Sujet Précédent Sujet Suivant

Aidez moi j'ai un trojan

Fermé
elsinha77 - 23 août 2012 à 19:55
 Elsinha77 - 13 sept. 2012 à 15:31
Bonjour,
je viens de m'apercevoir que j'ai un trojan avec spybot , il ralenti enormement mon pc et les mails j'ai du mal a les lires merci de m'aider svp !!


<config>Windows 7
A voir également:

40 réponses

Précédent
  • 1
  • 2
Réponse 21 / 40
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
25 août 2012 à 16:10
Ok, maintenant il me faut le rapport ZHPDiag pour continuer :)
0
Réponse 22 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
25 août 2012 à 16:27
il est juste au dessus non??? je suis un peu perdu avec es fichiers !!! ou sinon je te le redonne là :
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120825_x12y10q12z511
voilà
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
25 août 2012 à 16:29
Ce coup-ci c'est bon, je regarde ça ;)
0
Réponse 23 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
25 août 2012 à 17:12
Rapport de ZHPFix 1.2.04 par Nicolas Coolman, Update du 23/04/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-25-08-2012-17-10-40.txt
Run by thomas at 25/08/2012 17:10:40
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Processus mémoire ==========
SUPPRIME Memory Process: C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe

========== Clé(s) du Registre ==========
SUPPRIME Key*: HKCU\Software\AskBarDis
SUPPRIME Key*: HKCU\Software\AppDataLow\Software\pc_gear_fr
SUPPRIME Key*: HKCU\Software\AppDataLow\Software\Softonic_France
SUPPRIME Key*: SearchScopes :{0F36E18A-6296-4333-9D99-269AAFE3D111}_Chercher Malin

========== Valeur(s) du Registre ==========
SUPPRIME URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

========== Préférences navigateur ==========
PRESENT Chrome File: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
SUPPRIME Chrome Site: http://search.conduit.com
SUPPRIME Chrome Site: http://search.conduit.com
SUPPRIME Chrome Site: http://search.conduit.com
SUPPRIME Chrome Site: http://search.conduit.com
SUPPRIME Mozilla Pref: http://ww7.certified-toolbar.com
SUPPRIME Mozilla Pref: http://ww7.certified-toolbar.com

========== Dossier(s) ==========
SUPPRIME Reboot Folder**: C:\Program Files (x86)\Spybot - Search & Destroy
SUPPRIME Folder: C:\ProgramData\Spybot - Search & Destroy
SUPPRIME Folder: C:\Users\thomas\AppData\Roaming\BrowserCompanion
SUPPRIME Folder: C:\Users\thomas\AppData\Local\Acer Arcade Deluxe
SUPPRIME Reboot Folder**: C:\Program Files (x86)\AGI
SUPPRIME Reboot Folder**: C:\ProgramData\agi
SUPPRIME Reboot Folder**: C:\Program Files (x86)\m1988
SUPPRIME Reboot Folder**: C:\Program Files (x86)\otshot
SUPPRIME Folder: C:\Program Files (x86)\YourFileDownloader
SUPPRIME Reboot Folder**: C:\Program Files (x86)\x3_Codec
SUPPRIME Folder: C:\Users\thomas\AppData\Roaming\YourFileDownloader
SUPPRIME Folder: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x3_Codec 1.5.0.0
SUPPRIME Temporaires Windows

========== Fichier(s) ==========
SUPPRIME File: c:\users\thomas\desktop\continue video performer installation.lnk
ABSENT File: c:\users\thomas\appdata\local\temp\video performer63485.exe
SUPPRIME File: c:\users\thomas\appdata\roaming\mozilla\firefox\profiles\51jt5ga1.default\searchplugins\web search.xml
SUPPRIME File: c:\users\thomas\appdata\roaming\microsoft\internet explorer\quick launch\ebay.url
ABSENT File: c:\users\thomas\appdata\roaming\microsoft\internet explorer\quick launch\ebay.url
SUPPRIME File***: c:\program files (x86)\yourfiledownloader\yourfileupdater.exe
SUPPRIME Temporaires Windows

========== Tache planifiée ==========
SUPPRIME Task: {1A42D419-E1D2-45FD-A48C-93355B2008EC}
SUPPRIME Task: {6393A735-273B-4C44-9FE5-DA95D4DAD0E4}
SUPPRIME Task: {A0E9E61D-E0ED-4274-8A82-BE932E420B52}
SUPPRIME Task: {A665497E-3613-4068-893C-C696CDBF02EB}
SUPPRIME Task: Your File Updater

