FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par Tavenaux
#61553
~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman  (11/09/2013)
~ Lancé par julien tavenaux (13/09/2013 15:31:33)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v29.0.1547.66 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6CJ97
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
McAfee Security Scan Plus v3.0.318.3

---\\ Logiciels d'optimisation du système
CCleaner v3.27  =Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMulev0.48a.-MorphXTv10.5

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4 - Français
Java 7 Update 9

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 75 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 76 GB (52%) free of 146 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-JULIENTAV
~ User Name: julien tavenaux
~ All Users Names: UpdatusUser, julien tavenaux, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\julien tavenaux\AppData\Roaming\
~ %Desktop% : C:\Users\julien tavenaux\Desktop\
~ %Favorites% : C:\Users\julien tavenaux\Favorites\
~ %LocalAppData% : C:\Users\julien tavenaux\AppData\Local\
~ %StartMenu% : C:\Users\julien tavenaux\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 76 Go of 146 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 142 Go of 145 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6839F14A2507D9273BD13565DD880377] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 03:26:10.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.19/01/2008 - 06:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/78
~ Mes musiques (My Musics) : 1/11
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 1/403
~ Mon Bureau (My Desktop) : 2/1698
~ Menu demarrer (Programs) : 1/37
~ Hidden Files:  Scanned in 00mn 08s



