crashstop
-
Compteur de contenus
24 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par crashstop
-
Bonjour Il me semble que mon ordinateur a été infecté par un virus Est ce que quelqu'un serait disponible pour m'aider a le nettoyer? Merci d'avance!
-
TaobaoProtect.exe
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Bonsoir Ci dessous les liens dans l'ordre: Adwcleaner:http://cjoint.com/?EEutOGkxjBs JRT:http://cjoint.com/?EEutQBTA2s8 MWAM: http://cjoint.com/?EEutSApf8IQ sc cleaner: http://cjoint.com/?EEutTUlFWiY ZHPdiag: http://cjoint.com/?EEutUYEg2GT J'ai effectivement fait quelques achats en Chine dernierement et oui j'aimerais tout supprimer Peut etre que cela n'a rien a voir mais pendant que j'effectuait tous mes scans, je me suis rendu compte que mon skype a eu un probleme: quand j'appelle quelqu'un ca sonne bien chez moi mais chez la personne ca ne sonne pas et donc impossible de passer l'appel. Bien cordialement C'est bon, skype fonctionne a nouveau! -
TaobaoProtect.exe
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Bonjour Merci pour votre réponse rapide Ci-joint le lien: http://cjoint.com/?EEunKmjnX8U -
Bonsoir Mon PC est infecté par le virus TaobaoProtect.exe Est-ce que quelqu'un pourrait m'aider à m'en débarasser? Merci d'avance
-
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Ok, j'irais faire un tour plus tard... Je vais de ce pas indiquer mon problème comme résolu! Il me reste a vous féliciter et à vous remercier pour votre excellent travail, vraiment! Je suis impressionné par l'excellence de votre service à mon égard et suis ravi d'avoir un ordinateur à nouveau operationnel Merci encore et bonne continuation -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Bonjour Oui on dirait que le systeme est propre, plus de pub intempestives Installation de HOSTS Anti-PUPs/Adwares OK Installation des 2 extensions pour firefox OK Par contre lorsque je clique sur le lien de telechargement de DELFIX, j'arrive sur une page qui me dit ca: 520 Website not authorized on CDN -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Bien vu!! Ca a marche Ci-joint le lien du log ZHPFix: http://cjoint.com/?CIjaXgaxB2u -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Oui c'est ce que j'avais fait, j'ai bien coller la procedure en vert -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Ok, Apres avoir cliqué sur personnalisation, je clique OK dans la fenetre avertissement et ensuit je clique sur GO et ca ne marche toujours pas, j'ai la meme fenetre d'avertissement qui s'ouvre -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
quand ZHPFix s'ouvre, je clic sur IMPORTER ou sur CONFIGURER? -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
ok j'ai reinitialisé IE et Chrome -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
en fait je n'ai pas la meme version de ZHPFix que vous, j'ai la v2013.9.7.2 -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
je reviens sur ZHP Fix, en fait je n'ai pas 3 icone sur mon bureau mais 2 (ZHPFix et ZHPDiag) il manque MRB check. De plus les icone n'ont pas le petit ecusson bleu et jaune comme vous l'indiquer. Quand j'ouvre ZHPFix, je n'ai pas la meme fenetre que vous. J'ai le choix entre importer en configurer, je clic donc sur importer et la s'ouvre une fenetre blanche avec que 3 boutons en bas a gauche dont le bouton GO. Je colle les lignes vertes et je clic sur GO et j'ai le message d'avertissement suivant: Examples: Script ZHPFix (Ligne obligatoire) C:\Program Files\MagniPic [HKEY_CURRENT_USER\Software\MagniPic] [HKEY_USERS\S-1-5-18\Control MagniPic] [HKCU\Software\MagniPic] -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Je n'ai pas de raccourci pour mes navigateurs (IE et Chrome) Ci dessous le log de shortcut cleaner: Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: http://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Home Premium Service Pack 1 Program started at: 09/08/2013 06:33:04 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Sébastien\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Sébastien\Desktop 0 bad shortcuts found. Program finished at: 09/08/2013 06:33:05 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Je ne suis pas trop sur que tout ai bien fonctionner comme vous dites mais j'ai pu recuperer le log ZHPfix[R1] que voici : Rapport de ZHPFix 2013.9.7.2 par Nicolas Coolman, Update du 07/09/2013 Fichier d'export Registre : Run by Sébastien at 08/09/2013 18:14:10 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Corbeille vidée (Annulé par l'utilisateur) ========== Clés du Registre ========== CTFDisabledCTFMon désactivé par défaut ========== Récapitulatif ========== 1 : Clés du Registre End of clean in 14mn 12s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 08/09/2013 18:14:12 [514] c'est OK? -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
et enfin voici le lien du log ZHPdiag: http://cjoint.com/?CIirwoUsPZS -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
ci dessous le rapport d'analyse de MBAM apres nettoyage: Malwarebytes Anti-Malware (Essai) 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.09.08.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sébastien :: SÉBASTIEN-HP [administrateur] Protection: Activé 08/09/2013 15:37:31 mbam-log-2013-09-08 (15-37-31).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 353065 Temps écoulé: 26 minute(s), 6 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 18 HKCR\AppID\{14B1B6D0-D25F-4418-94E3-EC2B5AEE9756} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\TypeLib\{14B1B6D0-D25F-4418-94E3-EC2B5AEE9756} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Mis en quarantaine et supprimé avec succès. HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{2C141B4C-B5BA-4E89-BE73-F71ED4A208CF} (PUP.Optional.MixiDJToolbar.A) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{7D0EE142-0642-4FDD-AF73-7399C04E1041} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\esrv.mixidjESrvc.1 (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\esrv.mixidjESrvc (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{C3F978C3-0594-4397-B8E6-3F9D9BE6A7B9} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{F9221CC8-22DF-4CEF-B8ED-BA87F1F09878} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\m (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\Typelib\{8BA772A8-AC4F-4954-9B5E-433CA6DC506F} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\Interface\{108F5878-71F9-4B5C-9EC0-58CEC29E8124} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès. HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A105B30B-D103-4781-B18C-E8DF93B6EBD0} (PUP.Optional.MixiDJ.A) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 3 C:\Users\Sébastien\AppData\Local\Temp\mt_ffx\mixidj (PUP.Optional.MixiDJ.