========== Restauration Système ==========
Point de restauration non crée


========== Récapitulatif ==========
1 : Processus mémoire
4 : Clé(s) du Registre
4 : Valeur(s) du Registre
13 : Dossier(s)
7 : Fichier(s)
7 : Préférences navigateur
5 : Tache planifiée
1 : Restauration Système


End of clean in 01mn 03s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 25/08/2012 13:40:43 [128538]
C:\ZHP\ZHPFix[R2].txt - 25/08/2012 17:10:40 [3674]
0
Réponse 24 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
25 août 2012 à 17:25
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120825_z7b15h6b5b8
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 40
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
25 août 2012 à 18:29
1) Ce script va cibler certains éléments à supprimer :

* Ouvre ce lien, sélectionne le script en entier et copie le (Édition --> Copier)
* Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en tant qu'administrateur"
* Clique sur l'icône représentant la lettre H (« coller les lignes Helper »)
* Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
* Clique sur le bouton « GO » pour lancer le nettoyage,
* Copie/colle la totalité du rapport dans ta prochaine réponse
* Pour t'aider


2) Utilise ce programme pour supprimer les fichiers temporaires inutiles :

* Télécharge TFC (de OldTimer) sur ton Bureau.
* Ferme tous tes programmes.
* Lance TFC (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en temps qu'administrateur)
* Clique sur le bouton Start pour lancer le nettoyage.
* Lorsqu'il aura terminé, l'outil devrait faire redémarrer ton ordinateur.

3) Relance ZHPDiag pour une nouvelle analyse (héberge le rapport)
0
Réponse 26 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
26 août 2012 à 09:05
Rapport de ZHPFix 1.2.04 par Nicolas Coolman, Update du 23/04/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-26-08-2012-09-04-16.txt
Run by thomas at 26/08/2012 09:04:16
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Logiciel(s) ==========
ABSENT Software Key: BlingeeTb.BlingeeTbToolbar
ABSENT Software Key: rwbfko

========== Clé(s) du Registre ==========
SUPPRIME Key*: Service: otshot
SUPPRIME Key*: HKCU\Software\AppDataLow\Software\01NET.com
SUPPRIME Key*: HKCU\Software\AppDataLow\6b9d955d
SUPPRIME Key*: HKCU\Software\AppDataLow\Software\NCH_EN
SUPPRIME Key*: HKCU\Software\AppDataLow\Software\TheGiftBar
SUPPRIME Key*: HKCU\Software\AppDataLow\Software\interdescargas-FR
ABSENT Key: HKLM\Software\YourFileDownloader
ABSENT Key: HKLM\Software\ZalmanInstaller_otshot
ABSENT Key: Service: otshot
SUPPRIME Key*: Service: Bonjour Service
ABSENT Key: Service: Bonjour Service

========== Valeur(s) du Registre ==========
SUPPRIME RunValue: Otshot
SUPPRIME MWPS Value: EnableUIADesktopToggle
SUPPRIME MWPS Value: FilterAdministratorToken
SUPPRIME MWPE Value: NoActiveDesktop
SUPPRIME MWPE Value: NoActiveDesktopChanges
SUPPRIME RunValue: MyTomTomSA.exe
SUPPRIME RunValue: QuickTime Task
SUPPRIME RunValue: iTunesHelper
SUPPRIME RunValue: HP Software Update
ABSENT RunValue: MyTomTomSA.exe
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
SUPPRIME FirewallRaz (Public) : {F2DC8BC6-A28A-443C-BED2-93874ECF557C}
SUPPRIME FirewallRaz (Public) : {671E1A91-6B92-4587-A2E4-02277263BC37}
SUPPRIME FirewallRaz (Public) : {F35448F4-90AF-4168-8990-E01A35740EA8}
SUPPRIME FirewallRaz (Public) : {4B933FC7-8EEF-4DB2-80F9-36C1427C3588}

========== Dossier(s) ==========
SUPPRIME Folder: C:\Program Files (x86)\Spybot - Search & Destroy
SUPPRIME Folder: C:\ProgramData\agi
SUPPRIME Folder: C:\Program Files (x86)\AGI
SUPPRIME Folder: C:\Program Files (x86)\otshot
SUPPRIME Temporaires Windows

========== Fichier(s) ==========
ABSENT File: c:\program files\otshot\otshot.exe
ABSENT File: c:\program files\otshot\zalmanupdateservice.exe
ABSENT Folder/File: c:\program files (x86)\agi
ABSENT Folder/File: c:\programdata\agi
SUPPRIME Temporaires Windows