---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe   [1008184] [PID.2680]
[MD5.A503A47A5E7EA8024379A8CC6059B74A] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe   [3784704] [PID.3424]
[MD5.201F07F6E5E08B41B5BCC2AB3D339ECC] - (...) -- C:\Windows\System32\SysMonitor.exe   [319488] [PID.3400]
[MD5.B776DFE408E415AA901030C022EEB7DA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe   [1821472] [PID.1580]
[MD5.0921A68E8FE9B25DD0EFFAB949376B5F] - (.HiTRUST - eDataSecurity System Loader( Load and prepa.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe   [464168] [PID.2412]
[MD5.FC9F5C5D87D0A6D1E10773D20CB3C3EF] - (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files\QuickTime\qttask.exe   [77824] [PID.3940]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.1180]
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [946352] [PID.2148]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [252848] [PID.3848]
[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe   [152544] [PID.4076]
[MD5.8A3CEB8D00E8947BDAF411B34C082ADA] - (.OLYMPUS IMAGING CORP. - resident module.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe   [57344] [PID.3400]
[MD5.99528AC475755A70F130E4F5B956A395] - (...) -- C:\Program Files\Free Download Manager\FUM\fumoei.exe   [40960] [PID.3108]
[MD5.374878A85C70346867BCC80496F03354] - (.Adobe Systems, Inc. - Adobe Bridge.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe   [13145448] [PID.4040]
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe   [272248] [PID.3892]
[MD5.24E15254C0E05C773360314A0D0B57BC] - (.Acer Inc. - Acer Empowering Techonology Framework Launc.) -- C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.exe   [319488] [PID.1628]
[MD5.C97B42E99BB79847372CBDAE51CE5E78] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.exe   [393216] [PID.3464]
[MD5.8726802EA4FBFFA3FD54FD2449BF51D4] - (.Google Inc. - Google Crash Handler.) -- C:\Users\julien tavenaux\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe   [217992] [PID.4192]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Users\julien tavenaux\AppData\Local\Google\Chrome\Application\chrome.exe   [829392] [PID.4700]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe   [69120] [PID.5924]
[MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7946240] [PID.5976]
[MD5.31B8835B003CAA6D31BEAD83DDBF98E5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\Windows\system32\nvvsvc.exe   [634656] [PID.940]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe   [3408896] [PID.1276]
[MD5.1ED58DA041A992EEEC934290508B6B71] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe   [865056] [PID.1508]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [46808] [PID.1832]
[MD5.F720502AAA03FAB627A96E5EAADAA28D] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe   [424104] [PID.1888]
[MD5.6FF3CFB85B18C032AF8F242498DFC8D9] - (.Wsys Co., Ltd. - Wsys Control 10.2.1.2612.) -- C:\ProgramData\eSafe\eGdpSvc.exe   [303680] [PID.1972]  =PUP.eSafeSecurity
[MD5.23A1768E026A0FE499363E60151939B7] - (.Pas de propriétaire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe   [24576] [PID.2068]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [55184] [PID.2124]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe   [390504] [PID.2164]
[MD5.F87DDE13D57062DA8EBA2368667D8130] - (.HiTRSUT - eDataSecurity Service.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe   [457512] [PID.2304]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe   [61440] [PID.2428]
[MD5.92F67D3F0650CE18F0A4A385DD01C697] - (...) -- C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.exe   [28672] [PID.2508]
[MD5.A76CDDB6D1F25797843E2557A2118E2E] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe   [143360] [PID.2564]
[MD5.B1691AF4A072CB674D600DB16DD7308E] - (.Rocket Division Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe   [275968] [PID.2644]
[MD5.F841F6ED752CC5F346039D5551931A7B] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe   [45056] [PID.2804]
[MD5.F935E817409F78FA50C5921DB39124B3] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe   [1259296] [PID.3392]
[MD5.E8A39D41474BE42FD8830CED32932D6C] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe   [553440] [PID.5364]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\julien tavenaux\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.5.8, (Désactivé)
~ Google Browser: 13 Legitimates Filtered in 00mn 08s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\julien tavenaux\AppData\Roaming\Mozilla\Firefox\Profiles\lcb7mawi.default\prefs.js
M3 - MFPP: Plugins - [julien tavenaux] -- C:\Program Files\Mozilla FireFox\searchplugins\delta-homes.xml  =Toolbar.DeltaSearch
M0 - MFSP: prefs.js [julien tavenaux - lcb7mawi.default] http://www.delta-homes.com  =Toolbar.DeltaSearch
M2 - MFEP: prefs.js [julien tavenaux - lcb7mawi.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com] [] Plus-HD-2.2 v (..)  =Adware.PlusHD
M2 - MFEP: prefs.js [julien tavenaux - lcb7mawi.default\fr@dictionaries.addons.mozilla.org] [] Dictionnaire HunSpell en Français (réforme 1990) v2.0 (..)
M2 - MFEP: prefs.js [julien tavenaux - lcb7mawi.default\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(134)] [] FlashGot v1.1.7.2 (..)
M2 - MFEP: prefs.js [julien tavenaux - lcb7mawi.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.1.20110512W (..)  =Toolbar.Google
M2 - MFEP: prefs.js [julien tavenaux - lcb7mawi.default\{3112ca9c-de6d-4884-a869-9855de68056c}(117)] [] Google Toolbar for Firefox v3.1.20081127W (..)  =Toolbar.Google
M2 - MFEP: prefs.js [julien tavenaux - lcb7mawi.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.5.9.20130409112616 (..)  =Toolbar.Yahoo
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\common\npyaxmpb.dll (.not file.)  =Toolbar.Yahoo
~ Firefox Browser: 39 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com  =Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com  =Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com  =Toolbar.DeltaSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 6879