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\mt_ffx\mixidj\mixidj (PUP.Optional.MixiDJ.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\mt_ffx\mixidj\mixidj\1.8.18.8 (PUP.Optional.MixiDJ.A) -> Mis en quarantaine et supprimé avec succès. Fichier(s) détecté(s): 23 C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir (PUP.DealPly.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\luckyleapBHO.dll.vir (PUP.Optional.LuckyLeap.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\mixidj\mixidj\1.8.18.8\uninstall.exe.vir (PUP.Optional.MixiDJ.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Program Files (x86)\tuto4pc_fr_60\tuto4pc_fr_60.exe.vir (Adware.Tuto4PC) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Users\Sébastien\AppData\Local\tuto4pc_fr_60\Download\majt4pcfr.exe.vir (Adware.Eorezo) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Users\Sébastien\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\AdwCleaner\Quarantine\C\Users\Sébastien\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir (PUP.DealPly.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQ4S4GT6\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HS2BHJNW\pack[1].7z (PUP.Optional.BrowserProtect.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\400C5229-BAB0-7891-911F-1A152719AF99\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\400C5229-BAB0-7891-911F-1A152719AF99\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\7C35755B-BAB0-7891-9C39-532A013F2AB4\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\7C35755B-BAB0-7891-9C39-532A013F2AB4\Latest\MyMixiTB.exe (PUP.Optional.MixiDJ.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\7C35755B-BAB0-7891-9C39-532A013F2AB4\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\AppData\Local\Temp\is-3A9SV.tmp\babylon_download.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\Sébastien\Downloads\PokerStars.exe (PUP.Optional.Firser.A) -> Mis en quarantaine et supprimé avec succès. (fin) -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
ci dessous le log JRT http://cjoint.com/?CIio0A2stAM -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Ci dessous le log adwcleaner apres nettoyage http://cjoint.com/?CIioNox7DbS -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Ci dessous le log adwcleaner http://cjoint.com/?CIioGdOCR3j -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Désolé d'avoir posté les rapports directement ci dessous le lien du log FRST: http://cjoint.com/?CIioizYJbPQ Ci dessous le lien du log addition: http://cjoint.com/?CIiolCyJu69 -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
Bonjour Tout d'abord un grand merci pour prendre mon cas en consideration Ci dessous le rapport FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013 Ran by Sébastien (administrator) on SÉBASTIEN-HP on 08-09-2013 10:44:25 Running from C:\Users\Sébastien\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe () C:\Program Files (x86)\tuto4pc_fr_60\tuto4pc_fr_60.exe () C:\Users\Sébastien\AppData\Local\tuto4pc_fr_60\upt4pc_fr_60.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (lucky leap) C:\Program Files (x86)\lucky leap\updateluckyleap.exe () C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.) HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Runonce: [Del1787537] - cmd.exe /Q /D /c del "C:\Users\SBASTI~1\AppData\Local\Temp\0.del" [x] HKLM-x32\...\RunOnce: [upt4pc_fr_60.exe] - C:\Users\Sébastien\AppData\Local\tuto4pc_fr_60\upt4pc_fr_60.exe -runonce [3154416 2013-08-29] () HKLM-x32\...\Runonce: [Del15946562] - cmd.exe /Q /D /c del "C:\Users\SBASTI~1\AppData\Local\Temp\0.del" [x] HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Runonce: [Del1787537] - cmd.exe /Q /D /c del "C:\Users\SBASTI~1\AppData\Local\Temp\0.del" HKCU\...\Runonce: [Del15946562] - cmd.exe /Q /D /c del "C:\Users\SBASTI~1\AppData\Local\Temp\0.del" HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [576568 2011-11-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [tuto4pc_fr_60] - C:\Program Files (x86)\tuto4pc_fr_60\tuto4pc_fr_60.exe [3965936 2013-08-29] () AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [2699216 2013-08-13] () Startup: C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=DEA2C018854473AF&affID=121136&tsp=4998 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=DEA2C018854473AF&affID=121136&tsp=4998 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {9BEA2108-27FF-4806-9309-09B32ABCD8AC} URL = http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=http://www.ebay.fr/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {9BEA2108-27FF-4806-9309-09B32ABCD8AC} URL = http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=http://www.ebay.fr/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDyEyEyBtA0A0FtAtA0D0CtN0D0Tzu0CyCtCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=94443444&ir= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DEA2C018854473AF&affID=121136&tsp=4998 SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {9BEA2108-27FF-4806-9309-09B32ABCD8AC} URL = http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=http://www.ebay.fr/sch/i.html?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll (MixiDJ) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) BHO-x32: lucky leap - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files (x86)\lucky leap\luckyleapbho.dll (luckyleap) BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD) Toolbar: HKLM-x32 - MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll (MixiDJ) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2012-03-30] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 172.16.233.229 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.14 CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0 CHR Extension: (Chrome In-App Payments service) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\SBASTI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [boipimhfjpakfgckhbljjengakjhkcbp] - C:\Users\Sébastien\AppData\Roaming\BabSolution\CR\mixiDj.crx CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Sébastien\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx CHR HKLM-x32\...