========== Tache planifiée ==========
SUPPRIME Task: Your File Updater
SUPPRIME Task: {1354A0E6-7C6E-4B4B-AA03-298C83B29F57}
SUPPRIME Task: {13BE6398-2670-414B-B457-4238FF76C048}
SUPPRIME Task: {1A42D419-E1D2-45FD-A48C-93355B2008EC}
SUPPRIME Task: {6393A735-273B-4C44-9FE5-DA95D4DAD0E4}
SUPPRIME Task: {A0E9E61D-E0ED-4274-8A82-BE932E420B52}
SUPPRIME Task: {A665497E-3613-4068-893C-C696CDBF02EB}
SUPPRIME Task: {B9884A3F-A63E-47DD-AAA8-057D84BBE6B1}

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
11 : Clé(s) du Registre
16 : Valeur(s) du Registre
5 : Dossier(s)
5 : Fichier(s)
2 : Logiciel(s)
8 : Tache planifiée
1 : Restauration Système


End of clean in 01mn 02s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 25/08/2012 13:40:43 [128538]
C:\ZHP\ZHPFix[R2].txt - 25/08/2012 16:10:40 [3726]
C:\ZHP\ZHPFix[R3].txt - 26/08/2012 09:04:16 [3280]
0
Réponse 27 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
26 août 2012 à 09:21
bonjour pardon !!!

https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120826_z10b13l13g10o11
0
Réponse 28 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
26 août 2012 à 10:30
https://www.cjoint.com/?0HAkDStXsP8
0
Réponse 29 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
26 août 2012 à 20:13
All processes killed
========== OTL ==========
C:\Users\thomas\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\thomas\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\thomas\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\thomas\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\thomas\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\thomas\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\thomas\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\thomas\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\thomas\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\thomas\AppData\Roaming\LimeWire folder moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll deleted successfully.
C:\Users\thomas\AppData\Roaming\Hod_Uninstall\HulkOnDesk_Uninstall.exe moved successfully.
C:\Users\thomas\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe moved successfully.
C:\Users\thomas\AppData\Roaming\NCH Software\Components\aacenc\aacenc.exe moved successfully.
C:\Users\thomas\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe moved successfully.
C:\Users\thomas\AppData\Roaming\NCH Software\Components\soxdec\soxdec.exe moved successfully.
C:\Users\thomas\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe moved successfully.
C:\Users\thomas\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe moved successfully.
C:\Users\thomas\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe moved successfully.
C:\Users\thomas\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe moved successfully.
C:\Users\thomas\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe moved successfully.
C:\Users\thomas\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-768881423-1638004177-1102915227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-768881423-1638004177-1102915227-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-768881423-1638004177-1102915227-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-768881423-1638004177-1102915227-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\S-1-5-21-768881423-1638004177-1102915227-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-768881423-1638004177-1102915227-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-768881423-1638004177-1102915227-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080 removed from extensions.enabledItems
Prefs.js: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290 removed from extensions.enabledItems
Prefs.js: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960 removed from extensions.enabledItems
Prefs.js: "http://ww12.certified-toolbar.com"*/ removed from browser.startup.homepage
Prefs.js: "http://ww12.certified-toolbar.com"*/ removed from keyword.URL
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
C:\Users\thomas\AppData\Roaming\Ad-Aware Antivirus\Logs\20120823T180203.547953PID2684 folder moved successfully.
C:\Users\thomas\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\thomas\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: thomas
->Temp folder emptied: 11121946 bytes
->Temporary Internet Files folder emptied: 158966 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 314060486 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 559 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18499 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1894563 bytes

Total Files Cleaned = 312,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.59.0 log created on 08262012_200523

Files\Folders moved on Reboot...
C:\Users\thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
0
Réponse 30 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
26 août 2012 à 20:30
RogueKiller V8.0.0 [26/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : thomas [Droits d'admin]
Mode : Recherche -- Date : 26/08/2012 20:29:08

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 4 ¤¤¤
[STARTUP][SUSP PATH] tcbhn.lnk @thomas : C:\Users\thomas\AppData\Roaming\BrowserCompanion\tcbhn.exe -> TROUVÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp://127.0.0.1:8080) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Seagate ST3750528AS SCSI Disk Device +++++
--- User ---
[MBR] ecc46eb92d8f292b95dce18ab21dedfe
[BSP] 7769c84bd3ba991aaf0258e72c25d132 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 349646 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 747739136 | Size: 350296 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Apple iPod USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 31 / 40
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
26 août 2012 à 21:28
Ok, fais ceci :

