC3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F071300B-F54D-4B9A-8795-06016DB32BC8}: DhcpNameServer = 109.0.66.10 109.0.66.20 O17 - HKLM\System\CS1\Services\Tcpip\..\{6D789C56-79FC-454D-9498-94A75483EAC3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{F071300B-F54D-4B9A-8795-06016DB32BC8}: DhcpNameServer = 109.0.66.10 109.0.66.20 O17 - HKLM\System\CS2\Services\Tcpip\..\{6D789C56-79FC-454D-9498-94A75483EAC3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{F071300B-F54D-4B9A-8795-06016DB32BC8}: DhcpNameServer = 109.0.66.10 109.0.66.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.10 109.0.66.20 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (vToolbarUpdater14.2.0) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: 11 Legitimates Filtered in 00mn 11s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{8F4DC62B-6D1B-47B9-BC79-33CFAAD7C14E}] (...) -- C:\Users\Christian\Downloads\googletalk-setup-fr.exe (.not file.) [0] ~ Scheduled Task: 10 Legitimates Filtered in 00mn 04s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (RapportEI64) . (.Trusteer Ltd. - RapportEI.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys O41 - Driver: (RapportPG64) . (.Trusteer Ltd. - RapportPG64.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys ~ Drivers: 84 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Ciel Comptes personnels 11.0 - (.Ciel.) [HKLM][64Bits] -- {813C1CA9-618C-41BD-9949-0C27A070467E} O42 - Logiciel: CréditCalc 2.76 - (.Ludovic Lassalle.) [HKLM][64Bits] -- CréditCalc_is1 ~ Logic: 98 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Gmail Notifier] [HKLM\Software\HAL7600] [HKLM\Software\IB Updater] [HKLM\Software\WNLT] [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\V9] [HKLM\Software\Wow6432Node\deskSvc] ~ Key Software: 181 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 07/11/2012 - 16:49:12 - [0,141] ----D C:\Program Files (x86)\Calc_Fin_2006 O43 - CFD: 10/03/2013 - 14:10:16 - [13,737] ----D C:\Program Files (x86)\CapAlpha O43 - CFD: 07/11/2012 - 16:59:50 - [0,287] ----D C:\Program Files (x86)\CréditCalc O43 - CFD: 22/12/2012 - 11:36:22 - [12,220] ----D C:\Program Files (x86)\DFELIGHT O43 - CFD: 28/01/2013 - 12:07:33 - [2,055] ----D C:\Program Files (x86)\Gmail Notifier O43 - CFD: 20/04/2013 - 18:13:19 - [28,813] ----D C:\Program Files (x86)\Common Files\337 O43 - CFD: 22/12/2012 - 11:36:22 - [0,367] ----D C:\Users\Christian\AppData\Roaming\Devis_Facture_Express_Light_Datas O43 - CFD: 22/12/2012 - 10:53:22 - [0,001] ----D C:\Users\Christian\AppData\Roaming\Devis_Facture_Express_Light_User O43 - CFD: 20/01/2013 - 18:55:42 - [14,130] ----D C:\Users\Christian\AppData\Roaming\{c21fad24-c209-426a-92ac-d7516a9162d9} ~ Program Folder: 164 Legitimates Filtered in 00mn 15s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.22find.com =>Hijacker.22Find ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.A6B45AA8B5E354BF4FF29BC51C70DB79] [SPRF][25/12/2012] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Christian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{D40E3A3B-4D0B-4D98-A887-1A5B3AD47CC3}" | In - Public - P6 - TRUE | .(.SFR - Gestionnaire de connexion 3G.) -- C:\Program Files (x86)\SFR\Gestionnaire de Connexion 3G SFR\SFR_Dialer_3G.exe O87 - FAEL: "{AFEFAA2B-BF06-4971-85F7-AED2FCF4BAAE}" | In - Public - P17 - TRUE | .(.SFR - Gestionnaire de connexion 3G.) -- C:\Program Files (x86)\SFR\Gestionnaire de Connexion 3G SFR\SFR_Dialer_3G.exe ~ Firewall: 203 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11632 - (20/04/2013) Clés trouvées (Keys found) : 7 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKLM\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\Program Files (x86)\Common Files\337 =>Hijacker.22find ~ Additionnel Scan: 258940 Items scanned in 00mn 32s ---\\ Product Upgrade Codes (O90) O90 - PUC: "B6FDA45D46124934FA07728724E2D98D" . (..) -- C:\Windows\Installer\{D54ADF6B-2164-4394-AF70-2778422E9DD8}\ARPPRODUCTICON.exe ~ Update Products: 153 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 04/07/2012 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2012 202328 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 21/12/2009 743992 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe SS - | Auto 28/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 28/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 06/09/2012 170824 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 20/04/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 02/04/2013 1124184 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe SR - | Auto 05/11/2009 657536 | (ServiceSFRABCD) . (.SFR & Celliance.) - C:\Program Files (x86)\SFR\Gestionnaire de Connexion 3G SFR\SFRABCDService.exe SR - | Auto 968880 | (vToolbarUpdater14.2.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ~ 1109 Legitimates filtered by white list End of the scan (457 lines in 02mn 12s)(0)