\Chrome\Extension: [kpepfkjapeclaafmhoelccknpfedainn] - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidj.crx ==================== Services (Whitelisted) ================= S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It) R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838480 2013-08-13] () S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-07] (DealPly Technologies Ltd) S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-07] (DealPly Technologies Ltd) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 Update lucky leap; C:\Program Files (x86)\lucky leap\updateluckyleap.exe [206624 2013-08-30] (lucky leap) ==================== Drivers (Whitelisted) ==================== S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-08 10:39 - 2013-09-08 10:42 - 01948988 _____ (Farbar) C:\Users\Sébastien\Desktop\FRST64.exe 2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\Program Files\PostgreSQL 2013-09-08 10:34 - 2013-09-08 10:34 - 00000000 ____D C:\Program Files (x86)\PostgreSQL 2013-09-08 09:31 - 2013-09-08 10:35 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\PokerTracker 4 2013-09-08 09:31 - 2013-09-08 09:31 - 00004925 _____ C:\ProgramData\flwjycbm.bab 2013-09-08 09:31 - 2013-09-08 09:31 - 00001074 _____ C:\Users\Sébastien\Desktop\PokerTracker 4.lnk 2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4 2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4 2013-09-08 01:36 - 2013-09-08 02:20 - 46977154 _____ C:\Users\Sébastien\Downloads\PT-Install-v4.09.1.exe 2013-09-07 23:42 - 2013-09-07 23:43 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\RadioSure 2013-09-07 23:42 - 2013-09-07 23:42 - 00001118 _____ C:\Users\Sébastien\Desktop\RadioSure.lnk 2013-09-07 23:42 - 2013-09-07 23:42 - 00001087 _____ C:\Users\Sébastien\Desktop\MyPC Backup.lnk 2013-09-07 23:42 - 2013-09-07 23:42 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure 2013-09-07 23:42 - 2013-09-07 23:42 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-09-07 23:42 - 2013-09-07 23:42 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-09-07 23:40 - 2013-09-07 23:40 - 00000000 ____D C:\Program Files (x86)\mixidj 2013-09-07 23:39 - 2013-09-07 23:39 - 00003442 _____ C:\Windows\System32\Tasks\BrowserDefendert 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\mixidj 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\avgchrome 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-07 23:38 - 2013-09-07 23:39 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-09-07 23:38 - 2013-09-07 23:38 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-09-07 23:35 - 2013-09-08 02:04 - 00003410 _____ C:\Windows\System32\Tasks\EPUpdater 2013-09-07 23:35 - 2013-09-07 23:35 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\BabSolution 2013-09-07 23:33 - 2013-09-07 23:42 - 05521199 _____ (TheBestWare Studio) C:\Users\Sébastien\Downloads\RadioSure-2.2.1036-setup.exe 2013-09-07 23:33 - 2013-09-07 23:33 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Babylon 2013-09-07 23:33 - 2013-09-07 23:33 - 00000000 ____D C:\ProgramData\Babylon 2013-09-07 23:32 - 2013-09-08 10:37 - 00000912 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job 2013-09-07 23:32 - 2013-09-07 23:37 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job 2013-09-07 23:32 - 2013-09-07 23:32 - 00003908 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA 2013-09-07 23:32 - 2013-09-07 23:32 - 00003656 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore 2013-09-07 23:31 - 2013-09-08 10:31 - 00000304 _____ C:\Windows\Tasks\Dealply.job 2013-09-07 23:31 - 2013-09-07 23:31 - 00003260 _____ C:\Windows\System32\Tasks\Dealply 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Dealply 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\DealPlyLive 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\ProgramData\DealPlyLive 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Program Files (x86)\DealPlyLive 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-09-07 23:30 - 2013-09-07 23:30 - 00000000 ____D C:\Program Files (x86)\lucky leap 2013-09-07 23:24 - 2013-09-07 23:25 - 00584600 _____ C:\Users\Sébastien\Downloads\cbsidlm-tr1_14-RadioSure-ORG-10911517.exe 2013-09-07 22:38 - 2013-09-08 01:47 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\PokerStars.FR 2013-09-07 22:38 - 2013-09-07 22:38 - 00001084 _____ C:\Users\Public\Desktop\PokerStars.fr.lnk 2013-09-07 22:38 - 2013-09-07 22:38 - 00000000 ____D C:\Program Files (x86)\PokerStars.FR 2013-09-07 22:20 - 2013-09-07 22:37 - 26619648 _____ (PokerStars) C:\Users\Sébastien\Downloads\PokerStarsInstallFR (2).exe 2013-09-07 20:45 - 2013-09-07 20:55 - 01774332 _____ C:\Users\Sébastien\Downloads\PokerStarsInstallFR (1).exe 2013-09-07 19:43 - 2013-09-07 19:49 - 02747232 _____ C:\Users\Sébastien\Downloads\PokerStarsInstallFR.exe 2013-09-07 19:42 - 2013-09-08 02:03 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\tuto4pc_fr_60 2013-09-07 19:42 - 2013-09-07 19:42 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\eorezo 2013-09-07 19:42 - 2013-09-07 19:42 - 00000000 ____D C:\Program Files (x86)\tuto4pc_fr_60 2013-09-07 19:35 - 2013-09-08 10:35 - 00000306 _____ C:\Windows\Tasks\MySearchDial.job 2013-09-07 19:35 - 2013-09-07 19:36 - 00000000 ____D C:\Program Files (x86)\Mysearchdial 2013-09-07 19:35 - 2013-09-07 19:35 - 00003262 _____ C:\Windows\System32\Tasks\MySearchDial 2013-09-07 19:35 - 2013-09-07 19:35 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\mysearchdial 2013-09-07 19:28 - 2013-09-07 19:28 - 00232760 _____ (Firser) C:\Users\Sébastien\Downloads\PokerStars.exe 2013-09-07 19:08 - 2013-09-07 19:08 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSÉBASTIEN-HP$ 2013-09-07 19:08 - 2013-09-07 19:08 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSÉBASTIEN-HP$.job 2013-09-07 18:48 - 2013-09-08 02:02 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\vlc 2013-09-07 18:11 - 2013-09-07 18:11 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-09-07 17:45 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2013-09-07 17:45 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2013-09-07 