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - [HKLM]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - Windows Live Toolbar for Internet Explorer.) -- C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{144A6B24-0EBC-4D89-BF09-A06A718E57B5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.)  -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: ESDX6000_CX5900 Guide util..lnk . (...)  -- C:\Program Files\epson\TPMANUAL\ESDX6000_CX5900\USE_G\INDEX.HTM
O4 - GS\Desktop [Public]: GesTournois.lnk . (.Indépendant - Gestion des tournois et coupes de football.)  -- C:\GesTournois\GesTournois.exe
O4 - GS\Desktop [Public]: GIMP 2.lnk . (...)  -- C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.)  -- C:\Program Files\McAfee Security Scan\3.0.318\mcuicnt.exe
O4 - GS\Desktop [Public]: Mio µµ°¸¾«Áé.lnk . (...)  -- C:\Program Files\Mio Technology\Mio Transfer\MioTransfer.exe
O4 - GS\Desktop [Public]: Need For Speed World.lnk . (.Electronic Arts Inc - NFSW Launcher.)  -- C:\Program Files\Electronic Arts\Need For Speed World\GameLauncher.exe
O4 - GS\Program [Public]: Mio µµ°¸¾«Áé.lnk . (...)  -- C:\Program Files\Mio Technology\Mio Transfer\MioTransfer.exe
O4 - GS\Program [Public]: Shortcut to securitoo_controle_parental.exe.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.)  -- C:\Program Files\Securitoo\Contrôle Parental\securitoo_controle_parental.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Centre de mobilité Windows.)  -- C:\Windows\System32\mblctr.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...)  -- C:\Windows\System32\taskschd.msc
O4 - GS\QuickLaunch [julien tavenaux]: eMule MorphXT.lnk . (.http://emulemorph.sourceforge.net - eMule.)  -- C:\Program Files\eMule\emule.exe
O4 - GS\QuickLaunch [julien tavenaux]: Plus de 200 000 Cliparts et Photos.lnk . (.Hemera Technologies Inc.  www.hemera.com - GraphicsDesk.)  -- C:\Program Files\Micro Application\Plus de 200 000 Cliparts et Photos\GraphicsDesk.exe
O4 - GS\Program [julien tavenaux]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com  =Toolbar.DeltaSearch
O4 - GS\SendTo [julien tavenaux]: Desk 365.lnk . (...)  -- C:\Program Files\Desk 365\desk365.exe (.not file.)  =Hijacker.22Find
O4 - GS\Desktop [julien tavenaux]: Home Picture Service Light.lnk . (...)  -- C:\Program Files\Home Picture Service Light\Home Picture Service Light.exe
O4 - GS\Desktop [julien tavenaux]: HotPotatoes 6.lnk . (.HalfBaked - HotPot chooser executable.)  -- C:\Program Files\HotPotatoes6\HotPot.exe
~ Global Startup: 82 Legitimates Filtered in 00mn 06s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Empowering Technology Launcher.lnk . (.Acer Inc. - Acer eAP Launch Tool.)  -- C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.)  -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Tour] Clé orpheline
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] . (...) -- C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Inc. - WR_PopUp.) -- C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] . (.HiTRUST - eDataSecurity System Loader( Load and prepa.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eRecoveryService] Clé orpheline
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [OM_Monitor] . (.OLYMPUS IMAGING CORP. - resident module - First Starter.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [EoNet] Clé orpheline
