Mon pc rame au demarrage de windows 7 puis pour ouvrir internet [Résolu/Fermé]

Signaler
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013
-
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
-
Bonjour, mon pc rame au démarrage de Win 7 puis je mets un temps fou a ouvrir la première page internet ou une application .
Je viens de faire une analyse via ZHP et je vous joint le rapport ci dessous


~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Lancé par damien (26/12/2013 16:54:26)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
McAfee Security Scan Plus v3.8.130.10
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3764 MB (26% free)
System Restore: Activé (Enable)
System drive C: has 280 GB (61%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: DAMIEN-PC
~ User Name: damien
~ All Users Names: UpdatusUser, HomeGroupUser$, damien, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\damien\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\damien\AppData\Roaming\
~ %Desktop% : C:\Users\damien\Desktop\
~ %Favorites% : C:\Users\damien\Favorites\
~ %LocalAppData% : C:\Users\damien\AppData\Local\
~ %StartMenu% : C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 280 Go of 452 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/583
~ Mes musiques (My Musics) : 19/437
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 6/24
~ Mon Bureau (My Desktop) : 1/69
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.3216]
[MD5.15D6EFED817CE145FF05A9829050D547] - (.GARMIN Corp. - Garmin ANT Agent Application.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776] [PID.6944]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.6728]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.2748]
[MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376] [PID.4436]
[MD5.8AC62C26E1065547A1F49D6A19E25D42] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576] [PID.5420]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2648]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1672]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3448]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.6112]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.3984]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.4644]
[MD5.C180E890FFE0FDED8306427D3C836AF2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.5688]
[MD5.B29A08A0CB56CD5A4B9C53A011819657] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.4456]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [366720] [PID.6028]
[MD5.9A5D00136D78E590DFED35D521E20205] - (...) -- C:\Users\damien\AppData\Local\WahOO\Wahoo.exe [3464920] [PID.3712]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8295936] [PID.6764]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1456]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1736]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1884]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1940]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.1704]
[MD5.734D9EB27B76B2BA9F5030405345C707] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208] [PID.2060]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2212]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2500]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2532]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2840]
[MD5.9D8B95C0EAE145C46BC4A727B23DA395] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.4180]
[MD5.03AA7307C0D92D38D7AF90E181736B8D] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120] [PID.1500]
[MD5.0B0B9F55B12767A755932C26B5FED715] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2538520] [PID.5664]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 15 Legitimates Filtered in 02mn 41s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: WebCake Layers [64Bits] - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} . (.Let Them Eat Web-Cake LLC - Web-Cake Runtime.) -- C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll =>Adware.WebCake
~ BHO: 13 Legitimates Filtered in 00mn 25s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de fournitures HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (...) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe SecurityScanner.dll
O4 - GS\Desktop [Public]: McAfee Total Protection.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
O4 - GS\Desktop [Public]: WahOO.lnk . (...) -- C:\Users\damien\AppData\Local\WahOO\Wahoo.exe
O4 - GS\QuickLaunch [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [damien]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [damien]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [damien]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [damien]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [damien]: Video Downloader.lnk . (...) -- C:\Program Files (x86)\vGrabber-software\VideoDownloader.exe =>PUP.vGrabber
O4 - GS\Desktop [damien]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 87 Legitimates Filtered in 06mn 24s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (...) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - GS\Startup [damien]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [Wahoo] . (...) -- C:\Users\damien\AppData\Local\WahOO\WahOO.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\damien\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ANT Agent] . (.GARMIN Corp. - Garmin ANT Agent Application.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [RegTask] C:\Program Files (x86)\RegTask\RegTask.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [Wahoo] . (...) -- C:\Users\damien\AppData\Local\WahOO\WahOO.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\damien\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [ANT Agent] . (.GARMIN Corp. - Garmin ANT Agent Application.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 285.) - c:\windows\syswow64\nvinit.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [346] =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-Updater removing.job [288] =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegTask.job [388]
[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\Updater.exe [254456] =>PUP.GiganticSavings
[MD5.00000000000000000000000000000000] [APT] [RegTask] (...) -- C:\Program Files (x86)\RegTask\RegTask.exe (.not file.) [0]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (SABKUTIL) . (. - .) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\KowMedia]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\TUTO_4PC] =>Spyware.AgenceExclusive
~ Key Software: 344 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2013 - 10:10:17 - [0] ----D C:\Users\damien\AppData\Local\supt4pc_fr_37 =>PUP.Eorezo
~ 364 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 564 Legitimates Filtered in 01mn 39s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D70F936472CD72C556E7363F54023084] - 26/12/2013 - 17:02:28 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24608]
O44 - LFC:[MD5.D70F936472CD72C556E7363F54023084] - 26/12/2013 - 17:02:28 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24608]
~ Files: 33 Legitimates Filtered in 02mn 12s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter64.acm" . (.Pas de propriétaire - ac3filter.) -- C:\Windows\System32\ac3filter64.acm
~ TDSD: 3 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.83C57F165F0216E5CE40D7E4E00DC76D] - 24/04/2013 - 20:28:08 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 16 Legitimates Filtered in 01mn 09s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {9B5D5285-D5AB-4156-8A72-2C9CDBF26E46} - (Recherche sécurisée) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C278C5DA-270A-467F-A839-C145C16C4BC4}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 216 Legitimates Filtered in 00mn 02s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.689EEE659BB279B0D1D69633698C6EC6] [WIS][20/09/2011] (.NTI Corporation - Media Maker.) -- C:\Windows\Installer\12552.msi [14190080]
[MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][06/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\2c39b.msi [24993792]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\599bf20.msi [522752]
[MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][27/01/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\c02fccd.msi [45056] =>Adware.Boxore
~ WIS: 484 Legitimates Filtered in 01mn 37s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 14/03/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 10/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 10/07/1658 0 | (McComponentHostService) . (...) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 13/04/2010 231224 | (MOBKbackup) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2012 2464400 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 16/09/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 24/09/2013 178048 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/09/2013 1017016 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 04/11/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 04/11/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 16/10/2011 1640768 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/10/2011 2253120 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 20/08/2012 474208 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 13/08/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 16/09/2010 2538520 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 04mn 17s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =>Adware.WebCake^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =>Adware.WebCake
[HKLM\Software\Classes\WebCakeIEClient.Api] =>
[HKLM\Software\Classes\WebCakeIEClient.Api.1] =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\damien\AppData\Local\supt4pc_fr_37 =>PUP.Eorezo^
C:\Program Files (x86)\vGrabber-software =>PUP.vGrabber
C:\Windows\Tasks\bench-sys.job =>PUP.GiganticSavings^
C:\Windows\Tasks\bench-Updater removing.job =>PUP.GiganticSavings^
C:\Program Files (x86)\Bench\Updater\Updater.exe =>PUP.GiganticSavings^
[HKLM\Software\Wow6432Node\TUTO_4PC] =>Spyware.AgenceExclusive^
C:\Windows\Installer\c02fccd.msi =>Adware.Boxore^
~ Additionnel Scan: 355417 Items scanned in 00mn 46s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber =>PUP.vGrabber
~ http://nicolascoolman.webs.com/apps/blog/show/37514218-pup-giganticsavings =>PUP.GiganticSavings
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 12 link(s) detected in 00mn 46s



~ 1948 Legitimates filtered by white list
End of the scan (539 lines in 23mn 05s)(0)


Voila si quelqu un veut bien m'aider ?

Merci d'avance

16 réponses

Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
bonjour,

Tu as des adwares fais ce qui suit, dans l'ordre

1)Télécharge ==> AdwCleaner (de Xplode) sur ton bureau

Double-clique sur l'icône présente sur ton bureau pour le lancer (Vista/7/8 --> Clic droit et "Exécuter en tant qu'administrateur")
Clique sur le bouton "Scanner"

Lorsque l'analyse est terminée, il est indiqué "En attente. Veuillez décocher les éléments...." au dessus de la barre de progression
Clique sur le bouton Nettoyer

Accepte le message de fermeture des applications

Valide, après lecture, la fenêtre d'information sur les PUP/LPI
Accepte le message de redémarrage

Patiente durant la suppression
Le PC va redémarrer et un rapport s'ouvrira automatiquement dans le bloc-notes après redémarrage Copie/colle son contenu dans ta prochaine réponse

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

___________________________________________________________>>>

On va utiliser un outil en complément à Adwcleaner:

==> 2) Télécharge ici ==>Junkware Removal Tool

si ça marche pas lien direct ici => http://thisisudax.org/downloads/JRT.exe

==> (ne clique pas sur télécharger, le téléchargement va débuter automatiquement)

==> Enregistre-le sur ton bureau.

==> Ferme toutes les applications en cours.

==> Ouvre JRT.exe et appuie sur Entrée : si tu es sous Windows Vista, 7 ou 8, ouvre-le en faisant : clic droit => Exécuter en tant qu'administrateur.

