[Résolu]fenetre de connexion orange s'ouvre sans que je sach Le sujet est résolu

[palerider]

Tu as désinstallé Spybot comme je te l'avais demandé ? Le résident peut gêner dans certains cas

En fait il doit rester des traces

[tuti]

je ne l'avais pas fait
mais je viens de le faire

pour que je dorme moins bete,
pourquoi préférer adwcleaner à spybot ?

[palerider]

je ne l'avais pas fait
mais je viens de le faire

pour que je dorme moins bete,
pourquoi préférer adwcleaner à spybot ?

Spybot est devenu obsolète tous les forums spécialisés en sécurité te le dirons, il vaut mieux utiliser Malwarebytes.

Awdcleaner est spécialisé pour certains types d'infections il vaut mieux en cas de doute faire un scan Awdcleaner + un scan Malwarebytes.

Ca ne sert à rien d'empiler les programmes de protection la preuve tu as spybot + windows defender + malwarebytes + antivirus et tu avais une tone d'infections !

Ce qui te protège le plus c'est de faire attention à ce que tu fais (quant tu installes des programmes gratuits penser a bien décocher les sponsors, ensuite le P2P, les c***ks et les keygens).
Pour résumer il te faut : un antivirus, un firewall et un anti malwares.

Maintenant pour que j'ai un rapport clair, refait un scan ZhpDiag s.t.p.

[tuti]

voilà
http://www.casimages.com/f.php?f=131111010101569431.txt" onclick="window.open(this.href);return false;

[palerider]

Oki,

Pour commencer :

• Télécharge OneClick 2 Restore Point (de Laddy) sur ton bureau.
• Double-cliquer dessus pour l'exécuter (Sous Windows Vista & Seven, faire un clique droit et choisir Exécuter en tant qu'administrateur).
• Entrer une description pour le point de restauration".
• Cliquer sur le bouton [Créer], puis sur le bouton [OK]. Patienter...

Ensuite,

Sélectionne et copie les lignes ci-dessous sans oublier la première ligne "Script ZHPFix"
-------------------------------------------------------------------------------------------------------------------------------------------------