*Lancer RogueKiller.exe
* Attendre la fin du Prescan ...
*Cliquer sur Suppression. Cliquer sur Rapport et copier coller le contenu du notepad dans ta réponse
Pour t'aider


*Relance ZHPDIAG pour une analyse de contrôle (héberge le rapport)
0
Réponse 32 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
27 août 2012 à 07:37
bonjour voilà le rsultat :


RogueKiller V8.0.0 [26/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : thomas [Droits d'admin]
Mode : Suppression -- Date : 27/08/2012 07:35:38

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 4 ¤¤¤
[STARTUP][SUSP PATH] tcbhn.lnk @thomas : C:\Users\thomas\AppData\Roaming\BrowserCompanion\tcbhn.exe -> SUPPRIMÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp://127.0.0.1:8080) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Seagate ST3750528AS SCSI Disk Device +++++
--- User ---
[MBR] ecc46eb92d8f292b95dce18ab21dedfe
[BSP] 7769c84bd3ba991aaf0258e72c25d132 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 349646 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 747739136 | Size: 350296 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
Modifié par loumax91 le 27/08/2012 à 08:23
Bonjour

Si tu n'utilise pas de proxy :
Relance RogueKiller et clique sur Proxy RAZ et poste le rapport ;)
0
Réponse 33 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
27 août 2012 à 08:39
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120827_d9s12s8m7p15
0
Réponse 34 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
27 août 2012 à 08:43
RogueKiller V8.0.0 [26/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : thomas [Droits d'admin]
Mode : Recherche -- Date : 27/08/2012 08:42:36