==> Patiente le temps que l'outil travaille : le bureau va disparaître quelques instants, c'est tout à fait normal.

-> À la fin de l'analyse, un rapport nommé JRT.txt va s'ouvrir. Héberge-le comme ceci http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html et poste le lien obtenu dans ta prochaine réponse.si le premier lien ne marche pas ici => http://pjjoint.malekal.com/

==>Tutoriel :=> ICI JRT

==> Aide JRT ici <==
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

Merci King pour ta réponse si rapide .

Je viens d'effectuer l'analyse avec acwcleaner

voici le rpport

# AdwCleaner v3.016 - Rapport créé le 26/12/2013 à 18:22:34
# Mis à jour le 23/12/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : damien - DAMIEN-PC
# Exécuté depuis : C:\Users\damien\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files (x86)\Bench
Dossier Supprimé : C:\Program Files (x86)\Tepfel
Dossier Supprimé : C:\Windows\SysWOW64\hotspot shield
Dossier Supprimé : C:\Users\damien\Qtrax
Dossier Supprimé : C:\Users\damien\AppData\Roaming\Tepfel
Fichier Supprimé : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Clé Supprimée : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Clé Supprimée : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Clé Supprimée : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EB4A4C0-6036-4D2E-B010-20707C4B62E8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKCU\Software\anchorfree
Clé Supprimée : HKCU\Software\dsiteproducts
Clé Supprimée : HKCU\Software\qtrax
Clé Supprimée : HKLM\Software\installedbrowserextensions
Clé Supprimée : HKLM\Software\Tuto_4PC
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16428

Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ Fichier : C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[0].txt - [6461 octets] - [14/08/2013 17:59:48]
AdwCleaner[1].txt - [1096 octets] - [22/08/2013 15:53:06]
AdwCleaner[2].txt - [809 octets] - [22/08/2013 17:12:45]
AdwCleaner[R0].txt - [4786 octets] - [26/12/2013 18:19:25]
AdwCleaner[S0].txt - [4123 octets] - [26/12/2013 18:22:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4183 octets] ##########


maintenant je vais faire avec junkware et encore merci
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
ok la suite stp ;)
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