17:45 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2013-09-07 17:45 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2013-09-07 17:28 - 2013-09-08 10:33 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-07 17:28 - 2013-09-07 19:07 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-07 17:28 - 2013-09-07 18:26 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Google 2013-09-07 17:28 - 2013-09-07 18:26 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-07 17:28 - 2013-09-07 17:28 - 00004070 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-09-07 17:28 - 2013-09-07 17:28 - 00003818 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-07 17:27 - 2013-09-07 17:28 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Deployment 2013-09-07 17:27 - 2013-09-07 17:27 - 00000000 ____D C:\Users\Sébastien\AppData\Local\Apps\2.0 2013-09-07 17:16 - 2013-09-07 17:16 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Macromedia 2013-09-07 17:16 - 2013-09-07 17:16 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Adobe 2013-09-07 17:15 - 2013-09-07 23:42 - 00000000 ___RD C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-07 17:15 - 2013-09-07 19:06 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForSébastien.job 2013-09-07 17:15 - 2013-09-07 17:23 - 00003968 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{43130126-3B80-4227-8C4A-A8501436C1C7} 2013-09-07 17:15 - 2013-09-07 17:15 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSébastien 2013-09-07 17:15 - 2013-09-07 17:15 - 00001459 _____ C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-07 17:15 - 2013-09-07 17:15 - 00001425 _____ C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-07 17:15 - 2013-09-07 17:15 - 00000000 ___RD C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-07 17:15 - 2013-09-07 17:15 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Synaptics 2013-09-07 17:13 - 2013-09-07 17:13 - 00057560 _____ C:\Users\SBASTI~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-07 17:13 - 2013-09-07 17:13 - 00000000 ____D C:\Users\Sébastien\Documents\Youcam 2013-09-07 17:13 - 2013-09-07 17:13 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\CyberLink 2013-09-07 17:13 - 2013-09-07 17:13 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\CyberLink 2013-09-07 17:11 - 2013-09-07 19:09 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Skype 2013-09-07 17:10 - 2013-09-07 23:39 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Hewlett-Packard 2013-09-07 17:10 - 2013-09-07 17:15 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Hewlett-Packard 2013-09-07 17:10 - 2013-09-07 17:10 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\hpqlog 2013-09-07 17:09 - 2013-09-07 17:15 - 00003584 _____ C:\Windows\System32\Tasks\Registration 2013-09-07 17:09 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-09-07 17:09 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-09-07 17:09 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-09-07 17:09 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2013-09-07 17:09 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2013-09-07 17:09 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-09-07 17:09 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-09-07 17:09 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-09-07 17:09 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-09-07 17:08 - 2013-09-07 17:08 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\VirtualStore 2013-09-07 17:08 - 2013-09-07 17:08 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\RemEngine 2013-09-07 17:08 - 2013-09-07 17:08 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Hewlett-Packard_Company 2013-09-07 17:07 - 2013-09-08 10:44 - 01465398 _____ C:\Windows\WindowsUpdate.log 2013-09-07 17:07 - 2013-09-07 17:15 - 00000000 ____D C:\Users\Sébastien 2013-09-07 17:07 - 2013-09-07 17:07 - 00000020 ___SH C:\Users\Sébastien\ntuser.ini 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Voisinage réseau 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Voisinage d'impression 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Modèles 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Menu Démarrer 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\SBASTI~1\AppData\Local\Historique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Public\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Public\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Public\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Voisinage réseau 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Voisinage d'impression 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Modèles 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Menu Démarrer 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Modèles 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Menu Démarrer 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Favoris 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Bureau 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Program Files\Fichiers communs 2013-09-07 17:07 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-09-07 17:07 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-09-07 17:06 - 2013-09-07 17:06 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat ==================== One Month Modified Files and Folders ======= 2013-09-08 10:44 - 2013-09-07 17:07 - 01465398 _____ C:\Windows\WindowsUpdate.log 2013-09-08 10:44 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-08 10:44 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-08 10:42 - 2013-09-08 10:39 - 01948988 _____ (Farbar) C:\Users\Sébastien\Desktop\FRST64.exe 2013-09-08 10:37 - 2013-09-07 23:32 - 00000912 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job 2013-09-08 10:35 - 2013-09-08 10:35 - 00000000 ____D C:\Program Files\PostgreSQL 2013-09-08 10:35 - 2013-09-08 09:31 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\PokerTracker 4 2013-09-08 10:35 - 2013-09-07 19:35 - 00000306 _____ C:\Windows\Tasks\MySearchDial.job 2013-09-08 10:34 - 2013-09-08 10:34 - 00000000 ____D C:\Program Files (x86)\PostgreSQL 2013-09-08 10:33 - 2013-09-07 17:28 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-08 10:31 - 2013-09-07 23:31 - 00000304 _____ C:\Windows\Tasks\Dealply.job 2013-09-08 10:14 - 2012-02-09 19:42 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-08 10:14 - 2012-02-09 19:42 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-08 09:32 - 2012-02-10 04:10 - 00695004 _____ C:\Windows\system32\perfh00C.dat 2013-09-08 09:32 - 2012-02-10 04:10 - 00127684 _____ C:\Windows\system32\perfc00C.dat 2013-09-08 09:32 - 2009-07-14 07:13 - 01524562 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-08 09:31 - 2013-09-08 09:31 - 00004925 _____ C:\ProgramData\flwjycbm.bab 2013-09-08 09:31 - 2013-09-08 09:31 - 00001074 _____ C:\Users\Sébastien\Desktop\PokerTracker 4.lnk 2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4 2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4 2013-09-08 03:01 - 2009-07-14 07:38 - 00029696 ___SH C:\Windows\system32\config\BCD-Template.LOG 2013-09-08 03:01 - 2009-07-14 07:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template 2013-09-08 02:20 - 2013-09-08 01:36 - 46977154 _____ C:\Users\Sébastien\Downloads\PT-Install-v4.09.1.exe 2013-09-08 02:04 - 2013-09-07 23:35 - 00003410 _____ C:\Windows\System32\Tasks\EPUpdater 2013-09-08 02:03 - 2013-09-07 19:42 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\tuto4pc_fr_60 2013-09-08 02:02 - 2013-09-07 18:48 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\vlc 2013-09-08 01:47 - 2013-09-07 22:38 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\PokerStars.FR 2013-09-07 23:43 - 2013-09-07 23:42 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\RadioSure 2013-09-07 23:42 - 2013-09-07 23:42 - 00001118 _____ C:\Users\Sébastien\Desktop\RadioSure.lnk 2013-09-07 23:42 - 2013-09-07 23:42 - 00001087 _____ C:\Users\Sébastien\Desktop\MyPC Backup.lnk 2013-09-07 23:42 - 2013-09-07 23:42 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure 2013-09-07 23:42 - 2013-09-07 23:42 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-09-07 23:42 - 2013-09-07 23:42 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-09-07 23:42 - 2013-09-07 23:33 - 05521199 _____ (TheBestWare Studio) C:\Users\Sébastien\Downloads\RadioSure-2.2.1036-setup.exe 2013-09-07 23:42 - 2013-09-07 17:15 - 00000000 ___RD C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-07 23:40 - 2013-09-07 23:40 - 00000000 ____D C:\Program Files (x86)\mixidj 2013-09-07 23:39 - 2013-09-07 23:39 - 00003442 _____ C:\Windows\System32\Tasks\BrowserDefendert 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\mixidj 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\avgchrome 2013-09-07 23:39 - 2013-09-07 23:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-07 23:39 - 2013-09-07 23:38 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-09-07 23:39 - 2013-09-07 17:10 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Hewlett-Packard 2013-09-07 23:38 - 2013-09-07 23:38 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-09-07 23:37 - 2013-09-07 23:32 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job 2013-09-07 23:35 - 2013-09-07 23:35 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\BabSolution 2013-09-07 23:33 - 2013-09-07 23:33 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Babylon 2013-09-07 23:33 - 2013-09-07 23:33 - 00000000 ____D C:\ProgramData\Babylon 2013-09-07 23:32 - 2013-09-07 23:32 - 00003908 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA 2013-09-07 23:32 - 2013-09-07 23:32 - 00003656 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore 2013-09-07 23:31 - 2013-09-07 23:31 - 00003260 _____ C:\Windows\System32\Tasks\Dealply 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Dealply 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\DealPlyLive 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\ProgramData\DealPlyLive 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Program Files (x86)\DealPlyLive 2013-09-07 23:31 - 2013-09-07 23:31 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-09-07 23:30 - 2013-09-07 23:30 - 00000000 ____D C:\Program Files (x86)\lucky leap 2013-09-07 23:25 - 2013-09-07 23:24 - 00584600 _____ C:\Users\Sébastien\Downloads\cbsidlm-tr1_14-RadioSure-ORG-10911517.exe 2013-09-07 23:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources 2013-09-07 22:38 - 2013-09-07 22:38 - 00001084 _____ C:\Users\Public\Desktop\PokerStars.fr.lnk 2013-09-07 22:38 - 2013-09-07 22:38 - 00000000 ____D C:\Program Files (x86)\PokerStars.FR 2013-09-07 22:37 - 2013-09-07 22:20 - 26619648 _____ (PokerStars) C:\Users\Sébastien\Downloads\PokerStarsInstallFR (2).exe 2013-09-07 20:55 - 2013-09-07 20:45 - 01774332 _____ C:\Users\Sébastien\Downloads\PokerStarsInstallFR (1).exe 2013-09-07 20:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-09-07 20:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN 2013-09-07 20:21 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2013-09-07 20:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI 2013-09-07 20:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism 2013-09-07 20:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com 2013-09-07 19:49 - 2013-09-07 19:43 - 02747232 _____ C:\Users\Sébastien\Downloads\PokerStarsInstallFR.exe 2013-09-07 19:42 - 2013-09-07 19:42 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\eorezo 2013-09-07 19:42 - 2013-09-07 19:42 - 00000000 ____D C:\Program Files (x86)\tuto4pc_fr_60 2013-09-07 19:36 - 2013-09-07 19:35 - 00000000 ____D C:\Program Files (x86)\Mysearchdial 2013-09-07 19:35 - 2013-09-07 19:35 - 00003262 _____ C:\Windows\System32\Tasks\MySearchDial 2013-09-07 19:35 - 2013-09-07 19:35 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\mysearchdial 2013-09-07 19:28 - 2013-09-07 19:28 - 00232760 _____ (Firser) C:\Users\Sébastien\Downloads\PokerStars.exe 2013-09-07 19:09 - 2013-09-07 17:11 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Skype 2013-09-07 19:08 - 2013-09-07 19:08 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSÉBASTIEN-HP$ 2013-09-07 19:08 - 2013-09-07 19:08 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForSÉBASTIEN-HP$.job 2013-09-07 19:07 - 2013-09-07 17:28 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-07 19:06 - 2013-09-07 17:15 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForSébastien.job 2013-09-07 19:06 - 2012-03-30 02:55 - 00000000 ____D C:\ProgramData\Norton 2013-09-07 19:06 - 2010-11-21 05:47 - 00571870 _____ C:\Windows\PFRO.log 2013-09-07 19:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-07 