Script ZHPFix
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll =>Trojan.FindFDSearch
O45 - LFCP:[MD5.CFA7FFC4C91A1DFBE160D9046795E931] - 09/11/2013 - 18:18:47 ---A- - C:\Windows\Prefetch\DEFAULTTABSTART.EXE-489031FA.pf =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] =>Trojan.FindFDSearch
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.2516]
O4 - GS\Accessories [lionel]: Run.lnk - Clé orpheline
[MD5.00000000000000000000000000000000] [APT] [{1300CFAE-F6E6-4962-B4BC-3722F8ACB350}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3FE518EF-77AB-4E77-B9B3-5C0ED8022155}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{41AE3E2C-0EC1-45A1-BE0B-6D841D2E4B17}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{87B6AFC0-6993-44FF-AEA3-0374804A5FE3}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CFAC465E-3D10-4EFC-899D-80764C374A6D}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F8DA6CDD-9405-402C-8EA4-8693094F26F8}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FA388010-B827-474C-B555-1ABEF58CA4E6}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
O43 - CFD: 11/11/2013 - 11:56:36 - [4,907] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 11/11/2009 - 15:52:00 - [0] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 11/11/2013 - 11:56:35 - [6,704] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 31/08/2013 - 09:59:27 - [0] ----D C:\Users\lionel\AppData\Local\calibre-cache
O45 - LFCP:[MD5.05E3ED3F2F718C59CFED42AC712E8120] - 08/11/2013 - 18:55:05 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.9AF3A468FF55ABAC92A4C61CC15785D7] - 09/11/2013 - 17:21:06 ---A- - C:\Windows\Prefetch\HPWUCLI.EXE-C018277F.pf
O45 - LFCP:[MD5.7C6365D80A0E94C2A77DA3C617FB9B38] - 09/11/2013 - 19:10:52 ---A- - C:\Windows\Prefetch\CISVC.EXE-596F21D8.pf
O45 - LFCP:[MD5.B003FF5CB3D4BAB21DD37AA4144FCA52] - 09/11/2013 - 19:10:52 ---A- - C:\Windows\Prefetch\MDNSRESPONDER.EXE-6FF6EB30.pf
O45 - LFCP:[MD5.BBF3C0413ED9A9882BDA17AFFD3652C5] - 10/11/2013 - 09:19:13 ---A- - C:\Windows\Prefetch\DSHTTPAPISERVICE.EXE-D7265833.pf
O45 - LFCP:[MD5.C0B0EB4EEF45441E524ABE1FC15B4FF0] - 10/11/2013 - 10:18:12 ---A- - C:\Windows\Prefetch\UNLOCK.EXE-95FB8DBD.pf
O45 - LFCP:[MD5.9388DC235689896689A10A879AD0C3F7] - 10/11/2013 - 15:44:55 ---A- - C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-17410B90.pf
O45 - LFCP:[MD5.80D700CD7D4ED05D9A65485FC7E25040] - 10/11/2013 - 19:56:07 ---A- - C:\Windows\Prefetch\TEATIMER.EXE-BFF02B54.pf
O45 - LFCP:[MD5.9814DFF5344DEF1B13293A4F597EDD62] - 11/11/2013 - 08:55:47 ---A- - C:\Windows\Prefetch\HWSETUP.EXE-EF4F79F8.pf
O45 - LFCP:[MD5.F11FAB2427AE7CC64E791BBC4E262FB6] - 11/11/2013 - 08:55:48 ---A- - C:\Windows\Prefetch\NLSSRV32.EXE-EE207E6D.pf
O45 - LFCP:[MD5.4B14CFAD770D37CA9B4749405F504539] - 11/11/2013 - 08:56:01 ---A- - C:\Windows\Prefetch\SMSVCHOST.EXE-ABBCD6E5.pf
O45 - LFCP:[MD5.048EE952DDE1A4193925152B01F1E0E3] - 11/11/2013 - 08:56:59 ---A- - C:\Windows\Prefetch\WDBACKUPENGINE.EXE-4EA450A3.pf
O45 - LFCP:[MD5.6390BC28E260C1BB21100D718979E2D4] - 11/11/2013 - 08:57:00 ---A- - C:\Windows\Prefetch\VMNETDHCP.EXE-0B74FBF1.pf
O45 - LFCP:[MD5.A1ADFD3A39B83ACB90D55D0F1DE13CE7] - 11/11/2013 - 08:57:44 ---A- - C:\Windows\Prefetch\KDBSYNC.EXE-0302F981.pf
O45 - LFCP:[MD5.DF11E17C76F60FFEDB13EB964BD96F95] - 11/11/2013 - 09:18:54 ---A- - C:\Windows\Prefetch\INSTUP.EXE-52AC782A.pf
O45 - LFCP:[MD5.32EEA4971A55CC4C3347D659730FE611] - 11/11/2013 - 11:03:06 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3211502705-3115567398-1147419632-1000.db
O45 - LFCP:[MD5.4DCC8441598BE401132B25C8CD73834E] - 11/11/2013 - 11:03:06 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3211502705-3115567398-1147419632-1000.db
O45 - LFCP:[MD5.D245EA9B3F90789826656C3681E591B3] - 11/11/2013 - 11:50:35 ---A- - C:\Windows\Prefetch\GETPOPUPINFO.EXE-F6BC6117.pf
O45 - LFCP:[MD5.B7FC279202433DE86A1B707FD217DFA2] - 11/11/2013 - 11:56:41 ---A- - C:\Windows\Prefetch\SDWINSEC.EXE-644A4D2D.pf
O45 - LFCP:[MD5.99B35A44C73D5391F2D1830D7436DDBE] - 11/11/2013 - 12:10:16 ---A- - C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_9_900_11-DB8AE4E9.pf
O45 - LFCP:[MD5.0CD3543B6B9E182D5B74E42A5D82EC61] - 11/11/2013 - 12:15:40 ---A- - C:\Windows\Prefetch\RIBBONS.SCR-9E2C8FF1.pf
O61 - LFC: 09/11/2013 - 12:16:19 R--A- . (...) -- C:\Users\lionel\AppData\Local\Temp\Le Collège Fou Fou Fou Box 2.torrent [31320]
O61 - LFC: 10/11/2013 - 12:16:18 ---A- . (...) -- C:\Users\lionel\AppData\Local\Temp\111k2ejr.0.cs [11074]
O61 - LFC: 10/11/2013 - 12:16:26 ---A- . (...) -- C:\Users\lionel\AppData\Local\Temp\preferences [0]
O61 - LFC: 10/11/2013 - 12:16:29 ---A- . (...) -- C:\Users\lionel\AppData\Local\Temp\~DFF0C9D4370F763F1D.TMP [393216]
O61 - LFC: 10/11/2013 - 12:16:29 R--A- . (...) -- C:\Users\lionel\AppData\Local\Temp\[Kaerizaki-Fansub] One Piece 620 VOSTFR HD (1280x720).mp4.torrent [11722]
O61 - LFC: 11/11/2013 - 12:16:18 R--A- . (...) -- C:\Users\lionel\AppData\Local\Temp\City Hunter.torrent [34512]
O61 - LFC: 11/11/2013 - 12:16:19 R--A- . (...) -- C:\Users\lionel\AppData\Local\Temp\GTO OST.torrent [15081]
O61 - LFC: 11/11/2013 - 12:16:19 R--A- . (...) -- C:\Users\lionel\AppData\Local\Temp\Great Teacher Onizuka Original Soundtrack 1.rar.torrent [12984]
O61 - LFC: 11/11/2013 - 12:16:19 R--A- . (...) -- C:\Users\lionel\AppData\Local\Temp\Great Teacher Onizuka Original Soundtrack 2.rar.torrent [12004]
C:\Users\lionel\Mes fichiers\fichier\ashampoo\LCD-Keygen.exe
C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\Keygen\KEYGEN.EXE
C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\WinImage\WINIMA81.EXE
C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\WinImage\WINIMA81.ZIP
C:\Users\lionel\Mes fichiers\fichier\ashampoo\LCD-Keygen.exe
C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\Keygen\KEYGEN.EXE
C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\WinImage\WINIMA81.EXE
C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\WinImage\WINIMA81.ZIP
[MD5.7D590B9FD3C94A32E89F0DD45C3EA7D3] [SPRF][08/02/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\LMkRstPt.exe [101616]
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.DB28CDACA7F801AE029763067F41C665] [SPRF][20/04/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\utt5978.tmp.bat [96]
[MD5.DB28CDACA7F801AE029763067F41C665] [SPRF][20/04/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\utt63C4.tmp.bat [96]
[MD5.81D497AC2D2F4B4152C02737A07799BB] [SPRF][02/05/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\utt6CE6.tmp.bat [96]
[MD5.14AC464403CBB0BD8E1CC2A1E07F6DA8] [SPRF][14/09/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttA39F.tmp.bat [96]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [SPRF][19/10/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttA5C1.tmp.bat [77]
[MD5.881F8D0B428E4FB52F936B7CB31044D6] [SPRF][19/10/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttB1F1.tmp.bat [96]
[MD5.81D497AC2D2F4B4152C02737A07799BB] [SPRF][02/05/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttE965.tmp.bat [96]
[MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][28/04/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790]
[MD5.06D5E5E952C61923C9D24C83E7FE1F45] [SPRF][14/07/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\vlc-2.0.7-win32.exe [22937227]
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][31/08/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252]
O87 - FAEL: "TCP Query User{A9B0B1FB-FA3F-4134-AABE-DB07CF6E27EC}F:\apps\outils\portablesynkron\synkron\synkron.exe" |In - Private - P6 - TRUE | .(...) -- F:\apps\outils\portablesynkron\synkron\synkron.exe (.not file.)
O87 - FAEL: "UDP Query User{B531BD91-C944-48AA-A019-DF1624813124}F:\apps\outils\portablesynkron\synkron\synkron.exe" |In - Private - P17 - TRUE | .(...) -- F:\apps\outils\portablesynkron\synkron\synkron.exe (.not file.)
O87 - FAEL: "{7AD31B6F-0365-4EE7-8E8B-C69FEA6C3B5C}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui40.exe (.not file.)
SR - | Demand 10/07/1658 0 | (WinRing0_1_2_0) . (...) - C:\Users\lionel\AppData\Local\Temp\tmpA025.tmp
EmptyFlash
EmptyTemp
EmptyCLSID