merci king je viens de terminer junkware

https://pjjoint.malekal.com/files.php?id=20131226_13f10y6w10j12

normalement le rapport est ici

sinon voici un copier coller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by damien on 26/12/2013 at 18:53:33,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2883711922-1813279362-3368567696-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\ba086f2d38a8e1a47912955a68b3ad24



~~~ Files

Successfully deleted: [File] "C:\Users\damien\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\syswow64\sho1316.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho36B9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF480.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\damien\music\qtrax media library"
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{009A33C5-E2F4-4CC7-8A07-AFFC419ABCAC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{03252689-C6B6-4085-B72B-A3653E0E721A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{0342620E-5C6A-4A34-846D-02C397B44395}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{039D1D2D-5B5B-4363-9977-D4E8D5D6F1B6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{03A39635-3037-44E6-B1AE-E5A850CF28FC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{05452990-2615-4A2C-B19E-123322307388}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{06F99C87-7049-4785-BC50-F302D5DE441B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{0789CFB2-E5DB-4B24-B940-DB1FE6529A20}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{07E12821-6630-4DDA-90CE-32C7A1909EB4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{083CB1B3-B572-45B5-B878-03FB24932E99}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{08713B43-CC62-42F4-9CBF-0D08DD45567A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{099B960C-36B9-426D-9D90-6905FCEA05FA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{0A337C1E-68A2-4597-85EC-96CA8B54FDB6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{0AAB5837-2AF6-49F5-BF14-F9D98ABE5EE5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{0B82255F-A61C-4FAA-B786-CCE21CFD2852}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{0DF00B8C-5ACE-4DA8-B9CF-952810DDA5BF}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{120AA694-5F54-47F6-B571-32AC700CD673}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{124606BD-2CAA-44D0-86B2-51925B7DC5AE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{140872B7-5DAA-419C-ACDC-20B63AEB5D06}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1470431F-9CCB-40C8-8C4E-C48074AB2CB4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{14B0B077-9B17-44C3-BFC2-926083AEE33A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{165CE2D5-A1DB-44E7-A96E-FB95B7BC8FCC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{175C305B-9C4C-4678-BD2D-6FA144C84F83}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{17B02189-4752-4141-B5FF-536E47225AC3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1917F344-29A7-4787-B97E-91C4525C7338}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1A3CB02F-EF3D-4EA4-8275-7D4C7FFE5607}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1ADD4B3A-BAE3-4176-A538-A0C8A82BFB27}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1BF6FA14-EF95-422B-A65F-D3785189E685}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1C7478AF-56E8-4DB9-9C3C-9C72BB2D9FA1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1CE0EB0F-DB0A-4E44-A9CA-0C2810B44A73}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1E7C91AB-494F-4B89-ADB8-CE6763BE289B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1E920BC5-7CA3-4799-B221-C68EB0506D17}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{1FFD2096-39D3-434A-90AD-3A69D067AF41}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{20286A23-59E8-4D82-95FC-25A38AE53FDE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{210A2FAA-9A69-4CDE-955A-801CA49E6A44}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{21687140-DC3C-4FB6-8664-EACB1056C17D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{21C18CA2-DE9B-4754-BD5F-16C2668954F1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{22553796-9B7A-46E9-B6D9-0F99D0D91C5F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{23C2CA1E-CBD3-4E0F-9257-D983CCA3E492}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{24D5F770-DC18-41FB-82DF-7D5DD4ACFEA7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{25E623C9-AFBD-420E-8496-D683151A1741}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{26AAF337-D973-4343-BCAF-222E478480E4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{27D24E8D-A348-4951-A6F0-707CC6FF767A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{285E2625-AFA0-4CF4-BEC8-5C217AC341DC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{28DB47B4-085C-4BEC-920D-295AFB9CA1D1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2A4167AD-BB07-4FF9-ACAC-F9B6958B66A5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2A4F1551-2B2E-46B8-A23E-86A525A77DFE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2A74CF46-2B67-4F08-9A2B-8C8AA3855AE6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2B7A06C9-4F04-4BF0-A05D-F54DC0577B39}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2B9702FF-D2B6-43F6-831F-48C9B8E09BA3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2C1B77A7-D153-445F-A911-4C3CEF998E76}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2D00AB75-B97F-47CE-93A6-FE7A49C5A497}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2FA9B510-4560-484E-9D9F-7FD0F066F69B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2FF00B60-F97E-4470-9CAA-0E27D06F4E83}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{2FFD0215-4500-4D85-843E-B87EA14DC815}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3001F5AA-952B-4164-BF92-66E26DB8E357}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{33122DAF-7826-4EB4-9A87-6BA2C7DD1302}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{33CD3C46-B408-4662-AC14-AD221B1AAF6E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{33FD6AB9-DF20-4F3A-AE09-91FE478517F2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{35D40ECB-C405-4D3D-8C5C-43A1683B54C5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{360850AF-A0C4-42E3-BE3B-769D7B4C29A6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3796946B-657A-41AA-AE9B-ADC9643FE106}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{37D61283-D0E1-46DD-8C6B-15BE01381A9F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{381B0E4B-8A38-4142-B07F-7D3C63240365}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{386E9249-D402-4022-8BE5-0757A34BF9D4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3A75D624-B1CE-4EFB-B331-1FCFCE189C7C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3AEDB9A4-5943-4FA1-94A1-BE8CE5213418}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3BD2E89D-01F7-4806-BE52-FCCFE406A595}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3BDE32A4-05AA-44F6-A1C2-92E5C16B2A6A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3BFDF599-9BBE-499B-BEBE-61E9AC442B05}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3C54C019-7245-4154-B954-DE5FCED6C396}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3C566659-5298-49F5-9911-75DAE14DA5E1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3CC2B4C0-D177-4B17-9325-B8788C68C756}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3E6F3EC5-F5E4-42F7-8F39-66B745914790}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3ED40C25-838F-403F-9C7C-7B3F18CFA04C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{3F4D9411-CD28-4F0C-90E6-7950EF8D2AB0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{401081CF-6DC0-4C2D-A4C2-CF8DAAB3A9B0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{40173840-7DA5-4683-906E-C0B9CEF3D20E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{40464D60-D3F6-455E-B785-E48931DBA795}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{40902BA1-2242-4F5F-A354-4B6C4F3ADAF7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{40A7CA56-6315-4A7D-9663-33B45BE591B3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{41226F21-DA7C-4963-B7D4-ADA2053A94A4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{418C844D-8AEA-4A42-A5AE-7F7EF6968C0F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4298B724-AA82-45FF-A075-299FDBDFB20E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4377E145-2BB1-4506-B835-3EF627596A63}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{43C6A2BD-374A-4B8A-93ED-5E28813F621C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{445E12ED-DD40-45C3-BF2D-94BE99ABBB9C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{448B1BC4-9EE4-464C-80A5-DC5519FF096C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4497023D-CFD4-4BBF-A777-E5AC6D74D7EE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{44A8ED53-71F8-4F74-9476-66F3863B34C7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{455D00B6-D806-4AAF-9243-E4FD2469990A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4587A979-B433-4D19-BF2F-A6A3F5F1A98A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{45C557EA-E2D1-42F3-8A2B-41E70D85A69C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{46160B56-E735-4DBD-B601-7BA9DECBD712}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{46DDD3AE-8D49-43C3-9B6D-A10E390119AF}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{48171C69-1451-4369-9819-5655E7688962}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{48C1B756-7A40-430B-A7C7-32D2EA1DA376}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4AD99A74-1ED2-4FA5-9468-77B2FFB0AE99}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4B1F9872-CE93-4AFA-878C-B2B39D30AE23}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4D45339E-87EA-478D-B3C4-23DA5F8A161B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4D9D0EA4-57AF-46B1-BE9E-701B90C669EB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4E5B1B5B-91E5-4E35-9D40-F27AE58F0706}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4EFE14C5-8308-4CDE-B7A9-8E39F697F90C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4F6C2F21-2C0F-40BF-995A-7EDBC131C6B1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4F6DC472-A18A-4A59-A653-1DB989EC2AD4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{4FBECAB3-D0D8-4A5E-8F27-1976F3B39428}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{502BE990-FC16-452F-A0DD-AC7186AFEB98}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{51C6671E-7E0D-4D01-8D36-9EA4785B2B9E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{521D4B25-E3B9-41FF-8054-77ADA64F9634}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{52FF10DB-665C-479B-8530-7B7600543056}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{53B47BBA-B689-4CEF-A072-F6AA3F23AEC1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{53F3A20B-478E-41EE-9BDC-A4AC693A4AD6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{53FDFB8C-B319-4F52-966A-0AD4D12478BA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{54A87DC4-6901-4D3A-B528-FAC656143BBC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{573FAECD-F909-4DDE-8843-D6ED5C91A4DA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{577B55FF-0018-4C02-9BBF-FE9CF6453AAD}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{57F1B2D0-99AA-468F-9A19-0E4E498E0203}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{57F48773-B4A8-494F-9763-C9B13BCC0846}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{58573D57-F10B-4E7C-B36C-C96255664E54}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{594D79F4-4BE4-455A-95F0-72C1803FCE50}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{59A6C967-0D35-43C2-83EA-3F932D1735