19:06 - 2009-07-14 06:51 - 00048198 _____ C:\Windows\setupact.log 2013-09-07 18:26 - 2013-09-07 17:28 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Google 2013-09-07 18:26 - 2013-09-07 17:28 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-07 18:11 - 2013-09-07 18:11 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-09-07 18:00 - 2012-02-09 19:53 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-09-07 18:00 - 2012-02-09 19:53 - 00000000 ____D C:\ProgramData\Skype 2013-09-07 17:50 - 2011-11-30 04:23 - 00000000 ___HD C:\HP 2013-09-07 17:28 - 2013-09-07 17:28 - 00004070 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-09-07 17:28 - 2013-09-07 17:28 - 00003818 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-09-07 17:28 - 2013-09-07 17:27 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Deployment 2013-09-07 17:27 - 2013-09-07 17:27 - 00000000 ____D C:\Users\Sébastien\AppData\Local\Apps\2.0 2013-09-07 17:23 - 2013-09-07 17:15 - 00003968 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{43130126-3B80-4227-8C4A-A8501436C1C7} 2013-09-07 17:16 - 2013-09-07 17:16 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Macromedia 2013-09-07 17:16 - 2013-09-07 17:16 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Adobe 2013-09-07 17:15 - 2013-09-07 17:15 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSébastien 2013-09-07 17:15 - 2013-09-07 17:15 - 00001459 _____ C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-07 17:15 - 2013-09-07 17:15 - 00001425 _____ C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-07 17:15 - 2013-09-07 17:15 - 00000000 ___RD C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-07 17:15 - 2013-09-07 17:15 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\Synaptics 2013-09-07 17:15 - 2013-09-07 17:10 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Hewlett-Packard 2013-09-07 17:15 - 2013-09-07 17:09 - 00003584 _____ C:\Windows\System32\Tasks\Registration 2013-09-07 17:15 - 2013-09-07 17:07 - 00000000 ____D C:\Users\Sébastien 2013-09-07 17:15 - 2011-02-10 21:23 - 00000000 ____D C:\SWSetup 2013-09-07 17:13 - 2013-09-07 17:13 - 00057560 _____ C:\Users\SBASTI~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-07 17:13 - 2013-09-07 17:13 - 00000000 ____D C:\Users\Sébastien\Documents\Youcam 2013-09-07 17:13 - 2013-09-07 17:13 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\CyberLink 2013-09-07 17:13 - 2013-09-07 17:13 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\CyberLink 2013-09-07 17:10 - 2013-09-07 17:10 - 00000000 ____D C:\Users\Sébastien\AppData\Roaming\hpqlog 2013-09-07 17:09 - 2012-02-09 19:59 - 00000000 ___RD C:\Program Files\Online Services 2013-09-07 17:09 - 2012-02-09 19:42 - 00000000 ___RD C:\Program Files (x86)\Online Services 2013-09-07 17:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-09-07 17:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-09-07 17:09 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-07 17:08 - 2013-09-07 17:08 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\VirtualStore 2013-09-07 17:08 - 2013-09-07 17:08 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\RemEngine 2013-09-07 17:08 - 2013-09-07 17:08 - 00000000 ____D C:\Users\SBASTI~1\AppData\Local\Hewlett-Packard_Company 2013-09-07 17:08 - 2011-02-10 21:23 - 00000000 ___HD C:\SYSTEM.SAV 2013-09-07 17:08 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore 2013-09-07 17:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Recovery 2013-09-07 17:08 - 2007-01-02 03:32 - 00000000 __SHD C:\Recovery 2013-09-07 17:07 - 2013-09-07 17:07 - 00000020 ___SH C:\Users\Sébastien\ntuser.ini 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Voisinage réseau 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Voisinage d'impression 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Modèles 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Menu Démarrer 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\SBASTI~1\AppData\Local\Historique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Public\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Public\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Public\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Voisinage réseau 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Voisinage d'impression 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Modèles 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Menu Démarrer 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mes vidéos 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\Documents\Mes images 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\Documents\Ma musique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historique 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Modèles 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Menu Démarrer 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Favoris 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\ProgramData\Bureau 2013-09-07 17:07 - 2013-09-07 17:07 - 00000000 _SHDL C:\Program Files\Fichiers communs 2013-09-07 17:07 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT 2013-09-07 17:07 - 2007-01-02 03:25 - 00000000 ____D C:\Windows\Panther 2013-09-07 17:06 - 2013-09-07 17:06 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat 2013-09-07 17:03 - 2009-07-14 06:46 - 00005838 _____ C:\Windows\DtcInstall.log 2013-09-07 17:03 - 2007-01-02 03:29 - 00008246 _____ C:\Windows\TSSysprep.log Files to move or delete: ==================== C:\Users\SBASTI~1\AppData\Local\Temp\BackupSetup.exe C:\Users\SBASTI~1\AppData\Local\Temp\setup.exe C:\Users\SBASTI~1\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-07 20:12 ==================== End Of Log ============================ Et voici le rapport addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2013 Ran by Sébastien at 2013-09-08 10:45:03 Running from C:\Users\Sébastien\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Reader X (10.1.0) MUI (x32 Version: 10.1.0) Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633) Babylon Chrome Toolbar (x32) be Flash Player 11 ActiveX 64-bit (Version: 11.2.202.160) Bejeweled 3 (x32 Version: 2.2.0.98) Bing Bar (x32 Version: 7.1.391.0) BrowserDefender (x32) Cake Mania (x32 Version: 2.2.0.98) Chuzzle Deluxe (x32 Version: 