--------------------------------------------------------------------------------------------------------------------------------------------------

• Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista, Windows 7 ou Windows 8, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
• Clique sur le bouton Importer
  
• Les lignes précédemment copiées vont se coller d'elles-mêmes dans la fenêtre de ZHPFix (si ce n'est pas le cas, clic droit dans la fenêtre et Coller)
• Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".
• Clique sur le bouton GO pour lancer le nettoyage
• Clique sur Oui à la demande de confirmation de nettoyage des données
• Une boîte de dialogue va te demander si tu souhaites vider la corbeille : clique sur oui ou non selon ton choix. Si tu cliques sur Oui, le temps de nettoyage sera plus ou moins allongé
• Copie/colle la totalité du rapport qui s'ouvre dans le bloc-notes à la fin du nettoyage et colle-le dans ta prochaine réponse
• Le rapport se trouve aussi sous C:\ZHP\ZHPFix[RX].txt

[tuti]

je n'ai plus de place sur mon DDext
mais j'avais fait une sauvegarde hier

Attention dans la version actuel, Importer s'appelle Recherche

il y a bien un collage
mais rien qui s'ouvre avec "Go" ni "Oui"
le processus se lance tout seul

mais voilà le rapport

Spoiler : :

~ Rapport de ZHPDiag v2013.11.10.24 - Nicolas Coolman (10/11/2013)
~ Lancé par lionel (11/11/2013 13:57:23)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 25.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : BWX77
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v4.00 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4060 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 43 GB (22%) free of 186 GB

---\\ Mode de connexion au système
~ Computer Name: LIONEL-TOSH
~ User Name: lionel
~ All Users Names: lionel, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\lionel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lionel\AppData\Roaming\
~ %Desktop% : C:\Users\lionel\Desktop\
~ %Favorites% : C:\Users\lionel\Favorites\
~ %LocalAppData% : C:\Users\lionel\AppData\Local\
~ %StartMenu% : C:\Users\lionel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 115 Go of 186 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyMusic: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4200
~ Mes musiques (My Musics) : 2/1661
~ Mes Videos (My Videos) : 2/1521
~ Mes Favoris (My Favorites) : 1/123
~ Mes Documents (My Documents) : 2/46
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/55
~ Hidden Files: Scanned in 00mn 06s