BE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{59B77B15-2943-4B1B-AB8C-725F31388294}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{5A351CA1-CA94-4E0D-ACBD-244E774F5BAA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{5A517689-F5DD-4130-8E81-871C8F784491}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{5B1E1FE6-1D56-4606-9BDE-30967EE7B98E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{5BD148EE-5862-4A9E-A0C5-03972254AF21}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{5DB88104-0521-43D3-AD41-B6289CCFB34C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{5E3E47DE-EE56-4F59-8FF1-636D6CE33CA4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{601FB988-7ECC-4DB5-B0EA-C5157628303F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{60AAF824-BD13-4095-B3F7-5E4F18FF0228}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{60B99983-680A-4018-B262-D9A83EB454F4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{611AAA42-44F9-4C40-8DAC-C8E531A1C19C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{615E7D70-AB70-482C-9E75-988C66E3B9FB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6279C557-9AEB-4CA9-BEF0-570F2E9C0C7F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{62B3F68B-1B32-463E-A5AF-2BB74688B3D6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6480F7EE-F743-43A4-8B55-7843D88CE44E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{64D53960-5019-4019-8DC6-0D0203C6291B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{65581ADA-AED9-42A6-B9C5-21F26FD9A21F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{65AAEE99-CC51-4906-9981-75093B6D96ED}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6604A55F-FE7F-409D-AB73-57E16EBE7ECE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{66A073E2-F7B3-4784-947B-F6EC809E871A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{66E6C9B3-733B-4099-9EB7-689913A02A49}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{67EDA7E7-4185-4E03-9CBA-4FE57C7619C2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{688D0A56-1928-4E81-BC6F-B20037DCBE56}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{68E32672-9F21-47B1-BFB1-CD22325A9874}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{692C25B4-CC9C-4426-ADC6-F036BA8D8BFD}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{697C906B-BD43-432E-9F30-50232E9B791A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{699C1DF0-17B7-4DBD-93E8-5F7BDFFCFDB6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{69A3BD7C-8C80-4944-BF34-B9B99FFCB317}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{69B18DB7-B8EA-4BD0-9A55-71E8EB1861D7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6B730903-9F1C-45B8-B1BA-338081C50F90}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6D3BEEBD-3D37-4F58-8D82-498396A7796E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6D4C0F9D-7717-4355-9A71-DBC0CEA05374}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6DD21B69-1ABF-41DA-82C1-1CBAD3A9289F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6E5F3E36-6051-4A9D-A466-EB8DBC0A520A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6EAF966C-9416-41A0-991D-EF42484F83DB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6EF16F61-7D0F-4195-9843-B3C8B051C765}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{6F850276-BFBC-4366-9925-1A2F1F7F706A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{71089CAC-AAAF-4BC6-8424-D6F30893EE36}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{72AEC688-4DA6-4281-9536-787A1BB6EA98}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{730D81CA-1CBD-402C-9E79-B91FB55AFBB9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{75D208C6-0301-43AB-9B1A-46A9B0D1D1DC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{76C8A7F4-AB5E-42DB-9681-C9D35CAD8A2F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{7A55E5FF-526B-4874-BB2D-A54DD48F9325}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{7B23D856-3266-440E-B97C-65E9F8312078}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{7C7E0687-8F3F-40F0-92F1-CC2B7B65E8A4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{7DF2B047-8A6A-4EEF-A33A-2D960DB417C0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{7E76D967-6592-474B-9590-871412FB5729}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{7EEBBFAB-F540-4916-9400-6868D2947D27}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{811FE259-6F63-4A86-808B-DB2B13A66EA5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{813C565A-611E-4DFA-AEB6-18DDAB0DB1DB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{818F877B-E1CF-4CEC-BF3A-DC02A9450493}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{81AC99CC-AB71-4BEF-B402-DF6E08E980D3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{825E66D0-554C-4773-81AD-9F9063D70DE4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{82901876-F5A5-4777-8014-5F94B7E13D30}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{82A43EBB-4DE4-44F0-9D67-BD99242B7FCE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{82DDD7D9-B7A6-4866-AA4B-436E2121D377}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{832E3CEC-B7B6-47B8-826A-0C61BFAD3BC4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{834C97D9-9A70-437F-B0C9-EDDCB86A47FC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{83AB7861-E2E2-4AD1-A9F4-51857F7140B7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{83F0E99F-9EB1-45E8-9552-69F6A8AE5494}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{84A39172-36CD-4CBB-8C75-87A9CCE4D7A9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{85D59AE9-0981-4E55-B350-45E5BCDBEC76}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8724C30C-E612-4437-A4E8-A557B8947C84}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8729AFC2-D975-403D-9DB0-657E7EF8F744}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{89CA6142-E379-4CC0-98C2-66FEE6393DCD}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8A03517B-FBC4-48DF-A781-1A5DADC69900}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8A0C8ED5-F223-4347-A43F-40A4CCF34895}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8A84E027-7F2B-41AF-AFC3-D14C6BDCC8E0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8AC3E01D-3AE2-4ADA-9846-6AA1EAFAAD98}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8B478001-736D-4732-A3B9-F3A2B2001359}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8B61300F-CBA0-4C5A-A376-ACCBD1B0D965}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8BBBE845-DC9A-47F0-ABDD-B9E28728C55A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8D47427A-CF44-4CC8-BD2F-FBA9FDCDE973}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8D9C19FD-D843-47E6-8519-6A662969D0B9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8F2337F0-64C5-401C-B667-3DDDCAD39771}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{8F9860A2-5694-45ED-AAB4-3C1B9D354FB4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{901A3EE2-C393-4BB2-B0C9-C29AF0E425FD}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{903A7730-74D3-4967-A338-DE601D30327E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{90BE9E26-6294-4B65-AFA0-1B2FBE1D9E43}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9193FD5B-14AB-4212-B94C-B01C641E5F46}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{91CEA96C-D86C-4776-8F33-BE8D965D8DAF}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9213A584-A4EF-4E8B-8C6E-2680E61052DE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{92225D5E-476E-4DE4-BC46-CA1CC1D1FFDA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{92D603FD-E2DD-4C7B-BDF1-A55E356348C0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9332F83F-C4CA-41BB-96D7-BC46F534EE1E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{942B7763-E901-4F62-9E9A-B2B772618A6A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9433436A-9070-4120-A063-A6C23F047A6B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{949AC0F8-AB89-4365-892E-99DDC7FAB514}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9506F7D8-5E46-42B7-8DC6-B6D214657F5B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{95F7F0CC-E956-4FCC-98EB-A46CCE7B7B86}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{96E4BCE3-C85C-4154-8CE9-27F1B515863D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{986FFEE7-0967-4B45-B8F5-47FD970868BF}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{990A707C-426F-4A99-996D-5B50E4E0B99E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{997D2A15-F95D-4F6F-B777-6044B7BC42A9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{99B0C002-2273-4F35-8BF6-A2955A0F39D0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9A0D8005-B69E-4BD9-8E11-83EAF16CD66B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9C1B12AF-8849-4556-956E-23C54A89AEAA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9C480082-F454-4B06-9149-761A24281618}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9CED9E06-181D-4CC5-9761-8A456D76FD01}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9D532E6D-5E49-42DC-BD30-44C27FCE097F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9D7F8392-D1DB-4FFF-A2DB-748A916172BC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9ECD7440-4204-4C00-A466-68631883B1E0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{9F946B4D-F1B9-410D-AEDC-0BC7BDB4CDE3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A0CF90D2-03E8-446A-AAE1-74636552C8B6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A0D26136-E72C-4C65-B0A3-BE0672071099}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A14718B1-968F-45D3-A469-B4C5972CE469}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A1E4242E-834B-4431-93DF-AF0678925BF9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A20845B7-DEEE-46BD-B330-FE37A40E9B9D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A29A9C91-3DAB-4CA2-A96A-6F12C286EFD6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A3B34CE8-5620-42F1-A7A7-6473C04FEF59}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A4570D83-5ED1-4753-9A11-AE812EFF2697}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A46A961E-0B60-4D7C-ADD3-4EE7E097D995}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A52F332A-9045-4629-B1EF-146F77D182C8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A55BC6A1-CA6C-4DF6-AA96-226B87FB4D38}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A68FA399-2823-4FE7-8CCD-862A279E28B8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A8DAB711-AFD9-48FF-A544-6E268B366A7C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{A94C49F4-4B4B-45A9-A2F5-793D86F97272}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AB3922E2-77EE-4052-9B4E-362E2B3111AE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AC0B7B6B-952B-45C1-8156-47FD7E245AC1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AC21447E-E9D8-4054-9D8A-70A1FA656BC9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AD87FFBB-E056-46EF-BFBE-CEE1769A4256}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AE448D6B-B21F-4EED-BD11-9A929CEDF683}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AFBC986F-8345-4777-BA8E-56962C4F00B7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{AFBF5019-A96F-4FA1-AF6B-B11D45DD8979}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B015CC6A-9BB9-4549-A2FA-39B40694BDE1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B05162BC-2B1B-483C-A1A3-EACD67E3FDEB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B3C2BAAE-8435-4E81-9924-453EF1181B10}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B3E3562A-DBBB-4636-99E9-B51C9790C41E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B489ED32-2651-488A-8402-73AF24634EC2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B4C