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Seagate ST3750528AS SCSI Disk Device +++++
--- User ---
[MBR] ecc46eb92d8f292b95dce18ab21dedfe
[BSP] 7769c84bd3ba991aaf0258e72c25d132 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 349646 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 747739136 | Size: 350296 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
27 août 2012 à 17:03
Problème !!
Refais une analyse OTL, stp (héberge le rapport).
0
Réponse 35 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
27 août 2012 à 17:14
OTL logfile created on: 27/08/2012 17:05:33 - Run 2
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,73 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 38,87% Memory free
7,47 Gb Paging File | 4,82 Gb Available in Paging File | 64,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,45 Gb Total Space | 203,00 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Drive D: | 342,09 Gb Total Space | 341,88 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 158,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: LESMONSTRES | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2012/08/26 10:06:11 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Downloads\OTL (2).exe
PRC - [2012/08/23 19:38:10 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/08/18 00:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/18 00:27:57 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Valve\Steam\Steam.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/06/08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/26 06:32:44 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\thomas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012/02/16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/06 12:56:32 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.exe
PRC - [2010/07/06 12:56:29 | 000,188,416 | ---- | M] (Canal+ Active) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 20:23:41 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Users\thomas\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/08/13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/10 07:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/08/06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/07/31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/08/26 20:11:47 | 000,115,137 | ---- | M] () -- C:\Users\thomas\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012/08/23 19:38:08 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Valve\Steam\bin\libcef.dll
MOD - [2012/08/23 19:38:01 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Valve\Steam\bin\avcodec-53.dll
MOD - [2012/08/23 19:38:01 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Valve\Steam\bin\chromehtml.dll
MOD - [2012/08/23 19:38:01 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Valve\Steam\bin\avformat-53.dll
MOD - [2012/08/23 19:38:01 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Valve\Steam\bin\avutil-51.dll
MOD - [2012/08/18 00:28:55 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/18 00:28:54 | 012,236,824 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/18 00:28:52 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/18 00:27:36 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012/08/18 00:27:35 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012/08/18 00:27:23 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/18 00:27:22 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/18 00:27:21 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/06/22 23:19:49 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/22 23:19:31 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/22 23:19:27 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/22 23:19:19 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/22 23:19:18 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/06/08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/05/09 07:26:52 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/05/09 07:25:21 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 07:25:12 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/09 05:37:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 05:31:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/09 05:31:47 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/05/09 05:31:40 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/09 05:31:34 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/09 05:31:26 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2010/07/06 12:56:32 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.exe
MOD - [2009/08/10 07:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/08/10 04:49:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/02/03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:[b]64bit:[/b] - [2009/07/02 07:16:04 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/08/23 19:38:10 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/06 12:56:29 | 000,188,416 | ---- | M] (Canal+ Active) [Auto | Running] -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/08/13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/07/28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2012/07/06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2012/07/06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/06/07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.sys -- (ccSet_NAV)
DRV:[b]64bit:[/b] - [2012/05/22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2012/04/18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2012/04/18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2012/03/26 22:57:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:34 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2011/12/08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2011/07/25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/12/02 12:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2010/12/02 12:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2010/12/02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:[b]64bit:[/b] - [2010/12/02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:[b]64bit:[/b] - [2009/07/02 07:51:28 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/06/11 07:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/06/02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2009/06/02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2009/06/02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/05/07 02:05:36 | 000,078,472 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CoachUsbS64.sys -- (CoachUsb)
DRV:[b]64bit:[/b] - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:[/b] - [2009/05/04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2006/12/05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:[b]64bit:[/b] - [2005/06/03 23:06:43 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/08/27 07:31:08 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120826.009\ex64.sys -- (NAVEX15)
DRV - [2012/08/27 07:31:08 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120826.009\eng64.sys -- (NAVENG)
DRV - [2012/08/22 04:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120824.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 12:26:50 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 12:26:50 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/19 00:03:24 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/07 10:39:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3203&r=17361009ln1697335zsl5gg7812w7o
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3203&r=17361009ln1697335zsl5gg7812w7o
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://www1.search-results.com/web?l=dis&q=&o=APN10656&apn_dtid=%5EBND431%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGH&d=431-0&lang=en&atb=sysid%3D431%3Auid%3De9674b871065a229%3Asrc%3Dieb%3Ao%3DAPN10656%3Atg%3D&p2=%5EAGH%5EBND431%5EYY%5EFR{searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/?crg=3.1010000.10007&barid={E79D3529-EFAA-11E1-981E-00016C6C8585}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://www1.search-results.com/web?l=dis&q=&o=APN10656&apn_dtid=%5EBND431%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGH&d=431-0&lang=en&atb=sysid%3D431%3Auid%3De9674b871065a229%3Asrc%3Dieb%3Ao%3DAPN10656%3Atg%3D&p2=%5EAGH%5EBND431%5EYY%5EFR{searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = https://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10007&barid={E79D3529-EFAA-11E1-981E-00016C6C8585}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IPGTDF&pc=IPGTDF{searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = https://search.aol.com/aol/webhome{searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_frFR351
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://www1.search-results.com/web?l=dis&q=&o=APN10656&apn_dtid=%5EBND431%5EYY%5EFR&shad=s_0043&gct=ds&apn_ptnrs=%5EAGH&d=431-0&lang=en&atb=sysid%3D431%3Auid%3De9674b871065a229%3Asrc%3Dieb%3Ao%3DAPN10656%3Atg%3D&p2=%5EAGH%5EBND431%5EYY%5EFR{searchTerms}
IE - HKCU\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&mkt=fr-FR&form=MIMWA5
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = https://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10007&barid={E79D3529-EFAA-11E1-981E-00016C6C8585}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://ww12.certified-toolbar.com"*/
FF - prefs.js..keyword.URL: "http://ww12.certified-toolbar.com"*/
FF - prefs.js..browser.startup.homepage: "https://home.sweetim.com/?crg=3.1010000.10007&barid={E79D3529-EFAA-11E1-981E-00016C6C8585}"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaulturl: ""


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canalplus.fr/Assistants VOD,version=1.0.0.0: C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll (Canal+ Active)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/06/23 13:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/11/18 14:12:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011/11/18 14:13:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/19 12:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/19 12:05:59 | 000,000,000 | ---D | M]