---\\ Processus lancés
[MD5.BBFED9378719CF8E0C3DEDC979B5D649] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe [6203296] [PID.2500]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.2516]
[MD5.15795EA78FF814CCE9041BCE71CDB956] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\lionel\AppData\Roaming\uTorrent\uTorrent.exe [898904] [PID.2748] =>P2P.BitTorrent
[MD5.28A4F10C67C182843195CD2166F7D4E7] - (.PANTERASoft - Pas de description.) -- C:\Program Files (x86)\HDD Health\hddhealth.exe [3246944] [PID.1244]
[MD5.D8C4C99D7EC75433BFF4E6D4DAEA8805] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.3084]
[MD5.9D77E8A2EE92E9DAFAC88DEFCF6D777D] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304496] [PID.3616]
[MD5.2491B4F75BC229D4D33766F3A2A324D5] - (.Logitech, Inc. - Logitech Updater.) -- C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe [350488] [PID.4600]
[MD5.C0C065226B3FCF2878EEE13FD8033BB4] - (.Logitech, Inc. - Logitech Updater.) -- C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe [2063128] [PID.4740]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.5168]
[MD5.C5B2679B0AE204FDD0415199B7AFEF20] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088] [PID.3736]
[MD5.C0E392910782C2BB9A28C8538CC1E1A1] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.5888]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.5164]
[MD5.7C0704D4523BA671AFE6D028399942D3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3567800] [PID.2600]
[MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222208] [PID.6640]
[MD5.EF01D104449CC654FDCF423C92BD8846] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3780]
[MD5.5F4634A5F4629F2FC242C45F78F44668] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8201216] [PID.7024]
[MD5.4BE7EC02133544CDE7A580875E130208] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1312]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1724]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.1788]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.1676]
[MD5.5DC84FEF6A9050019678C30B1D01C8E8] - (...) -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760] [PID.2104]
[MD5.46FBEEBEBAED83EB6D774B9138536152] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [57344] [PID.3752]
[MD5.95EEC9F8FEB9D06872A433F058AB8E60] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [432752] [PID.4152]
[MD5.C5213CB145C80C10369752D8EE412914] - (.Western Digital Technologies, Inc. - WD Drive Service.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192] [PID.4316]
[MD5.777788D9B63CCEEEF2DB353BA4EDD454] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14904] [PID.4584]
[MD5.0FC29ADB3F634ED3E535A76395B470B5] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872] [PID.3484]
[MD5.82FF155BF3F16AFEF04A26045EFECECF] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [354416] [PID.3672]
[MD5.1A3F1BC1E48804867CA30469442DA00E] - (.Western Digital Technologies, Inc. - WD Backup Engine.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808] [PID.5144]
[MD5.D252C53BCDFC199BBA55EEB10CDB266E] - (.TOSHIBA CORPORATION - ConfigFree Gadget Process Service.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [42368] [PID.2796]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.7004]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\lionel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.google.com" onclick="window.open(this.href);return false;
~ Google Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\lionel\AppData\Roaming\Mozilla\Firefox\Profiles\31txxxr6.default\prefs.js
C:\Users\lionel\AppData\Roaming\Mozilla\Firefox\Profiles\d8eh0g2n.test\prefs.js
M2 - MFEP: prefs.js [lionel - 31txxxr6.default\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org] [] Page Zoom Buttons v1.1.5 (..)
M2 - MFEP: prefs.js [lionel - 31txxxr6.default\netvideohunter@netvideohunter.com] [] NetVideoHunter v1.1.5 (..)
M2 - MFEP: prefs.js [lionel - 31txxxr6.default\{03B08592-E5B4-45ff-A0BE-C1D975458688}] [] Toolbar Buttons v1.0 (..)
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 10s
~ Nombre de lignes (Lines number): 14849