92062-115C-4FBE-92D2-A278D4F03518}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B579D9ED-60DA-4874-BC6B-17E10F1A14F9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B674E7E3-6820-4B88-B0E6-93863DEEF38E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B67AB959-88FB-40A8-B9A0-CC199BD18E98}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B68C7B33-32AA-45C2-A8DB-99380618A2AE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B69D48DC-8275-4195-93C8-0890D7940EEC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B6C202F8-B254-4DB2-ACD1-76BF17B71233}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B87EBACF-819B-4C52-B205-A18121C87C07}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B8B52DEC-4BAF-49F3-AC9F-F45A47564341}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B95C3945-0116-4407-BD9E-27767CB94979}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{B9E41BF2-FD5A-480C-8CD4-2B95C0F8355C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BA903FB3-864B-413B-B506-EE9D09DE5DF2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BA9B75F5-7DB6-43FB-BB21-ECDF437AD119}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BBA71545-3AEE-4F4B-B591-223CC622A083}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BC4A3FA1-D514-4CAC-8359-B1496C89466A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BDFA389B-18F1-4FEC-A916-2C497DB3707F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BF291BE7-1C97-44EB-BECD-E372169A5F3C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BFA61F76-AC02-4C31-ABFB-7BA5F3FF98A2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{BFB5AAA8-9906-4D1A-8CCA-7A855EE90C78}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C16FFE14-0159-496F-A381-82B92741E737}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C206E1F7-E413-4748-AFA0-114DF9E7E4D6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C2AF87D0-4201-4807-BAC9-2822628EB088}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C309C828-1DFF-45D7-A078-82D8E57C5297}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C3CC87ED-9D72-4377-AD17-C240EAFA6676}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C3D2E702-0740-4EED-8500-4A9C858BE3FA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C430FEE3-770E-40CD-B51A-33693EFBF0D2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C454E6CF-AA62-4F30-BDA1-66A099D8A8B5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C65F9A47-4167-4E3E-9A0E-393AD244A3D2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C7B5E8EB-CF59-40A4-9FCE-32D7E481F4A7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C7CDA3BA-E23C-41FE-94A7-44FBE0B03EAC}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C861A76A-7E14-41D1-A5EF-C7E6A8922FCB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{C8EAA082-180E-4972-9F9B-8CE254EB3E4D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CA1E2C58-2C22-48F4-937A-953D5258083C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CA25C919-76D0-4126-9C14-299959C75739}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CAADD39E-3CF6-41D7-A8ED-956543636011}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CB06540B-E1A3-4E3C-9D41-36CD9DE7681B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CB2235F9-4D1A-48FC-8186-5BCFF268910D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CC0CBED9-E198-49A6-9F83-481F5CE19D6E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CD5A4A0E-B235-4E54-B380-595F1E1972DB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CD655DE1-E9B4-49D0-984B-28E25E490BF2}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{CDE06A39-9916-4950-A8E0-B0720CBCFAC6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D102E851-E1C2-4179-92EB-37EC1507AA27}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D1892F27-140A-4D93-AA00-D3F67990D649}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D22AA37F-9AFC-4FD3-BA51-195942963E9B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D24105D5-BBAD-4A84-8B41-7DBFA119A5F5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D32B735C-5151-402A-82DF-040F66BDA226}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D5197476-701D-4548-849A-26786A96450D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D52EC85B-927D-4168-AA8F-6B78D7491A53}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D583DFBC-0AD3-4B99-9733-11F3DBFEF837}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D693AE4C-8DF4-4B3B-8B9D-AB8A73320B7F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D6B91C53-45CC-4B2A-A135-FF8775737CB8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D74F5EDF-94A8-44D3-AA44-7B90DE07FA21}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D7B99AFB-69A9-4AA2-8FD4-A54EEAD048DD}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D7C11B11-62E6-4ACD-BCE2-7B6845A75D1E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D8ACBD0B-4DEF-4F27-85D1-679A8EE332B4}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D9436B77-6FA5-4375-A807-36F554F912C0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{D9CD7D4F-854B-46E9-92F2-9332D21D48E5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DAADE465-6DD9-4354-A199-4CD4A1589484}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DAB098DC-BD5E-4C9A-8EB1-F4C51D8BDE72}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DABC85AB-8B3E-44C3-8110-916E2E7FB218}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DACBB4F1-760D-451D-A901-FF22273169FF}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DAF3E513-B834-4903-9746-CDA02E62931B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DB02BF4A-6478-4373-AF45-B6E320A81115}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DB0D3F94-BED9-408C-B28D-526797B39439}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DB5A14C3-0455-49D4-B62C-2AA9B4118042}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DB6492FA-443B-4826-94E3-6FBFCE30C4B8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DB8F56A4-6434-49F7-9816-08BE139EA4FE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DBABC2FB-FEAC-4A4F-A07C-CCADFB390D2D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DCAF51CD-F83E-40FC-8399-4360B94A64A8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DCD69EFE-1CEA-47BC-922A-0F284733593B}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DCD9428A-3542-41C2-8541-A0FB4C2BEAE7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DD30B4C3-FB81-4E3B-B920-15057A352928}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DD37793D-FFFE-4149-B1FB-3F2869CEC501}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DE2654CC-B7CE-4B1A-900B-1690102E9597}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DE2E1B80-02BE-40CE-AEE0-F8AD37723AB0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DEB52B13-7058-4B98-B9F2-71F4432FEB9D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DECEE370-56D5-42F9-9765-8DDC4F123AAB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{DFE29168-E7F6-4066-805D-3155E342DF37}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E08CBACF-E442-4D84-9FFD-24E3BC4CA67C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E10DD7DA-7205-41AB-9251-830C9D0FCC3E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E226CE9F-A05E-4984-AB86-1A94EBF24F5E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E2684030-8DBC-4E58-BD0D-675BB16A8946}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E3C8412F-870C-475C-867E-8FBA12DB89E5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E438A0DB-08CE-4EC4-BFF5-D8E08D251DC1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E634E429-FED4-43FD-89C8-4CD80EC90D2A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E7194F1E-00F9-4B0D-A0BF-67C7D72502B5}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E71BC1EA-E679-4783-8184-904B0AB932CA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E8769EA4-0716-4BAE-8715-B667109E5768}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E8911C00-6A4D-4F40-9332-3BCDE2E9CCC7}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E8E79818-94EF-4A86-9878-130159BE543A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E92C7A76-FC1D-4FC3-928F-13935FDFB99A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E94042F8-C5C6-4589-A72A-6FF112ABEF42}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{E9F2FD0E-A401-4454-AC43-F95E9DDD7370}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EA02097E-5F4A-48B4-9F98-0E44ED9CD0E0}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EA02341C-6E43-4FFD-A0B9-00C314318ED3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EB468775-70C9-4D7F-A0F6-E8C41A892CCA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EB79AC19-0C71-4CA5-A915-5CDC1BF2B0C9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EB9C21AE-0A8F-422E-96D2-6EF56F0A307D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EBC79358-D4D9-42A2-BAA5-5A39AA259564}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EC31D654-651C-46B9-9A40-102A4177BE7C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EC9E0390-FAE8-404B-A635-CF1E14065F97}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EE1DDD97-5C83-4C2C-BFE5-ECEEC14A76FF}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EE9C1F0E-B67F-45B4-BEC2-F0471F93F0DA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EEB93044-64CE-464A-983F-3CCDC58C5DD3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EF5CA233-76C8-4E3D-80E2-62E9A3D24D06}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{EF879196-6320-4950-BB87-079D24EE31BB}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F036F013-D89E-4F40-8D8B-B59731EE1DC8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F1BC318F-3328-49E7-950F-DD7124DB771F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F255FD4C-0B0A-4A83-BBE8-2217DD282466}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F2DE0EC3-3070-4EFD-9C68-55A915250BD1}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F36D2E03-9C17-4E00-B280-4B94D7019E6E}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F4C55AA7-7D25-4B22-8DBC-20B505D2329D}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F5900110-B19B-40A1-BE7A-024322B86454}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F5DC0A1C-5C75-447C-AE57-DDF055C0958C}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F6609151-B9C3-4937-94D1-C272CBB98894}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F744D7C1-504A-4811-B2E3-BB81B9DFC7EE}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F7BDB33C-5EFA-4AD2-94FB-58CB484D83BD}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F7FC3479-A615-4D51-8409-D83A788BA81F}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{F84815F3-7F1D-476B-BF59-E5EAED6A6335}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FAD468C1-D7ED-49B1-ADD0-1CF4E336CFC3}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FADFA079-90BB-4333-A11C-48612A094CBA}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FB13B5A3-FE01-43E8-8998-C19BD681EBB6}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FD9CD158-C8FC-4E39-AC0A-BFDD068159A9}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FDBBB1B8-0EFA-4753-A062-ED67576A001A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FDE054F3-888D-402B-A4AE-2A6D3E66D848}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FE2347FA-BD5A-4D5A-A48D-5D5B44DAE13A}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FE3902DF-6BD1-41F2-A455-8419DCF782E8}
Successfully deleted: [Empty Folder] C:\Users\damien\appdata\local\{FF63AC11-FD18-4D2E-8B44-4C6EB6BDF663}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/12/2013 at 19:18:26,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Encore merci
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
ok super ;)

Ensuite Fais ceci ==>