2.2.0.95) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Cradle of Rome 2 (x32 Version: 2.2.0.98) CyberLink YouCam (x32 Version: 3.5.2.4725) D3DX10 (x32 Version: 15.4.2368.0902) Dealply (HKCU) DealPly (remove only) (x32 Version: 4.8.7.2) ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2) Evernote v. 4.5.2 (x32 Version: 4.5.2.5904) Farm Frenzy (x32 Version: 2.2.0.98) Farmscapes (x32 Version: 2.2.0.98) FATE (x32 Version: 2.2.0.97) Final Drive Fury (x32 Version: 2.2.0.95) Fishdom 2 (x32 Version: 2.2.0.98) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (x32 Version: 29.0.1547.66) Google Update Helper (x32 Version: 1.3.21.153) Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000) HP 3D DriveGuard (Version: 4.1.10.1) HP Auto (Version: 1.0.12935.3667) HP Client Services (Version: 1.1.12938.3539) HP CoolSense (x32 Version: 2.10.3) HP Customer Experience Enhancements (x32 Version: 6.0.1. HP Documentation (x32 Version: 1.1.0.0) HP Games (x32 Version: 1.0.2.5) HP Launch Box (Version: 1.1.5) HP On Screen Display (x32 Version: 1.3.5) HP Power Manager (x32 Version: 1.4.7) HP Quick Launch (x32 Version: 2.6.2) HP Recovery Manager (x32 Version: 2.0.0) HP Security Assistant (Version: 2.0.2) HP Setup (x32 Version: 9.0.15109.3899) HP Setup Manager (x32 Version: 1.2.14901.3869) HP Software Framework (x32 Version: 4.5.4.1) HP Support Assistant (x32 Version: 6.1.12.1) IDT Audio (x32 Version: 1.0.6381.0) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel® Control Center (x32 Version: 1.2.1.1007) Intel® Management Engine Components (x32 Version: 8.0.0.1351) Intel® OpenCL CPU Runtime (x32) Intel® Processor Graphics (x32 Version: 8.15.10.2618) Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199) Intel® Trusted Connect Service Client (Version: 1.23.216.0) Jewel Match 3 (x32 Version: 2.2.0.98) Jewel Quest II (x32 Version: 2.2.0.97) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Junk Mail filter update (x32 Version: 15.4.3502.0922) lucky leap 3.0.0 (Version: 3.0.0) Magic Desktop (x32 Version: 3.0) Mahjongg Artifacts (x32 Version: 2.2.0.95) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Silverlight (x32 Version: 4.0.50401.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) MixiDJ chrome Toolbar (x32) MixiDJ Toolbar (x32 Version: 1.8.18. MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MyPC Backup (Version: ) Mysearchdial (x32) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) opensource (x32 Version: 1.0.14960.3876) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PokerStars.fr (x32) PokerTracker 4 (remove only) (x32) Polar Bowler (x32 Version: 2.2.0.97) PostgreSQL 9.0 (Version: 9.0) RadioSure (HKCU) Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (x32 Version: 3.02.07.0) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011) Realtek PCIE Card Reader (x32 Version: 6.1.7601.29004) Skype™ 6.6 (x32 Version: 6.6.106) swMSM (x32 Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 15.3.27.1) Torchlight (x32 Version: 2.2.0.98) tuto4pc_fr_60 (x32) Update Installer for WildTangent Games App (x32) Virtual Families (x32 Version: 2.2.0.98) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) VLC media player 2.0.8 (x32 Version: 2.0. Wedding Dash (x32 Version: 2.2.0.95) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 07-09-2013 15:08:39 Windows Update 07-09-2013 15:45:42 Windows Update 07-09-2013 18:19:24 Suppression du module linguistique ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {16BA4FFF-2235-4618-A0DA-98104527C1D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company) Task: {188C817E-FE42-46D5-9227-C8F8AA4D1888} - System32\Tasks\Dealply => C:\Users\Sébastien\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-09-07] () Task: {32729F9E-CCF2-49A9-A79E-382DB86082AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.) Task: {42E5A5F3-5AC7-47F3-B947-21D74B997DF9} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert Task: {457A4625-3FCB-48A7-A1E3-C845DFF4E297} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) Task: {4855598F-C18A-41FE-968A-D53133CA491E} - System32\Tasks\EPUpdater => C:\Users\Sébastien\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () Task: {4C1E29B7-6FDA-4266-B889-7552C82224FC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {51E8B324-4A4D-4EC7-BC09-0D111368BA78} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-06] () Task: {66E2ED98-6F16-4CA6-BDEB-FDB17F2668E1} - System32\Tasks\MySearchDial => C:\Users\Sébastien\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-09-07] () Task: {7D0E94F9-A7C6-4A77-975B-6327DCA2EA46} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {7E5A5F1D-FD7F-426F-A41F-33C9490E023C} - System32\Tasks\User_Feed_Synchronization-{43130126-3B80-4227-8C4A-A8501436C1C7} => C:\Windows\system32\msfeedssync.exe [2012-02-09] (Microsoft Corporation) Task: {7ED8772C-B0F8-46B9-88D0-CE667455E66B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company) Task: {95415EA3-2932-4BB2-83D2-3FD8F1EB8190} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-09-07] (DealPly Technologies Ltd) Task: {9687447B-E39D-4B31-A0B7-968F675F9A5A} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-09-07] (DealPly Technologies Ltd) Task: {9F7961C8-531F-4DC2-8578-CA4FE2984B56} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {9FBB0147-530D-4089-A82B-34AA1EA11FA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-09] (Adobe Systems Incorporated) Task: {B8038C76-C133-443E-AFE6-229D64D9A515} - System32\Tasks\HPCeeScheduleForSÉBASTIEN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {C400BA24-4AA8-4A36-B38C-0613BBF92534} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company) Task: {C9E3539C-43E3-4126-8123-2B6EAD425AD4} - System32\Tasks\HPCeeScheduleForSébastien => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {CBF26831-2437-4B55-B6BA-50EFBA34BE63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.) Task: {D92A371F-6245-403A-9DD0-7919886FBCC7} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2009-07-14] (Microsoft Corporation) Task: {FC1BD2F5-3A70-4645-80FC-3F36C5A5C06A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => C:\Users\SBASTI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForSÉBASTIEN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForSébastien.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\SBASTI~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE ==================== Loaded Modules (whitelisted) ============= 2009-07-14 02:18 - 2009-07-14 03:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\msg711.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm 2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2012-01-06 03:31 - 2012-01-06 03:31 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrFRA.lrc 2012-01-06 03:24 - 2012-01-06 03:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-10-01 19:14 - 2011-10-01 19:14 - 00415528 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2011-10-01 19:14 - 2011-10-01 19:14 - 00226600 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2011-10-01 19:14 - 2011-10-01 19:14 - 10572072 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPRes.dll 2012-03-30 02:45 - 2012-01-04 10:37 - 04444672 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang64.dll 2012-03-30 02:45 - 2012-01-04 10:37 - 00654336 _____ (IDT, Inc.) C:\Windows\system32\stapi64.dll 2013-07-01 19:48 - 2013-07-01 19:48 - 02772992 _____ (mypcbackup.com) C:\Program Files (x86)\MyPC Backup\Shared Stack.dll 2013-07-01 19:47 - 2013-07-01 19:47 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2013-07-01 19:43 - 2013-07-01 19:43 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2013-07-01 19:43 - 2013-07-01 19:43 - 03483136 _____ (Amazon.com, Inc) C:\Program Files (x86)\MyPC Backup\AWSSDK.dll 2012-03-30 02:51 - 2010-04-23 12:00 - 00588472 _____ (EasyBits Software AS) C:\Windows\SysWOW64\ezsvc7x.dll 2012-03-30 02:51 - 2012-03-30 02:51 - 00052920 _____ (EasyBits Software Corp.) C:\Windows\SysWow64\EZUPBH~1.DLL 2012-03-30 02:45 - 2012-03-30 02:45 - 00019968 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\51694f36a8a968fb3d8ca98152caf4ef\IAStorDataMgrSvc.ni.exe 2012-03-30 02:45 - 2012-03-30 02:45 - 00225280 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\1428876b9bee0b7d7ced9462111719b8\IAStorDataMgr.ni.dll 2012-03-30 02:45 - 2012-03-30 02:45 - 00487424 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f1f0231b32dee581dcab0b26d83b02ca\IAStorUtil.ni.dll 2012-03-30 02:45 - 2012-03-30 02:45 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a21ece5c049c9f429756fd1a3fe55ccd\IsdiInterop.ni.dll 2012-03-30 02:45 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-03-30 02:45 - 2012-03-30 02:45 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca11c3c4c5560bf7aafa094599128200\IAStorCommon.ni.dll 2012-03-30 02:44 - 2011-12-16 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-09-07 23:38 - 2013-08-13 16:40 - 02699216 _____ () C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/08/2013 02:03:26 AM) (Source: Application Hang) (User: ) Description: Le programme package_addlyrics_offer_multilang.tmp version 51.52.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1a3c Heure de début : 01ceac26c5e1035f Heure de fin : 31 Chemin d’accès de l’application : C:\Users\SBASTI~1\AppData\Local\Temp\is-81I22.tmp\package_addlyrics_offer_multilang.tmp ID de rapport : Error: (09/07/2013 11:32:20 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi Error: (09/07/2013 07:08:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/07/2013 06:02:21 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:02:20 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:02:18 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:01:55 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:01:54 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:01:53 PM) (Source: MsiInstaller) (User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 05:15:56 PM) (Source: Application Error) (User: ) Description: Nom de l’application défaillante HPWMISVC.exe, version : 2.5.3.0, horodatage : 0x4ed4a2e7 Nom du module défaillant : HPWMISVC.exe, version : 2.5.3.0, horodatage : 0x4ed4a2e7 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000018ae ID du processus défaillant : 0x608 Heure de début de l’application défaillante : 0xHPWMISVC.exe0 Chemin d’accès de l’application défaillante : HPWMISVC.exe1 Chemin d’accès du module défaillant: HPWMISVC.exe2 ID de rapport : HPWMISVC.exe3 System errors: ============= Error: (09/07/2013 05:16:00 PM) (Source: Service Control Manager) (User: ) Description: Le service HPWMISVC s’est terminé de façon inattendue pour la 1ème fois. Microsoft Office Sessions: ========================= Error: (09/08/2013 02:03:26 AM) (Source: Application Hang)(User: ) Description: package_addlyrics_offer_multilang.tmp51.52.0.01a3c01ceac26c5e1035f31C:\Users\SBASTI~1\AppData\Local\Temp\is-81I22.tmp\package_addlyrics_offer_multilang.tmp Error: (09/07/2013 11:32:20 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 07:08:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/07/2013 06:02:21 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:02:20 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:02:18 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:01:55 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:01:54 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 06:01:53 PM) (Source: MsiInstaller)(User: Sébastien-HP) Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/07/2013 05:15:56 PM) (Source: Application Error)(User: ) Description: HPWMISVC.exe2.5.3.04ed4a2e7HPWMISVC.exe2.5.3.04ed4a2e7c0000005000018ae60801ceabdbb75493bbC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe6435502e-17d0-11e3-aae4-80c16e61f3e3 ==================== Memory info =========================== Percentage of memory in use: 47% Total physical RAM: 3992.36 MB Available physical RAM: 2078.04 MB Total Pagefile: 7982.91 MB Available Pagefile: 6031.93 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:277.88 GB) (Free:243 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:19.92 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (DVD72_2) (CDROM) (Total:7.71 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or (Size: 298 GB) (Disk ID: F2BD51B8) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ -
[Résolu] Trojan.win32.generic bt
crashstop a répondu à un(e) sujet de crashstop dans Analyses et éradication malwares
oups c'est generic et non pas generix -
Bonsoir Il semble que mon ordinateur est infecte par Trojan.win32.generic bt (c'est ce qu'un logiciel anti malware m'a indiqué). J'ai donc des pages de pub qui s'ouvrent intempestivement Est ce que quelqu'un aurait l'amabilité de m'aider? Merci d'avance A+