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: calibre - E-book management.lnk . (...) -- C:\Program Files (x86)\Calibre2\calibre.exe
O4 - GS\Desktop [Public]: ComicRack.lnk . (...) -- C:\Program Files\ComicRack\ComicRack.exe
O4 - GS\Desktop [Public]: DraftSight x64.lnk . (.Flexera Software LLC - InstallShield.) -- C:\Windows\Installer\{3B12A1AA-A3FB-4047-9520-A8584425FF8F}\NewShortcut21_8693CCF9731C4DD9B4AEAE59063B04A4.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe
O4 - GS\QuickLaunch [lionel]: 1CLICK DVD COPY 5.lnk . (.LG Software Innovation - 1CLICK DVD COPY.) -- C:\Program Files (x86)\LG Software Innovations\1Click DVD Copy 5\1ClickDvdCopy.exe
O4 - GS\QuickLaunch [lionel]: DraftSight.lnk . (.Flexera Software LLC - InstallShield.) -- C:\Windows\Installer\{3B12A1AA-A3FB-4047-9520-A8584425FF8F}\NewShortcut31_F8E29BF1EB70468CB0249B43C7758D35.exe
O4 - GS\QuickLaunch [lionel]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [lionel]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [lionel]: Orbit.lnk . (...) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (.not file.)
O4 - GS\QuickLaunch [lionel]: USB Safely Remove.lnk . (.Crystal Rich Ltd - USB Safely Remove - an enhanced replacement.) -- C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
O4 - GS\QuickLaunch [lionel]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) -- C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
O4 - GS\QuickLaunch [lionel]: XnView.lnk . (.XnView, http://www.xnview.com" onclick="window.open(this.href);return false; - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe
O4 - GS\QuickLaunch [lionel]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lionel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [lionel]: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [lionel]: Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe =>.Mozilla Corporation
O4 - GS\Program [lionel]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [lionel]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [lionel]: Unlocker.lnk . (...) -- C:\Program Files (x86)\Unlocker\Unlocker.exe
O4 - GS\SendTo [lionel]: XnView.lnk . (.XnView, http://www.xnview.com" onclick="window.open(this.href);return false; - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe
O4 - GS\Desktop [lionel]: dBpowerAMP Music Converter.lnk . (.Illustrate - Music Converter Application.) -- C:\Program Files (x86)\Illustrate\dBpowerAMP\MusicConverter.exe
O4 - GS\Desktop [lionel]: dMC Audio CD Input.lnk . (.Illustrate - dBpoweramp CD Ripper.) -- C:\Program Files (x86)\Illustrate\dBpowerAMP\CDGrab.exe
O4 - GS\Desktop [lionel]: DVDStyler.lnk . (...) -- C:\Program Files (x86)\DVDStyler\bin\DVDStyler.exe
O4 - GS\Desktop [lionel]: everest.lnk . (.Lavalys, Inc. - EVEREST Corporate Edition.) -- C:\Program Files (x86)\Everest\everest.exe
O4 - GS\Desktop [lionel]: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [lionel]: Publisher.lnk . (...) -- C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop [lionel]: Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe =>.Mozilla Corporation
O4 - GS\Desktop [lionel]: Word.lnk . (...) -- C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
~ Global Startup: 96 Legitimates Filtered in 00mn 07s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HDDHealth.lnk . (.PANTERASoft - Pas de description.) -- C:\Program Files (x86)\HDD Health\hddhealth.exe
O4 - GS\Startup [lionel]: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Startup [lionel]: Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe =>.Mozilla Corporation
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - Pas de description.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe (.not file.)
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe (.not file.)
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (.not file.)
O4 - HKLM\..\Run: [Teco] C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe (.not file.)
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lionel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3211502705-3115567398-1147419632-1000\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-3211502705-3115567398-1147419632-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3211502705-3115567398-1147419632-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lionel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36F1C5D7-2205-4928-BB37-D4E0CF3C8B74}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36F1C5D7-2205-4928-BB37-D4E0CF3C8B74}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{36F1C5D7-2205-4928-BB37-D4E0CF3C8B74}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: HDDHealth (HDDHealth) . (...) - C:\Program Files (x86)\HDD Health\HDDHealthService.exe
O23 - Service: WD Drive Manager (WDDriveService) . (.Western Digital Technologies, Inc. - WD Drive Service.) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
~ Services: 25 Legitimates Filtered in 00mn 19s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1300CFAE-F6E6-4962-B4BC-3722F8ACB350}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3FE518EF-77AB-4E77-B9B3-5C0ED8022155}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{41AE3E2C-0EC1-45A1-BE0B-6D841D2E4B17}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78EAA9D0-D050-41DF-A3CD-A299653795F1}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7FBCB627-E2D6-4A88-A874-4C4BAB8A0889}] (...) -- C:\Users\lionel\Downloads\Pack_FR-uTorrent-2.2.1.exe (.not file.) [0] =>P2P.µTorrent
[MD5.00000000000000000000000000000000] [APT] [{87B6AFC0-6993-44FF-AEA3-0374804A5FE3}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CFAC465E-3D10-4EFC-899D-80764C374A6D}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F8DA6CDD-9405-402C-8EA4-8693094F26F8}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FA388010-B827-474C-B555-1ABEF58CA4E6}] (...) -- C:\Program Files (x86)\ShadSkinEditor SCDS1 4\ShadSkinEditor SCDS1.exe (.not file.) [0]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 21s