3)Télécharge =>> Malwarebytes'Antimalwares
Procèdes à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
La mise à jour du programme va se faire directement ; si ce n'est pas le cas, clique sur Recherche de mises à jour

***Attention le scan peut durer assez longtemps environ 2h voire plus...***

=>Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.<=

=> Fais une analyse complète en cliquant sur Exécuter un examen complet
Sélectionne les lecteurs à analyser et clique sur Lancer l'examen
L'analyse peut durer un certain temps

Lorsque l'analyse est terminée,

=> clique sur OK puis sur Afficher les résultats


***/!\"IMPORTANT "Assure-toi que tout est coché et clique sur "Supprimer"la sélection puis sur "OK"/!\***


Le bloc-note va s'ouvrir qui contiendra un rapport
Copie (Ctrl+C)/Colle (Ctrl+V) le rapport dans ta prochaine réponse


/!\ Il est possible que certains fichiers devront être supprimés au redémarrage du PC. Il faut le faire en cliquant sur Oui à la question posée

pour retrouver le rapport ouvre MBAM +> onglet rapports/logs l Le dernier en date => image ICI==> onglet rapports/logs

=>Si tu as besoin d'aide regarde ce tutoriel ==>ICI tutoriel<== ou là==> malware-tutoriel<==

(Garde Malwarebytes sur ton PC pour des scans réguliers de temps en temps)
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

Voici les rapports de Malware , je sens une amélioration mais je lague toujours autant au démarrage des applications et internet . Mais bon j'ai connu pire lol

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.12.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
damien :: DAMIEN-PC [administrateur]

Protection: Désactivé

26/12/2013 21:15:40
mbam-log-2013-12-26 (21-15-40).txt

Type d'examen: Examen complet (C:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 480640
Temps écoulé: 3 heure(s), 33 minute(s), 51 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 17
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Updater\1.7.0.0\Updater.exe.vir (PUP.Optional.Adwareplugin) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe.vir (PUP.Optional.WebCake.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tepfel\WebCakeIEClient.dll.vir (Adware.WebCake) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\tuto4pc_fr_53\tuto4pc_fr_53.exe.vir (Adware.Tuto4PC) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eGdpSvc.exe.vir (PUP.Optional.Wsys.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Local\tuto4pc_fr_53\Download\majt4pcfr.exe.vir (Adware.Eorezo) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\BabSolution\Shared\NTRedirect.dll.vir (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DigitalSites.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\eIntaller\F08EA31FE65A40ce8B44B2CD3CF87C8F\eGdpSvc.exe.vir (PUP.Optional.Wsys.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\eIntaller\F08EA31FE65A40ce8B44B2CD3CF87C8F\eXQ.exe.vir (PUP.Optional.Wilsys.A) -> Mis en quarantaine et supprimé avec succès.
C:\AdwCleaner\Quarantine\C\Users\damien\AppData\Roaming\Tepfel\WebCakeDesktop.exe.vir (PUP.Optional.WebCake.A) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files (x86)\vGrabber-software\Uninstall.exe (PUP.BundleInstaller.VG) -> Mis en quarantaine et supprimé avec succès.
C:\Users\damien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1HFYC3O\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Tasks\bench-sys.job (PUP.Optional.BenchUpdater.A) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Tasks\bench-Updater removing.job (PUP.Optional.BenchUpdater.A) -> Mis en quarantaine et supprimé avec succès.

(fin)


Encore merci de tes réponses king si rapide

hulk
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
Re,

ok ;)

pour contrôle refais un nouveau log ZHPDiag: stp
regarde l'image ici =>
https://www.cjoint.com/c/CJukFzALKYy
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

voici le rapport

Rapport de ZHPDiag v2013.12.26.23 - Nicolas Coolman (26/12/2013)
~ Lancé par damien (27/12/2013 13:24:15)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.130.10
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3764 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 280 GB (61%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: DAMIEN-PC
~ User Name: damien
~ All Users Names: UpdatusUser, HomeGroupUser$, damien, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\damien\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\damien\AppData\Roaming\
~ %Desktop% : C:\Users\damien\Desktop\
~ %Favorites% : C:\Users\damien\Favorites\
~ %LocalAppData% : C:\Users\damien\AppData\Local\
~ %StartMenu% : C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 280 Go of 452 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/583
~ Mes musiques (My Musics) : 19/433
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 6/24
~ Mon Bureau (My Desktop) : 1/70
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.1720]
[MD5.15D6EFED817CE145FF05A9829050D547] - (.GARMIN Corp. - Garmin ANT Agent Application.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776] [PID.3984]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.1880]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.928]
[MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376] [PID.3944]
[MD5.8AC62C26E1065547A1F49D6A19E25D42] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576] [PID.1988]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4804]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4428]
[MD5.C180E890FFE0FDED8306427D3C836AF2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.1976]
[MD5.B29A08A0CB56CD5A4B9C53A011819657] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.5596]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [366720] [PID.3572]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.6028]
[MD5.870DF389D7676EDBB635141336A867C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8302080] [PID.6016]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1636]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1744]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1888]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1960]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.1572]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2168]
[MD5.734D9EB27B76B2BA9F5030405345C707] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208] [PID.2200]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2548]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2568]
[MD5.9D8B95C0EAE145C46BC4A727B23DA395] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.4676]
[MD5.03AA7307C0D92D38D7AF90E181736B8D] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120] [PID.5912]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de fournitures HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (...) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe SecurityScanner.dll
O4 - GS\Desktop [Public]: McAfee Total Protection.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
O4 - GS\Desktop [Public]: WahOO.lnk . (...) -- C:\Users\damien\AppData\Local\WahOO\Wahoo.exe
O4 - GS\QuickLaunch [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [damien]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [damien]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [damien]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [damien]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [damien]: Video Downloader.lnk . (...) -- C:\Program Files (x86)\vGrabber-software\VideoDownloader.exe =>PUP.vGrabber
O4 - GS\Desktop [damien]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 88 Legitimates Filtered in 06mn 23s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (...) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - GS\Startup [damien]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [Wahoo] . (...) -- C:\Users\damien\AppData\Local\WahOO\WahOO.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\damien\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ANT Agent] . (.GARMIN Corp. - Garmin ANT Agent Application.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [RegTask] C:\Program Files (x86)\RegTask\RegTask.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [Wahoo] . (...) -- C:\Users\damien\AppData\Local\WahOO\WahOO.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\damien\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [ANT Agent] . (.GARMIN Corp. - Garmin ANT Agent Application.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - HKUS\S-1-5-21-2883711922-1813279362-3368567696-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\damien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 285.) - c:\windows\syswow64\nvinit.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegTask.job [388]
[MD5.00000000000000000000000000000000] [APT] [RegTask] (...) -- C:\Program Files (x86)\RegTask\RegTask.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 02mn 13s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (SABKUTIL) . (. - .) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\KowMedia]
~ Key Software: 342 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2013 - 10:10:17 - [0] ----D C:\Users\damien\AppData\Local\supt4pc_fr_37 =>PUP.Eorezo
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 187 Legitimates Filtered in 01mn 08s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CC872FA7EBA24536978A4A943B2DFC73] - 27/12/2013 - 13:29:26 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24608]
O44 - LFC:[MD5.CC872FA7EBA24536978A4A943B2DFC73] - 27/12/2013 - 13:29:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24608]
~ Files: 14 Legitimates Filtered in 00mn 49s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter64.acm" . (.Pas de propriétaire - ac3filter.) -- C:\Windows\System32\ac3filter64.acm
~ TDSD: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.83C57F165F0216E5CE40D7E4E00DC76D] - 24/04/2013 - 20:28:08 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 18 Legitimates Filtered in 00mn 41s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {9B5D5285-D5AB-4156-8A72-2C9CDBF26E46} - (Recherche sécurisée) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- C:\Users\damien\AppData\Local\Temp\Quarantine.exe [360051]
~ Files: 1 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C278C5DA-270A-467F-A839-C145C16C4BC4}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 216 Legitimates Filtered in 00mn 01s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.689EEE659BB279B0D1D69633698C6EC6] [WIS][20/09/2011] (.NTI Corporation - Media Maker.) -- C:\Windows\Installer\12552.msi [14190080]
[MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][06/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\2c39b.msi [24993792]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\599bf20.msi [522752]
[MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][27/01/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\c02fccd.msi [45056] =>Adware.Boxore