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] . (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [OM_Monitor] . (.OLYMPUS IMAGING CORP. - resident module.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] . (...) -- C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [AdobeBridge] . (.Adobe Systems, Inc. - Adobe Bridge.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\julien tavenaux\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]  oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter]  oobefldr.dll
O4 - HKUS\S-1-5-21-1272785046-1886922298-848633621-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1272785046-1886922298-848633621-1001\..\Run: [WindowsWelcomeCenter]  oobefldr.dll
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -- Clé orpheline
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} -- C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (.not file.)
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -  ((no name)) - (.not file.) - C:\Program Files\Yahoo!\Common\yinsthelper.dll  =Toolbar.Yahoo
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/fl ... rashim.cab
~ Objets ActiveX  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Planificateur PC-BaX (Planificateur PC-BaX) . (...) - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.exe
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe
O23 - Service: Wsys Service (WsysSvc) . (.Wsys Co., Ltd. - Wsys Control 10.2.1.2612.) - C:\ProgramData\eSafe\eGdpSvc.exe  =PUP.eSafeSecurity
~ Services: 15 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\AntiSpyware Scheduled Scan.job   [528]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job   [326]
[MD5.00000000000000000000000000000000] [APT] [AntiSpyware Scheduled Scan] (...) -- C:\Program Files\AntiSpywareApp\AntiSpyware.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.)   [0]  =Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{32855716-B8A8-4285-B3C8-6A59D366042E}] (...) -- E:\atw.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{66BA574B-1E11-49b8-909C-8CC9E0E8E015}] (...) -- C:\Users\julien tavenaux\AppData\Local\Temp\Df1.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{B4268AEF-3FF6-44A7-9C88-0DAED70CF4AA}] (...) -- C:\Users\julien tavenaux\AppData\Roaming\Mozilla\Firefox\Profiles\lcb7mawi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{B67DC940-1E31-4642-930C-F9EB22CB7AE6}] (...) -- C:\Program Files\Grisoft\AVG7\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E4EFB311-BF3E-43AB-B699-D9CFB2706E98}] (...) -- C:\Users\julien tavenaux\Desktop\eMule0.48a-Installer.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{F9260F41-B8EE-45CE-BDF1-97E661A92B3B}] (...) -- E:\Livebox.exe (.not file.)   [0]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: GesTournois 7.4.2 - (...) [HKLM] -- GesTournois
O42 - Logiciel: HDvid Codec V1 - (.installdaddy.) [HKLM] -- HDvid Codec V1  =PUP.SoftwareEngine
O42 - Logiciel: Home Picture Service Light - (...) [HKLM] -- Home Picture Service Light
O42 - Logiciel: IBoot - (...) [HKLM] -- {61ACEE8D-4E0D-49BE-962E-9CA26EC0F921}
O42 - Logiciel: Mio Transfer - (...) [HKLM] -- {4629338A-8B55-49BE-B175-CB7F377078C5}
O42 - Logiciel: PC-BaX 4.30.1 - (.Cristie.) [HKLM] -- {3A21E33E-47AA-4153-9697-6FAF84BB9D30}
O42 - Logiciel: PerfectTablePlan 4.0.3 - (.Oryx Digital Ltd.) [HKLM] -- {B737AB46-D37D-427B-9BF5-CBFF170BD200}_is1
O42 - Logiciel: vShare.tv plugin 1.3 - (.vShare.tv, Inc..) [HKLM] -- vShare.tv plugin  =PUP.VShareRedir
~ Logic: 143 Legitimates Filtered in 00mn 00s