---\\ Logiciels installés (O42)
O42 - Logiciel: Network Meter version 9.1 - (...) [HKLM][64Bits] -- Network Meter_is1
O42 - Logiciel: USB Safely Remove 5.1 - (.SafelyRemove.com.) [HKLM][64Bits] -- USB Safely Remove_is1
~ Logic: 231 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/06/2010 - 17:02:31 - [0] ----D C:\Program Files (x86)\AtomTime Pro
O43 - CFD: 23/09/2012 - 12:56:24 - [0,218] ----D C:\Program Files (x86)\PCMeter
O43 - CFD: 05/07/2010 - 19:40:38 - [0,840] ----D C:\Program Files (x86)\SC-EOS-SkinEditor
O43 - CFD: 29/10/2012 - 19:06:19 - [11,334] ----D C:\Program Files (x86)\USB Safely Remove
O43 - CFD: 10/06/2010 - 18:13:39 - [0,039] ----D C:\ProgramData\1Click DVD Copy
O43 - CFD: 01/01/2010 - 11:07:03 - [0,873] ----D C:\Users\lionel\AppData\Roaming\igraal
O43 - CFD: 19/12/2009 - 15:59:56 - [1160,846] ----D C:\Users\lionel\AppData\Local\1Click DVD Copy
O43 - CFD: 24/12/2009 - 11:01:09 - [0] ----D C:\Users\lionel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MonIPfr
~ Program Folder: 329 Legitimates Filtered in 00mn 28s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{1044205e-2f41-11df-841e-002622301cc3}\AutoRun\command. (...) -- G:\WD SmartWare.exe (.not file.)
O51 - MPSK:{24ca0000-004b-11e0-9dac-002622301cc3}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{552acbb5-1d74-11df-8304-002622301cc3}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{f8b42e0e-860d-11e1-bf06-005056c00008}\AutoRun\command. (...) -- F:\USBAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 19/10/2013 - 10:25:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 13:48:56 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [7168]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/11/2013 - C:\Users\lionel\AppData\Local\Temp\tmpA025.tmp (WinRing0_1_2_0) .(...) - LEGACY_WINRING0_1_2_0
~ Legacy: 97 Legitimates Filtered in 00mn 01s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0349E179-C950-48BE-9470-0C99955E11A4} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {39E60CCE-CD97-4D2D-B824-1C72121967FD} - (eBay) - http://rover.ebay.com" onclick="window.open(this.href);return false; =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.BBDDDD5B4E9F336CEADD22FC54AD5420] [SPRF][31/10/2009] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][10/07/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\0h2dvkhl.dll [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][07/09/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\bz2sxmdt.dll [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][28/10/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\lklybtbd.dll [0]
[MD5.7D590B9FD3C94A32E89F0DD45C3EA7D3] [SPRF][08/02/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\LMkRstPt.exe [101616]
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\Quarantine.exe [350259]
[MD5.7E7EB7AFF595774E5E500B34058CC1A7] [SPRF][26/05/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\sfamcc00001.dll [192512]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][07/09/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\sofqmnzi.dll [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][31/08/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\tsrpncvm.dll [0]
[MD5.DB28CDACA7F801AE029763067F41C665] [SPRF][20/04/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\utt5978.tmp.bat [96]
[MD5.DB28CDACA7F801AE029763067F41C665] [SPRF][20/04/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\utt63C4.tmp.bat [96]
[MD5.03BCF1D196E7A6B6A00A0C84EE183D60] [SPRF][14/09/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\lionel\AppData\Local\Temp\utt6CD7.tmp.exe [1130576] =>P2P.BitTorrent
[MD5.81D497AC2D2F4B4152C02737A07799BB] [SPRF][02/05/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\utt6CE6.tmp.bat [96]
[MD5.24AEB20C4D857A431FE82AAC1A95C005] [SPRF][19/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\lionel\AppData\Local\Temp\utt761.tmp.exe [902736] =>P2P.BitTorrent
[MD5.14AC464403CBB0BD8E1CC2A1E07F6DA8] [SPRF][14/09/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttA39F.tmp.bat [96]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [SPRF][19/10/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttA5C1.tmp.bat [77]
[MD5.881F8D0B428E4FB52F936B7CB31044D6] [SPRF][19/10/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttB1F1.tmp.bat [96]
[MD5.81D497AC2D2F4B4152C02737A07799BB] [SPRF][02/05/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\uttE965.tmp.bat [96]
[MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][28/04/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790]
[MD5.06D5E5E952C61923C9D24C83E7FE1F45] [SPRF][14/07/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\vlc-2.0.7-win32.exe [22937227]
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][31/08/2013] (...) -- C:\Users\lionel\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252]
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][19/12/2009] (...) -- C:\Users\lionel\AppData\Roaming\inst.exe [99384]
~ Files: 26 Legitimates Filtered in 00mn 03s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{A595F1F0-9672-449D-BA6A-9633F5360D53}C:\program files (x86)\orbitdownloader\orbitnet.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\orbitdownloader\orbitnet.exe (.not file.)
O87 - FAEL: "UDP Query User{9299FE67-3DB8-4F6B-9E67-E967AA448981}C:\program files (x86)\orbitdownloader\orbitnet.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\orbitdownloader\orbitnet.exe (.not file.)
O87 - FAEL: "{7AD31B6F-0365-4EE7-8E8B-C69FEA6C3B5C}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui40.exe (.not file.)
O87 - FAEL: "{2F8D0D24-64CE-4D48-93AD-7B7B294CFAAF}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe
O87 - FAEL: "{8C7745F6-1C8E-412A-8252-2D1CABEC304B}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe
~ Firewall: 235 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8E01342194C733C44B2FC34FF383037B" . (.WD Quick View.) -- C:\Windows\Installer\{124310E8-7C49-4C33-B4F2-3CF43F3830B7}\icon.ico =>.Western Digital Technologies
~ Update Products: 255 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.924DEFA62B9B1E2A9301B57CA76B43FD] [WIS][31/08/2013] (.Kovid Goyal - calibre Installer.) -- C:\Windows\Installer\11bc5f.msi [52438016]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][17/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\138e45.msi [522752]
[MD5.7635859CF3C6F3B28118F21E1EF9BAA9] [WIS][04/09/2009] (.myphotobook GmbH - Photo-Service.) -- C:\Windows\Installer\b939.msi [28672]
~ WIS: 264 Legitimates Filtered in 00mn 37s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 29/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Auto 10/08/2009 248688 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 14/07/2009 42368 | (ConfigFree Gadget Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Auto 27/12/2012 123392 | (DraftSight API Service) . (.Dassault Systèmes.) - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
SS - | Demand 24/12/2011 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 30/05/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/05/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 08/03/2013 17760 | (HDDHealth) . (...) - C:\Program Files (x86)\HDD Health\HDDHealthService.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/11/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 08/02/2013 359664 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SR - | Auto 04/10/2013 2542416 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 02/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 25/03/2010 57344 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 11/05/2010 124368 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SR - | Demand 11/02/2011 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 05/08/2009 488800 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Auto 27/08/2009 251760 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 03/08/2009 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Demand 04/08/2009 826224 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 22/08/2011 79872 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
SR - | Auto 10/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 21/08/2011 846448 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 10/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 22/04/2013 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SR - | Auto 22/04/2013 270192 | (WDDriveService) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WinRing0_1_2_0) . (...) - C:\Users\lionel\AppData\Local\Temp\tmpA025.tmp
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 40s