~ WIS: 484 Legitimates Filtered in 04mn 40s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 14/03/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 10/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 10/07/1658 0 | (McComponentHostService) . (...) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 16/09/2010 2538520 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2012 2464400 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 16/09/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 24/09/2013 178048 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 20/09/2013 1017016 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 04/11/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 04/11/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 13/04/2010 231224 | (MOBKbackup) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 16/10/2011 1640768 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/10/2011 2253120 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 20/08/2012 474208 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/08/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 07mn 39s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (26/12/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\damien\AppData\Local\supt4pc_fr_37 =>PUP.Eorezo^
C:\Program Files (x86)\vGrabber-software =>PUP.vGrabber
C:\Windows\Installer\c02fccd.msi =>Adware.Boxore^
~ Additionnel Scan: 351901 Items scanned in 07mn 25s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber =>PUP.vGrabber
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 5 link(s) detected in 07mn 26s



~ 1554 Legitimates filtered by white list
End of the scan (504 lines in 30mn 21s)(0)
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
1) supprimer McAfee Security Scan Plus ce ne pas un antivirus => https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces
____________________________________________________________

puis fais ceci =>

>>>Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !<<<

=>2) Copie tout le texte existant dans le fichier hébergé :
<<< ouvre le fiches ICI >>> http://cjoint.com/data3/3LBoQpA8qNW.htm (Sélectionne-le, clique droit dessus et choisis "tout sélectionner").

=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.(icône seringue)
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)

=> Une fois ZHPFix ouvert

=> clique sur "importer" Vérifie bien que toutes les lignes se collent automatiquement dans ZHPFix. image ici

clic sur "GO" en bas de page et confirme par oui pour lancer le nettoyage des données


==> laisse travailler l'outil et ne touche à rien ...

==> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !

le rapport s'affichera sur ton bureau et dans C:\zhpfix.txt .


==> Copie/colle la totalité du rapport dans ta prochaine réponse.
==> : https://www.cjoint.com/ Copie le lien dans ta prochaine réponse.


( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt )

Redémarre le PC et poste le rapport stp.

tuto ici ==> ZHPFi

ici tu a un tutorial en vidéo => https://www.youtube.com/watch?v=PgsbvafSLuI

Allez jusqu'au bout de votre désinfection, même si vous notez une amélioration après les premiers outils passés Joyeux Noël !
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

Encore merci king06 voici le rapport §

Ps par contre j avais lu trop vite je pense et du coup j ai supprimé carrément mc affee et a première vue je n arrive plus a l installer , il me dit probleme de connexion internet ou serveur , hors aucun problème !

Rapport de ZHPFix 2013.12.14.5 par Nicolas Coolman, Update du 06/12/2013
Fichier d'export Registre :
Run by damien at 27/12/2013 23:07:06
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 02s)
Réparation des raccourcis navigateur

========== Processus mémoire ==========
SUPPRIMÉ: Memory Process: C:\Users\damien\AppData\Local\Temp\Quarantine.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

========== Clés du Registre ==========
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
SUPPRIMÉ: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv
SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
SUPPRIMÉ: Service: McComponentHostService
SUPPRIMÉ: Service: Skype C2C Service
SUPPRIMÉ:* Mozilla Plugin: @mcafee.com/MSC,version=10
SUPPRIMÉ Driver Key: SABKUTIL

========== Valeurs du Registre ==========
SUPPRIMÉ: {C278C5DA-270A-467F-A839-C145C16C4BC4}
SUPPRIMÉ RunValue: QuickTime Task
SUPPRIMÉ RunValue: iTunesHelper
SUPPRIMÉ RunValue: RegTask
SUPPRIMÉ MWPS Value: EnableUIADesktopToggle
SUPPRIMÉ MWPS Value: FilterAdministratorToken
SUPPRIMÉ RunValue: uTorrent
SUPPRIMÉ RunValue: Wahoo
SUPPRIMÉ RunValue: Facebook Update
SUPPRIMÉ RunValue: Power Management
SUPPRIMÉ RunValue: msnmsgr
SUPPRIMÉ RunValue: RESTART_STICKY_NOTES
SUPPRIMÉ RunValue: Skype
SUPPRIMÉ RunValue: ANT Agent
SUPPRIMÉ RunValue: SuiteTray
SUPPRIMÉ RunValue: BackupManagerTray
SUPPRIMÉ RunValue: APSDaemon
SUPPRIMÉ RunValue: DivXUpdate
SUPPRIMÉ RunValue: PMBVolumeWatcher
SUPPRIMÉ RunValue: HP Software Update
SUPPRIMÉ RunValue: SunJavaUpdateSched
SUPPRIMÉ RunValue: Adobe ARM
SUPPRIMÉ RunValue: Sidebar
SUPPRIMÉ RunValue: IsMyWinLockerReboot
SUPPRIMÉ RunValue: mctadmin
SUPPRIMÉ RunValue: IgfxTray
SUPPRIMÉ RunValue: HotKeysCmds
SUPPRIMÉ RunValue: Persistence
SUPPRIMÉ RunValue: SynTPEnh
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIMÉ ProxyServer Value
SUPPRIMÉ ProxyEnable Value
SUPPRIMÉ EnableHttp1_1 Value
SUPPRIMÉ ProxyHttp1.1 Value
SUPPRIMÉ ProxyOverride Value
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
SUPPRIMÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
SUPPRIMÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
SUPPRIMÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
SUPPRIMÉ: FirewallRaz (Public) : NetPres-In-TCP
SUPPRIMÉ: FirewallRaz (Public) : NetPres-Out-TCP
SUPPRIMÉ: FirewallRaz (Public) : {DCCD532B-945D-48E1-A6A2-1316A746286C}
SUPPRIMÉ: FirewallRaz (Public) : {9D28F029-9406-4905-A33A-9BBEF3EA40F7}
SUPPRIMÉ: FirewallRaz (Private) : {BDEA1C8B-1F6D-45D6-8D1E-7F16E00920A8}
SUPPRIMÉ: FirewallRaz (Private) : {1F578412-2740-405E-AFD2-3ABDC79821E3}

========== Eléments de donnée du Registre ==========
REMPLACÉ Value NoActiveDesktopChanges : Good (0) - Bad (1)
SUPPRIMÉ: R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy

========== Dossiers ==========
SUPPRIMÉ: C:\Users\damien\AppData\Local\{0E5E395C-223F-429A-A4CD-A40D84A2A81B}
SUPPRIMÉ: C:\Users\damien\AppData\Local\{6E0B9AC0-3F54-4AA0-B4AE-B033C31E333E}
SUPPRIMÉS Temporaires Windows (120)

========== Fichiers ==========
SUPPRIMÉ: c:\users\damien\desktop\video downloader.lnk
SUPPRIMÉ: c:\program files (x86)\vgrabber-software\videodownloader.exe
SUPPRIMÉ: C:\Windows\Installer\c02fccd.msi
SUPPRIMÉ: c:\users\damien\appdata\roaming\microsoft\windows\start menu\programs\startup\openoffice.org 3.4.1.lnk
SUPPRIMÉ: c:\users\public\desktop\acheter en ligne.lnk
SUPPRIMÉ: c:\users\damien\appdata\roaming\microsoft\internet explorer\quick launch\µtorrent.lnk
SUPPRIMÉ Redémarrage: c:\users\damien\appdata\roaming\utorrent\utorrent.exe
SUPPRIMÉ: c:\users\damien\desktop\µtorrent.lnk
SUPPRIMÉ: c:\users\public\desktop\wahoo.lnk
SUPPRIMÉ Redémarrage: c:\users\damien\appdata\local\wahoo\wahoo.exe
SUPPRIMÉ: c:\users\damien\appdata\local\facebook\update\facebookupdate.exe
SUPPRIMÉ: c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe
SUPPRIMÉ: c:\program files\acer\acer epower management\epowertray.exe
SUPPRIMÉ Redémarrage: c:\windows\system32\stikynot.exe
SUPPRIMÉ Redémarrage: c:\program files (x86)\skype\phone\skype.exe
SUPPRIMÉ Redémarrage: c:\windows\system32\msiexec.exe
SUPPRIMÉ Redémarrage: c:\windows\system32\mctadmin.exe
SUPPRIMÉ Redémarrage: c:\windows\system32\igfxtray.exe
SUPPRIMÉ Redémarrage: c:\windows\system32\hkcmd.exe
SUPPRIMÉ Redémarrage: c:\windows\system32\igfxpers.exe
SUPPRIMÉS Flash Cookies (0) (0 octets)
SUPPRIMÉS Temporaires Windows (679) (248 164 936 octets)

========== Tache planifiée ==========
SUPPRIMÉ: RegTask
SUPPRIMÉ: RegTask
SUPPRIMÉ: RegTask
SUPPRIMÉ: RegTask

========== Restauration Système ==========
Point de restauration du système créé avec succès

========== Autre ==========
NON TRAITÉ McAfee Security Scan Plus v3.8.130.10
NON TRAITÉ McAfee Security Scan Plus v3.8.130.10
NON TRAITÉ Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe


========== Récapitulatif ==========
2 : Processus mémoire
10 : Clés du Registre
47 : Valeurs du Registre
2 : Eléments de donnée du Registre
3 : Dossiers
22 : Fichiers
4 : Tache planifiée
1 : Restauration Système
3 : Autre


End of clean in 05mn 24s

========== Chemin de fichier rapport ==========
C:\Users\damien\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/12/2013 16:42:15 [577]
C:\Users\damien\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/12/2013 16:47:05 [788]
C:\Users\damien\AppData\Roaming\ZHP\ZHPFix[R3].txt - 27/12/2013 23:07:08 [6143]
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
pour contrôle refais un nouveau log ZHPDiag: stp
regarde l'image ici =>
https://www.cjoint.com/c/CJukFzALKYy
Poste moi ensuite le rapport généré, dans ton prochain message. :). => Pour héberger le rapport Rendez vous sur le site Cjoint ==> https://www.cjoint.com/
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

voici le dernier rapport

Pourquoi heberger le rapport ? a quoi cela sert il ?? merci encore en esperant retourver mon pc désinfecté lol

Rapport de ZHPDiag v2013.12.26.23 - Nicolas Coolman (26/12/2013)
~ Lancé par damien (28/12/2013 01:42:05)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3764 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 281 GB (62%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: DAMIEN-PC
~ User Name: damien
~ All Users Names: UpdatusUser, HomeGroupUser$, damien, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\damien\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\damien\AppData\Roaming\
~ %Desktop% : C:\Users\damien\Desktop\
~ %Favorites% : C:\Users\damien\Favorites\
~ %LocalAppData% : C:\Users\damien\AppData\Local\
~ %StartMenu% : C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 281 Go of 452 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/583
~ Mes musiques (My Musics) : 19/433
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 6/24
~ Mon Bureau (My Desktop) : 1/67
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.3112]
[MD5.C180E890FFE0FDED8306427D3C836AF2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.2012]
[MD5.B29A08A0CB56CD5A4B9C53A011819657] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.3864]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [366720] [PID.2084]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.5040]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.2056]
[MD5.870DF389D7676EDBB635141336A867C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8302080] [PID.3704]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1552]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1572]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1772]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1828]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.1976]
[MD5.734D9EB27B76B2BA9F5030405345C707] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208] [PID.2016]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2168]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2360]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3524]
[MD5.9D8B95C0EAE145C46BC4A727B23DA395] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2608]
[MD5.03AA7307C0D92D38D7AF90E181736B8D] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120] [PID.3924]
[MD5.0B0B9F55B12767A755932C26B5FED715] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2538520] [PID.2660]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 14 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de fournitures HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
O4 - GS\QuickLaunch [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [damien]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [damien]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [damien]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [damien]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Global Startup: 77 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E9649C8-3DB4-47FD-BAA6-5D2DFA67E15D}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE611FD5-B94E-44E6-9C3D-A362C956ABF6}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 285.) - c:\windows\syswow64\nvinit.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) . (...) - C:\Windows\system32\mfevtps.exe (.not file.)