---\\ HKCU HKLM Software Keys
[HKCU\Software\BitComet]  =P2P.BitComet
[HKCU\Software\ChrmTB]
[HKCU\Software\Cristie]
[HKCU\Software\GesTournois]
[HKCU\Software\MGS]
[HKCU\Software\OryxDigital]
[HKCU\Software\Prodiff]
[HKCU\Software\ROUA3O12PW]
[HKCU\Software\Registry Easy]
[HKCU\Software\TOY5KNQ8OC]
[HKCU\Software\TorrentAid]
[HKCU\Software\VirRL2009]
[HKCU\Software\Yahoo]  =Toolbar.Yahoo
[HKCU\Software\fcn]
[HKCU\Software\vShare.tv]  =PUP.VShareRedir
[HKLM\Software\Cristie]
[HKLM\Software\Spywarefighter]
[HKLM\Software\V9]
[HKLM\Software\Yahoo]  =Toolbar.Yahoo
[HKLM\Software\eSafeSecControl]  =PUP.eSafeSecurity
~ Key Software: 235 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/10/2007 - 14:46:16 - [7,164] ----D C:\Program Files\Cristie
O43 - CFD: 02/11/2008 - 20:48:57 - [0] ----D C:\Program Files\free-downloads.net
O43 - CFD: 10/09/2013 - 16:03:10 - [4,136] ----D C:\Program Files\HDvid Codec V1  =PUP.SoftwareEngine
O43 - CFD: 01/03/2009 - 11:52:16 - [16,800] ----D C:\Program Files\Home Picture Service Light
O43 - CFD: 27/02/2008 - 19:58:02 - [17,854] ----D C:\Program Files\IBoot
O43 - CFD: 31/03/2010 - 14:27:26 - [13,523] ----D C:\Program Files\PerfectTablePlan
O43 - CFD: 01/10/2007 - 12:28:58 - [4,000] ----D C:\Program Files\Registry Easy
O43 - CFD: 12/01/2009 - 15:56:02 - [0,654] ----D C:\Program Files\Studio V5
O43 - CFD: 18/10/2008 - 14:04:24 - [0] ----D C:\Program Files\VirRL2009
O43 - CFD: 12/09/2013 - 18:05:39 - [1,002] ----D C:\ProgramData\eSafe
O43 - CFD: 07/07/2008 - 22:26:43 - [60,563] ----D C:\ProgramData\MGS
O43 - CFD: 26/08/2007 - 16:17:09 - [0,007] ----D C:\Users\julien tavenaux\AppData\Roaming\aMule
O43 - CFD: 04/10/2007 - 15:36:46 - [0] ----D C:\Users\julien tavenaux\AppData\Roaming\AntiSpyware
O43 - CFD: 24/03/2007 - 17:12:46 - [268,776] ----D C:\Users\julien tavenaux\AppData\Roaming\Hemera
O43 - CFD: 17/10/2007 - 21:30:33 - [0,411] ----D C:\Users\julien tavenaux\AppData\Roaming\LimeWire
O43 - CFD: 16/03/2011 - 14:45:12 - [0] -SH-D C:\Users\julien tavenaux\AppData\Roaming\SystemProc
O43 - CFD: 01/03/2009 - 11:52:16 - [0] ----D C:\Users\julien tavenaux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Home Picture Service Light
~ Program Folder: 241 Legitimates Filtered in 00mn 30s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{3163411a-49ac-11e1-aaaa-00192150f596}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.B680134BA1813B78B47FDD1DFF223CA5] - 09/05/2013 - 09:59:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49376]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (esgiguard)  .(...) - LEGACY_ESGIGUARD  =Crapware.SpyHunter
~ Legacy: 88 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) --  C:\Users\julien tavenaux\AppData\Local\Google\Chrome\Application\old_chrome.exe" http://www.qvo6.com  =Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) --  C:\Program Files\Internet Explorer\iexplore.exe" http://www.delta-homes.com  =Toolbar.DeltaSearch
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [julien tavenaux - lcb7mawi.default] user_pref("extensions.crossrider.bic", "1401c763fc0702d00718fc65445ef5e8");  =PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (delta-homes) - http://search.delta-homes.com  =Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.E79E97CB957721BF99A3B4D39365DEC0] [SPRF][13/11/2009] (...) -- C:\Users\julien tavenaux\AppData\Local\bdjes.bat   [98]