---\\ Scan Additionnel (O88)
Database Version : 12993 - (10/11/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\lionel\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Users\lionel\AppData\Local\Temp\utt6CD7.tmp.exe =>P2P.BitTorrent^
C:\Users\lionel\AppData\Local\Temp\utt761.tmp.exe =>P2P.BitTorrent^
~ Additionnel Scan: 458722 Items scanned in 01mn 42s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... olbar-ebay" onclick="window.open(this.href);return false; =>Toolbar.eBay
~ MSI: 1 link(s) detected in 01mn 42s



~ 1601 Legitimates filtered by white list
End of the scan (510 lines in 04mn 58s)(0)

[palerider]

Là c'est le rapport ZHPDiag, c'est le résultat du fix qu'il me faut l’icône qui représente une seringue

[tuti]

oups dsl
j'avais pas vu

voici

Spoiler : :

Rapport de ZHPFix 2013.11.4.1 par Nicolas Coolman, Update du 03/11/2013
Fichier d'export Registre :
Run by lionel at 11/11/2013 14:27:52
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 05s)

========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
SUPPRIMÉ: Memory Process: C:\Users\lionel\Mes fichiers\fichier\ashampoo\LCD-Keygen.exe
SUPPRIMÉ: Memory Process: C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\Keygen\KEYGEN.EXE
SUPPRIMÉ: Memory Process: C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\WinImage\WINIMA81.EXE
SUPPRIMÉ: Memory Process: C:\Users\lionel\AppData\Local\Temp\LMkRstPt.exe
SUPPRIMÉ: Memory Process: C:\Users\lionel\AppData\Local\Temp\Quarantine.exe
SUPPRIMÉ: Memory Process: C:\Users\lionel\AppData\Local\Temp\vlc-2.0.6-win32.exe
SUPPRIMÉ: Memory Process: C:\Users\lionel\AppData\Local\Temp\vlc-2.0.7-win32.exe
SUPPRIMÉ: Memory Process: C:\Users\lionel\AppData\Local\Temp\vlc-2.0.8-win32.exe

========== Clés du Registre ==========
SUPPRIMÉ: CLSID BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
SUPPRIMÉ: Service: WinRing0_1_2_0

========== Valeurs du Registre ==========
SUPPRIMÉ: TCP Query User{A9B0B1FB-FA3F-4134-AABE-DB07CF6E27EC}F:\apps\outils\portablesynkron\synkron\synkron.exe
SUPPRIMÉ: UDP Query User{B531BD91-C944-48AA-A019-DF1624813124}F:\apps\outils\portablesynkron\synkron\synkron.exe
SUPPRIMÉ: {7AD31B6F-0365-4EE7-8E8B-C69FEA6C3B5C}

========== Eléments de donnée du Registre ==========
REMPLACÉ Value Start_ShowNetConn : Good (1) - Bad (0)