[2009/12/21 18:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions
[2009/10/28 09:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/26 20:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\51jt5ga1.default\extensions
[2012/08/26 20:22:38 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\51jt5ga1.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/08/26 20:15:48 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\51jt5ga1.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/08/26 20:17:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\51jt5ga1.default\extensions\plugin@yontoo.com
[2012/08/26 20:22:11 | 000,003,993 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\51jt5ga1.default\searchplugins\sweetim.xml
[2009/12/22 11:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/03 21:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
[2012/07/07 20:11:51 | 000,003,267 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Canal+ Assistants VOD (Enabled) = C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npcpvod.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: PriceGong = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: SweetIM for Facebook = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: PricePeep = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.255.0_0\
CHR - Extension: Skype Click to Call = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: PriceGong = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\
CHR - Extension: SweetIM for Facebook = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: PricePeep = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.255.0_0\
CHR - Extension: Skype Click to Call = C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O4:[b]64bit:[/b] - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CANAL+ CANALSAT A LA DEMANDE] C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe (Canal+)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk = C:\Users\thomas\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8:[b]64bit:[/b] - Extra context menu item: Lire des données EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Lire des données EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://express.foto.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45F30534-87E8-4783-8D50-C892B93819DE}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\search~1\datamngr\datamngr.dll) - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/24 20:38:57 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/08/24 20:38:57 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/11/17 01:55:00 | 000,000,131 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/08/27 07:12:27 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Local\{DE2E0225-D793-4083-AC14-DE74606C935C}
[2012/08/26 20:26:47 | 000,000,000 | ---D | C] -- C:\Users\thomas\Desktop\RK_Quarantine
[2012/08/26 20:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/08/26 20:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2012/08/26 20:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong
[2012/08/26 20:22:26 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/08/26 20:22:25 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Local\Wajam
[2012/08/26 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/08/26 20:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012/08/26 20:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2012/08/26 20:18:12 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012/08/26 20:18:12 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012/08/26 20:18:10 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2012/08/26 20:18:10 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2012/08/26 20:18:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2FR.DLL
[2012/08/26 20:18:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012/08/26 20:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/08/26 20:17:44 |
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
27 août 2012 à 17:33
Le rapport est trop long pour tenir sur le forum, il faut l'héberger ici, ensuite tu colle le lien :D
0
Réponse 36 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
27 août 2012 à 18:03
voilà désolé :

https://pjjoint.malekal.com/files.php?id=20120827_q8h8c10r13g13
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
27 août 2012 à 22:16
Quelques questions :
Tu es seul à te servir de ton PC ?
Ton antivirus Norton est-il à jour, la licence est-elle valide ?

Ce n'est pas dans mes habitudes de poser ces questions, mais à chaque rapport de nouvelles infections sont présentes sur ton PC, or dans ces conditions il va être difficile de s'en sortir !

*Rappel :
- Ne télécharge pas n'importe quel programme gratuit sans te renseigner dessus
- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects, préfère les sites connus ou le téléchargement directement sur le site de l'éditeur.
- Je te rappelle que certains sites comme 01net modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires.
- Lis attentivement lorsque tu installes un programme gratuit, et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !
0
Réponse 37 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
28 août 2012 à 06:06
bonjour , non on est 5 dessus , 3 ados + mon mari et moi !
Mon anti virus est a jour et je paye pour l'avoir donc la licence est en règle ! Je suis désolé de t'embêter avec ça sinon on arrête je vais voir comment ça se déroule ! je te remercie beaucoup en tous cas il fonctionne bien pourtant maintenant !
0
Réponse 38 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
28 août 2012 à 13:07
c le bazare je comprends rien plus je telecharge des trucs plus j'ai des trucs qui viennent désolé , c moi qui merde je crois !!
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
28 août 2012 à 16:07
Il faut installer chaque application avec le navigateur concerné, exemple :
Wot > Internet Explorer (tu télécharge et installe), ensuite > Firefox (tu télécharge et installe) et > Chrome (tu télécharge et installe).

Pour les deux autres modules complémentaires, cela concerne que Firefox et Chrome :
Adblock plus > Firefox et Chrome
Ghostery > Firefox et Chrome
0
Réponse 39 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
29 août 2012 à 06:08
bonjour firefox j'ai pas celui là je dois aussi l'installer ?
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
29 août 2012 à 09:19
Bonjour

Le navigateur Firefox est bien présent sur ton PC ;)

Donc, tu installe les trois modules complémentaires (Wot, Adblock plus et Ghostery) comme expliqué dessus.
0
Réponse 40 / 40
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
29 août 2012 à 12:45
ha !! je ne peut ouvrir aucun module fichier qui s'ouvre pas decidement grrr je suis nul !!
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
29 août 2012 à 20:20
J'ai pas compris ^^
0
Elsinha77 Messages postés 66 Date d'inscription samedi 19 janvier 2008 Statut Membre Dernière intervention 30 août 2012
30 août 2012 à 07:21
je ne peut ouvrir les fichiers !! désolé de t'embeter
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
30 août 2012 à 09:26
Bonjour
Quels sont les fichiers que tu n'arrive pas à ouvrir ?
0
Elsinha77
13 sept. 2012 à 15:31
bonjour exusez moi je suis partit quelques temps pour le boulot je ne peut ouvrir aucun fichier
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Trojan alerte
Titou43 -
gen-hackman -

23 réponses
Trojan:Win32/Wacatac.C!ml
lafayette53 -
Lud1450 -

20 réponses