[MD5.999E8784923E5B3F30CFCCE62CF3E057] [SPRF][06/04/2010] (...) -- C:\Users\julien tavenaux\AppData\Local\cdcbq.bat   [101]
[MD5.1BC64E7D26E5505C9FA69B089EB77F05] [SPRF][06/12/2012] (...) -- C:\Users\julien tavenaux\AppData\Local\d3d9caps.dat   [1356]
[MD5.CFDAD77F9258C82BCE78AF5B2F3572E0] [SPRF][06/01/2011] (...) -- C:\Users\julien tavenaux\AppData\Local\jfqmpkgr.bat   [98]
[MD5.81E88E76161196BA14C7BE4AF016F825] [SPRF][15/03/2011] (...) -- C:\Users\julien tavenaux\AppData\Local\qbcoa.bat   [98]
[MD5.C2FFADE76E2115E2B6C3442CFB728339] [SPRF][25/07/2013] (...) -- C:\Users\julien tavenaux\AppData\Local\Temp\SHSetup.exe   [45497936]  =Crapware.SpyHunter
[MD5.D61852DE0C465C5FA812A438198E6D95] [SPRF][31/03/2010] (...) -- C:\Users\julien tavenaux\Desktop\SoftonicToolbar.exe   [2473541]  =Toolbar.Conduit
~ Files: 12 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{FBB2CD35-5498-46F4-8829-2DF3885C1C12}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe
O87 - FAEL: "{0035BDE0-2E3C-476E-9D74-C9778E365572}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe
O87 - FAEL: "{73A0C187-ED7D-4D01-8EA4-E3B583B696E5}" | In - Public - P6 - TRUE | .(.Wsys Co., Ltd. - Wsys Control 10.2.1.2612.) -- C:\ProgramData\eSafe\eGdpSvc.exe  =PUP.eSafeSecurity
~ Firewall: 238 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "EC04910D3DB885244B2E241F58EA9186" . (.Plus de 200 000 Cliparts et Photos.) -- C:\Windows\Installer\{D01940CE-8BD3-4258-B4E2-42F185AE1968}\ARPPRODUCTICON.exe
~ Update Products: 92 Legitimates Filtered in 00mn 00s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 12/11/2006 24576 |  (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SS - | Demand 13/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11/08/2012 55184 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 08/02/2008 69120 |  (Boonty Games) . (.BOONTY.) - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
SR - | Auto 07/02/2007 457512 |  (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
SR - | Auto 08/12/2006 45056 |  (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Demand 10/03/2009 655624 |  (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 18/12/2009 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/12/2009 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 12/12/2012 553440 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/10/2006 61440 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 23/09/2012 312264 |  (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 05/02/2013 235216 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 24/08/2013 129976 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 31/01/2013 634656 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/10/2005 28672 |  (Planificateur PC-BaX) . (...) - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.exe
SR - | Auto 21/01/2005 143360 |  (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 19/05/2009 240512 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 28/05/2007 275968 |  (StarWindServiceAE) . (.Rocket Division Software.) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2013 424104 |  (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe
SR - | Auto 22/08/2013 303680 |  (WsysSvc) . (.Wsys Co., Ltd..) - C:\ProgramData\eSafe\eGdpSvc.exe  =PUP.eSafeSecurity
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 12s