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichiers ==========
SUPPRIMÉ: c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
SUPPRIMÉ: c:\windows\prefetch\defaulttabstart.exe-489031fa.pf
SUPPRIMÉ: c:\windows\prefetch\ntosboot-b00dfaad.pf
SUPPRIMÉ: c:\windows\prefetch\hpwucli.exe-c018277f.pf
SUPPRIMÉ: c:\windows\prefetch\cisvc.exe-596f21d8.pf
SUPPRIMÉ: c:\windows\prefetch\mdnsresponder.exe-6ff6eb30.pf
SUPPRIMÉ: c:\windows\prefetch\dshttpapiservice.exe-d7265833.pf
SUPPRIMÉ: c:\windows\prefetch\unlock.exe-95fb8dbd.pf
SUPPRIMÉ: c:\windows\prefetch\devicedisplayobjectprovider.e-17410b90.pf
SUPPRIMÉ: c:\windows\prefetch\teatimer.exe-bff02b54.pf
SUPPRIMÉ: c:\windows\prefetch\hwsetup.exe-ef4f79f8.pf
SUPPRIMÉ: c:\windows\prefetch\nlssrv32.exe-ee207e6d.pf
SUPPRIMÉ: c:\windows\prefetch\smsvchost.exe-abbcd6e5.pf
SUPPRIMÉ: c:\windows\prefetch\wdbackupengine.exe-4ea450a3.pf
SUPPRIMÉ: c:\windows\prefetch\vmnetdhcp.exe-0b74fbf1.pf
SUPPRIMÉ: c:\windows\prefetch\kdbsync.exe-0302f981.pf
SUPPRIMÉ: c:\windows\prefetch\instup.exe-52ac782a.pf
SUPPRIMÉ: c:\windows\prefetch\aggluad_p_s-1-5-21-3211502705-3115567398-1147419632-1000.db
SUPPRIMÉ: c:\windows\prefetch\aggluad_s-1-5-21-3211502705-3115567398-1147419632-1000.db
SUPPRIMÉ: c:\windows\prefetch\getpopupinfo.exe-f6bc6117.pf
SUPPRIMÉ: c:\windows\prefetch\sdwinsec.exe-644a4d2d.pf
SUPPRIMÉ: c:\windows\prefetch\flashplayerplugin_11_9_900_11-db8ae4e9.pf
SUPPRIMÉ: c:\windows\prefetch\ribbons.scr-9e2c8ff1.pf
SUPPRIMÉ: c:\users\lionel\appdata\local\temp\le collège fou fou fou box 2.torrent
SUPPRIMÉ: c:\users\lionel\appdata\local\temp\111k2ejr.0.cs
SUPPRIMÉ: c:\users\lionel\appdata\local\temp\preferences
SUPPRIMÉ: c:\users\lionel\appdata\local\temp\~dff0c9d4370f763f1d.tmp
SUPPRIMÉ: c:\users\lionel\appdata\local\temp\[kaerizaki-fansub] one piece 620 vostfr hd (1280x720).mp4.torrent
SUPPRIMÉ:* c:\users\lionel\mes fichiers\fichier\ashampoo\lcd-keygen.exe
SUPPRIMÉ: C:\Users\lionel\Pictures\Nouveau dossier (2)\AUTRE\WinImage 8.10.8100 + Traduction FR + Keygen by ONY\WinImage\WINIMA81.ZIP
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\utt5978.tmp.bat
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\utt63C4.tmp.bat
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\utt6CE6.tmp.bat
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\uttA39F.tmp.bat
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\uttA5C1.tmp.bat
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\uttB1F1.tmp.bat
SUPPRIMÉ: C:\Users\lionel\AppData\Local\Temp\uttE965.tmp.bat
SUPPRIMÉS Flash Cookies (0) (0 octets)
SUPPRIMÉS Temporaires Windows (0) (0 octets)

========== Tache planifiée ==========
SUPPRIMÉ: {1300CFAE-F6E6-4962-B4BC-3722F8ACB350}
SUPPRIMÉ: {3FE518EF-77AB-4E77-B9B3-5C0ED8022155}
SUPPRIMÉ: {41AE3E2C-0EC1-45A1-BE0B-6D841D2E4B17}
SUPPRIMÉ: {87B6AFC0-6993-44FF-AEA3-0374804A5FE3}
SUPPRIMÉ: {CFAC465E-3D10-4EFC-899D-80764C374A6D}
SUPPRIMÉ: {F8DA6CDD-9405-402C-8EA4-8693094F26F8}
SUPPRIMÉ: {FA388010-B827-474C-B555-1ABEF58CA4E6}


========== Récapitulatif ==========
9 : Processus mémoire
2 : Clés du Registre
3 : Valeurs du Registre
1 : Eléments de donnée du Registre
1 : Dossiers
39 : Fichiers
7 : Tache planifiée


End of clean in 00mn 23s

========== Chemin de fichier rapport ==========
C:\Users\lionel\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/11/2013 14:27:58 [5090]

[palerider]

Oki,

Comment se comporte le pc ? et dans la foulée, un autre ZHPDiag

[tuti]

il va bien
j'ai retrouver le widget qui me manquer
pour mon instruction personnel,
peux tu m'expliquer les étapes :

zhpDiag pour un diagnostique
adwcleaner qui remplace spybot pour les spyware
malware pour les malware

mais le script pour zhpfix , qu'à il fait ?

pourrais je à l'avenir réaliser un script de correction comme celui fourni ?


je me pensais un peu proteger
mais je n'avais pas fait plus
les différents logiciel dates de mon surf cumuls sur 4 ans


http://www.casimages.com/f.php?f=131111032816649721.txt" onclick="window.open(this.href);return false;