O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 15 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\KowMedia]
~ Key Software: 326 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.4A5D7DA70777A0F80BDA437C0C4A272B] - 27/12/2013 - 11:43:07 ---A- - C:\Windows\Prefetch\SUITETRAY.EXE-42757614.pf
O45 - LFCP:[MD5.F002003B4D259B6FBD2CCCD606DE8D5B] - 27/12/2013 - 11:45:00 ---A- - C:\Windows\Prefetch\MOBKBACKUP.EXE-EC50A615.pf
O45 - LFCP:[MD5.440A4FC44DC9CD2EEC9C61AE0F9ECF50] - 27/12/2013 - 14:56:19 ---A- - C:\Windows\Prefetch\MOBCLEANUP.EXE-A61C4927.pf
O45 - LFCP:[MD5.AE5927A6B5C5B51B6411EFD936D67C87] - 27/12/2013 - 14:58:17 ---A- - C:\Windows\Prefetch\WAHOO.EXE-C326BF2A.pf
O45 - LFCP:[MD5.2CF693858EB4E79C2639942771EFA8AE] - 27/12/2013 - 15:02:42 ---A- - C:\Windows\Prefetch\PMBVOLUMEWATCHER.EXE-E27CACF0.pf
O45 - LFCP:[MD5.7646AC9F172D019EE4E1A61FF1BE74A0] - 27/12/2013 - 22:08:51 ---A- - C:\Windows\Prefetch\MCPR.EXE-26187FE9.pf
O45 - LFCP:[MD5.3609FD1D2201EA5478C472C47CD4DFC4] - 27/12/2013 - 22:09:01 ---A- - C:\Windows\Prefetch\MCCLNUI.EXE-DE9E0F89.pf
O45 - LFCP:[MD5.E7F600044908B8E7C59A94EA5935ED0F] - 27/12/2013 - 22:09:11 ---A- - C:\Windows\Prefetch\SEDIAG.EXE-AF89DCF0.pf
O45 - LFCP:[MD5.A02A8D762EB0214A0EC2DD31AC73184F] - 27/12/2013 - 22:09:20 ---A- - C:\Windows\Prefetch\MCCLEANUP.EXE-41CF9142.pf
~ Prefetcher: 144 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter64.acm" . (.Pas de propriétaire - ac3filter.) -- C:\Windows\System32\ac3filter64.acm
~ TDSD: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.83C57F165F0216E5CE40D7E4E00DC76D] - 24/04/2013 - 20:28:08 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 16 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 25/12/2013 - 01:43:23 ---A- . (...) -- C:\Users\damien\AppData\Local\WahOO\Cookies.txt [1068341]
O61 - LFC: 25/12/2013 - 01:43:23 ---A- . (...) -- C:\Users\damien\AppData\Roaming\AC3Filter\Settings.reg [15285]
O61 - LFC: 26/12/2013 - 01:43:22 ---A- . (...) -- C:\Users\damien\AppData\Local\Google\Chrome\User Data\Local State~RF721d90.TMP [50062]
O61 - LFC: 26/12/2013 - 01:43:22 ---A- . (...) -- C:\Users\damien\AppData\Local\Google\Chrome\User Data\Local State~RF8e281.TMP [50015]
O61 - LFC: 26/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\ZHPFix[R1].txt [577] =>.Nicolas Coolman
O61 - LFC: 26/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\ZHPFix[R2].txt [788] =>.Nicolas Coolman
O61 - LFC: 26/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\Downloads\adwcleaner.exe [1233962]
O61 - LFC: 27/12/2013 - 01:42:53 ---A- . (...) -- C:\Users\damien\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267347]
O61 - LFC: 27/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\ZHPExportRegistry-27-12-2013-23-08-52.txt [681198] =>.Nicolas Coolman
O61 - LFC: 27/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [6647] =>.Nicolas Coolman
O61 - LFC: 27/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\ZHPFix[R3].txt [6224] =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 01:43:22 ---A- . (...) -- C:\Users\damien\AppData\Local\Google\Chrome\User Data\Local State [48965]
O61 - LFC: 28/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\Log.txt [81890] =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\TestsZHPDiag.txt [2879] =>.Nicolas Coolman
O61 - LFC: 28/12/2013 - 01:44:22 ---A- . (...) -- C:\Users\damien\AppData\Roaming\ZHP\ZHPDiag.txt [24615] =>.Nicolas Coolman
~ 1 Fichiers temporaires (Temporary files)
~ Files: 478 Legitimates Filtered in 01mn 30s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {9B5D5285-D5AB-4156-8A72-2C9CDBF26E46} - (Recherche sécurisée) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.689EEE659BB279B0D1D69633698C6EC6] [WIS][20/09/2011] (.NTI Corporation - Media Maker.) -- C:\Windows\Installer\12552.msi [14190080]
[MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][06/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\2c39b.msi [24993792]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][18/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\599bf20.msi [522752]
~ WIS: 453 Legitimates Filtered in 00mn 39s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 14/03/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 10/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Auto 10/07/1658 0 | (mfevtp) . (...) - C:\Windows\system32\mfevtps.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2012 2464400 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 16/09/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 16/10/2011 1640768 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/10/2011 2253120 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 20/08/2012 474208 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/09/2010 2538520 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 39s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by damien at 28/12/2013 01:46:10
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by damien at 28/12/2013 01:46:12

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (26/12/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 342877 Items scanned in 00mn 18s



~ 2074 Legitimates filtered by white list
End of the scan (408 lines in 04mn 26s)(0)
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
tt et bon ton pc et propre ;)

ok super ce parti pour la finale ;)

il nous reste encore à finaliser, voici la procédure =>

=>SFTGC: (permet simplement de supprimer les fichiers temporaires.)

=>Télécharger SFTGC.exe Enregistrez le fichier sur le bureau.


=> SFTGC compatible avec XP, Vista, Windows 7 et 8 en 32 et 64 bits.

Sous XP:

=> Faire un double clic sur le fichier.

=> Sous les autres versions de Windows:

=> Faire un clic droit sur le fichier et choisir Exécuter en tant qu'administrateur.

=>lancer le nettoyage, cliquer sur Go.

=>Après le nettoyage, un rapport s'ouvrira.

=>Le rapport est sur le bureau (SFT.txt)

=> Pour le poster, hébergez-le ici => https://www.cjoint.com/ si le premier lien ne marche pas ici => http://pjjoint.malekal.com/
Important! Si SFTGC vous invite à redémarrer, s'il vous plaît le faire immédiatement. Si ce n'est pas invité, redémarrez manuellement la machine de toute façon à assurer un nettoyage complet.

puis: ==>
____________________________________________________________

ensuite fais ceci =>

1)Désinstallation des outils de désinfection
Télécharges Delfix ici Delfix

Exécutes le en tant qu'administrateur(si tu es sous xp double clic sur le fichier téléchargé) puis une fois sur l'interface coches les cases suivantes


=> Réactive l'Uac (juste pour Vista, Seven et W8)
=> Supprimer les outils de désinfection (coché par défaut)
=> Réinitialisation des paramètres système
=> purger la restauration du système


Cliques ensuite sur Exécuter puis patientes pendant le processus de suppression.

Le rapport sera enregistré dans le presse-papier et sur le disque dur (C:\DelFix.txt).
Poste le rapport ==> https://www.cjoint.com/


2)N'oublies pas de mettre à jour java adobe reader et flashplayer pour IE (chrome l'intègre déjà)
Un lien utile à lire https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite java => https://www.java.com/fr/download/
N'oublies pas aussi de maintenir Windows à jour via Windows update

voici le lien officiel "adobe" pour le télécharger flashplayer ;) (sauf pour google chrome(lui intègre directement
https://get.adobe.com/flashplayer/?loc=fr pour la version firefox
http://get.adobe.com/fr/flashplayer/otherversions/ pour les autres versions
Adobe Reader => https://get.adobe.com/fr/reader/otherversions/

==> N'oubliez pas décochez Macfee !!!



3)Pour permettre de mettre à jour tes logiciels je te conseille d'utiliser Filehippo update checker

Tu peux le télécharger ici https://www.commentcamarche.net/download/telecharger-34060855-filehippo-app-manager

Pour l'installation de filehippo décoches seulement mettre l'icône dans la barre de lancement rapide



4)Pour nettoyer les fichiers temporaires tu peux utiliser Ccleaner avec tuto pour bien le configurer (https://www.commentcamarche.net/download/telecharger-168-ccleaner#tutoriel-ccleaner
Lien du téléchargement https://www.commentcamarche.net/download/telecharger-168-ccleaner
Tu peux aussi utiliser le nettoyeur de disque windows
N'oublies pas de défragmenter de temps en temps ton disque dur soit par le biais de l'utilitaire soit par le biais d'un logiciel tiers comme par exemple Deffagler ou auslogic Disk Defrag

Oublies les genres de nettoyeurs comme Tuneup ,Glary et autre nettoyeurs miracles ils ne te feront que ralentir ta machine et nettoyer plus blanc que blanc peut provoquer de graves dysfonctionnements



5)Sécurise tes navigateurs par exemple avec WOT et simple adblock pour Internet explorer
Pour télécharger WOT pour ie c'est par ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
Pour simple adblock c'est par ici http://simple-adblock.com/downloadpage/ (cliques sur Download Installer et pas le lien en dessous !)
Pour chrome(si tu possèdes Chrome)

Wot disponible ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
ou ici => https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp

Adblock disponible ici https://www.commentcamarche.net/download/telecharger-34079761-adblock-plus-pour-chrome


Lien du téléchargement pour wot sur firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

Lien pour télécharger adblock +

ou ici => https://adblockplus.org/fr/firefox

https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss


6)Fais attention à ce que tu télécharges où et comment
Evites si possible de télécharger sur O1net,tom's guide,télécharger.com et Softonic et compagnie car ils repackent les logiciels avec des programmes potientellement indésirables
A lire
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/
https://www.malekal.com/qvo6-en-v9-com-isafe-et-trojan-win32-staser/

7)Pourquoi faut-il éviter de télécharger sur du p2p

Les risques sont gros la machine risque de devenir un pc zombie
Un peu de lecture concernant les dangers et le risque
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start=
https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows

inscrive toi sur le forum pour mettre le sujet en résolu si tu ne l'a pas déjà fait !
N'oubliez pas de mettre votre sujet en résolu merci.=>
https://www.commentcamarche.net/faq/11365-marquer-un-fil-de-discussion-comme-etant-resolu

Sois prudent et bon surf! et bonnes fêtes ;-) N'oubliez pas de mettre votre sujet en résolu merci.


Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
intaler avast comme antivirus ici cils sur le boston vert=> http://www.commentcamarche.net/download/telecharger-151-avast-antivirus
Messages postés
12
Date d'inscription
jeudi 29 août 2013
Statut
Membre
Dernière intervention
28 décembre 2013

merci king 06 ! j installe avast et a prémière vue , plus de bug , Merci beaucoup
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
ok me tu a passer le 2 outils 1) SFTGC et 2) Delfix si oui pose les rapport stp puis fais la finale !
j ai bien realisé sftgc et delfix mais ou se cache les rapports ?
Messages postés
10277
Date d'inscription
mercredi 12 juin 2013
Statut
Membre
Dernière intervention
17 mars 2015
530
ok si tu la fais ce bon ;) pas grave pour les rapport !

Sois prudent et bon surf! et bonnes fêtes ;-)