---\\ Scan Additionnel (O88)
Database Version : 12911 - (11/09/2013)
Clés trouvées (Keys found) : 31
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 7
Fichiers trouvés  (Files found) : 6

[HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc]   =PUP.eSafeSecurity^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDvid Codec V1]   =PUP.SoftwareEngine^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin]   =PUP.VShareRedir^
[HKLM\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj]   =PUP.VShareRedir
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =PUP.V9Software
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e}]   =Trojan.Zlob
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9034a523-d068-4be8-a284-9df278be776e}]   =Trojan.Zlob
[HKLM\Software\Microsoft\Internet Explorer\extensions\{9034a523-d068-4be8-a284-9df278be776e}]   =Trojan.Zlob
[HKLM\Software\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]   =Trojan.BHO
[HKLM\Software\Classes\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5}]   =Trojan.FakeAlert
[HKLM\Software\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]   =Trojan.BHO
[HKLM\Software\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}]   =Trojan.BHO
[HKLM\Software\Classes\CLSID\{f5734812-e6a1-8833-eca9-949b5b8a88bf}]   =Trojan.FakeAlert
[HKLM\Software\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}]   =Trojan.BHO
[HKLM\Software\Classes\CLSID\e405.e405mgr]   =Trojan.FakeAlert
[HKCU\Software\Microsoft\handle]   =Malware.Trace
[HKCU\Software\Microsoft\instkey]   =Trojan.Vundo
[HKCU\Software\fcn]   =Rogue.Multiple
[HKCU\Software\Prodiff]   =Adware.Locator
[HKCU\Software\vShare.tv]   =PUP.VShareRedir
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]   =Hijacker.22find
[HKLM\Software\eSafeSecControl]   =PUP.eSafeSecurity
[HKLM\Software\delta-homesSoftware]   =Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}]   =Toolbar.eDataSecurity
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}]   =Toolbar.eDataSecurity
[HKLM\Software\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}]   =Toolbar.eDataSecurity
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc]   =PUP.eSafeSecurity
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\vShare.tv plugin]   =PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}]   =PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311431162}]   =PUP.CrossRider
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{144a6b24-0ebc-4d89-bf09-a06a718e57b5}   =Trojan.FakeAlert
C:\Users\julien tavenaux\AppData\Roaming\Mozilla\Firefox\Profiles\lcb7mawi.default\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com   =Adware.PlusHD^
C:\Users\julien tavenaux\AppData\Roaming\Mozilla\Firefox\Profiles\lcb7mawi.default\{3112ca9c-de6d-4884-a869-9855de68056c}   =Toolbar.Google^
C:\Users\julien tavenaux\AppData\Roaming\Mozilla\Firefox\Profiles\lcb7mawi.default\{3112ca9c-de6d-4884-a869-9855de68056c}(117)   =Toolbar.Google^
C:\Users\julien tavenaux\AppData\Roaming\Mozilla\Firefox\Profiles\lcb7mawi.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}   =Toolbar.Yahoo^
C:\Program Files\HDvid Codec V1   =PUP.SoftwareEngine^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\spyware-secure   =Rogue.Multiple
C:\Users\julien tavenaux\AppData\Local\Temp\eIntaller   =PUP.eSafeSecurity
C:\ProgramData\eSafe\eGdpSvc.exe   =PUP.eSafeSecurity^
C:\Program Files\Mozilla FireFox\searchplugins\delta-homes.xml   =Toolbar.DeltaSearch^
[HKCU\Software\Yahoo]   =Toolbar.Yahoo^
[HKLM\Software\Yahoo]   =Toolbar.Yahoo^
C:\Users\julien tavenaux\AppData\Local\Temp\SHSetup.exe   =Crapware.SpyHunter^
C:\Users\julien tavenaux\Desktop\SoftonicToolbar.exe   =Toolbar.Conduit^
~ Additionnel Scan: 301354 Items scanned in 00mn 59s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... fesecurity   =PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blo ... eltasearch   =Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blo ... are-plushd   =Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blo ... bar-google   =Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo   =Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... ker-22find   =Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blo ... wareengine   =PUP.SoftwareEngine
~ http://nicolascoolman.webs.com/apps/blo ... shareredir   =PUP.VShareRedir
~ http://nicolascoolman.webs.com/apps/blo ... -spyhunter   =Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blo ... acker-qvo6   =Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blo ... crossrider   =PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit   =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... v9software   =PUP.V9Software
~ MSI: 13 link(s) detected in 00mn 59s



~ 1262 Legitimates filtered by white list
End of the scan (599 lines in 03mn 35s)(0)
Avatar du membre
par 2011N2
#63003
ImageOù en-est votre problème ?

Deux solutions,
  • Votre problème est résolu, dans ce cas pensez à nous en faire part.
  • Votre problème est toujours d'actualité, merci de nous renseigner sur ce qui ne va pas, et donner des nouvelles régulièrement.


    À bientôt sur FEI !
Avatar du membre
par 2011N2
#64515
Image Bonjour,

Nous n'avons plus de nouvelle de l'auteur de ce sujet depuis plus de 10 jours Nous considérons donc ce problème comme résolu ou abandonné par son auteur. La prochaine fois, merci de nous tenir au courant de l'évolution de votre problème, ou à faire un UP régulièrement !

Ce sujet est verrouillé, si vous souhaitez le reprendre, merci de contacter par message privé un membre de l'équipe de modération du forum.

À bientôt sur FEI !

Bonjour à tous, Je possede une config pc […]

Modèle 16R5 pour être précis. […]

je passe par un routeur intermediare TENDA entre f[…]

Bonjour, Est-ce que l'un d'entre vous aurait un &[…]