Aller au contenu

MichelD33

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    42

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par MichelD33

  1. MichelD33
    Rapport ZHPfix : Rapport de ZHPFix 2013.10.18.12 par Nicolas Coolman, Update du 18/10/2013 Fichier d'export Registre : Run by MichelD at 19/10/2013 10:48:12 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Corbeille vidée ========== Processus mémoire ========== SUPPRIMÉ: Memory Process: C:\Users\MichelD\AppData\Local\Temp\Quarantine.exe ========== Modules mémoire ========== SUPPRIMÉ Redémarrage: Memory Module: C:\Users\MichelD\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll ========== Clés du Registre ========== SUPPRIMÉ: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc ========== Valeurs du Registre ========== Aucune Valeur Standard Profile: FirewallRaz : Aucune Valeur Domain Profile: FirewallRaz : ========== Préférences navigateur ========== PRESENT Chrome File: C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\Preferences SUPPRIMÉ Chrome Site: http://search.babylon.com ========== Dossiers ========== SUPPRIMÉ: C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} SUPPRIMÉS Temporaires Windows (194) (0 octets) SUPPRIMÉS Flash Cookies (0) (0 octets) ========== Fichiers ========== SUPPRIMÉ: C:\Windows\Installer\1852efa.msi SUPPRIMÉ:* c:\windows\installer\1852efa.msi SUPPRIMÉ: C:\Windows\Installer\ba2a6.msi SUPPRIMÉ: c:\users\micheld\appdata\local\temp\quarantine.exe SUPPRIMÉS Temporaires Windows (573) (15 737 150 octets) SUPPRIMÉS Flash Cookies (0) (0 octets) ========== Récapitulatif ========== 1 : Processus mémoire 1 : Modules mémoire 1 : Clés du Registre 2 : Valeurs du Registre 3 : Dossiers 6 : Fichiers 2 : Préférences navigateur End of clean in 00mn 07s ========== Chemin de fichier rapport ========== C:\Users\MichelD\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/10/2013 13:14:30 [465] C:\Users\MichelD\AppData\Roaming\ZHP\ZHPFix[R2].txt - 19/10/2013 10:48:15 [1843] Je vais faire les vérifications et je te préviens. Merci. Michel.
  2. MichelD33
    Ci joint le lien du ZHPDiag : http://cjoint.com/?CJtj75NEsXb Michel
  3. MichelD33
    Bonsoir, J'ai refais une analyse par Kaspersky et je n'ai plus de Trojan. Tu me dis que tu as omis le script pour ZHPFix et tu me demandes de refaire un Scan ZHPDiag. Euh je fais ZHP Fix ou un ZHPDiag...? Pardon si je ne comprend pas tout ! Par ailleurs, est-ce que la procédure telle que tu me l'a définie peut-être appliquée sur l'ordi de mon épouse qui rame pas mal (l'ordi, pas mon épouse). Elle a les mêmes caractéristiques que le mien sauf que c'est un portable. Merci encore une fois pour tout. Michel
  4. MichelD33
    Je te joins le fichier ZHPFIX : Rapport de ZHPFix 2013.10.17.11 par Nicolas Coolman, Update du 17/10/2013 Fichier d'export Registre : Run by MichelD at 18/10/2013 14:14:10 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Corbeille vidée ========== Récapitulatif ========== End of clean in 00mn 20s ========== Chemin de fichier rapport ========== C:\Users\MichelD\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/10/2013 14:14:30 [384] Puis le JRT : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Home Premium x64 Ran by MichelD on 18/10/2013 at 15:28:48,84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc speed maximizer Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4063118693-3743606708-3248725021-1000\Software\SweetIM Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-m4a-to-mp3-converter_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-m4a-to-mp3-converter_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_free-m4a-to-mp3-converter_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_free-m4a-to-mp3-converter_RASMANCS ~~~ Files Successfully deleted: [File] "C:\Users\MichelD\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com" ~~~ Folders Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\dsite" Successfully deleted: [Folder] "C:\Users\MichelD\music\qtrax media library" Successfully deleted: [Folder] "C:\Users\MichelD\qtrax" ~~~ Chrome Successfully deleted: [Folder] C:\Users\MichelD\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/10/2013 at 15:44:16,78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Et enfin le fichier Adw : # AdwCleaner v3.008 - Rapport créé le 18/10/2013 à 15:52:51 # Mis à jour le 17/10/2013 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : MichelD - MICHELD-PC # Exécuté depuis : C:\Users\MichelD\Desktop\AdwCleaner (1).exe # Option : Nettoyer ***** [ Services ] ***** ***** [ Fichiers / Dossiers ] ***** Fichier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bProtector_extensions.rdf Fichier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\user.js Fichier Supprimé : C:\Windows\System32\Tasks\QtraxPlayer ***** [ Raccourcis ] ***** ***** [ Registre ] ***** Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8 Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} ***** [ Navigateurs ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v [ Fichier : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\prefs.js ] -\\ Google Chrome v [ Fichier : C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\preferences ] Supprimée : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [3058 octets] - [18/10/2013 15:51:42] AdwCleaner[s0].txt - [2806 octets] - [18/10/2013 15:52:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2866 octets] ########## Normalement, du ménage a dû être fait. Je vais relancer une analyse de Kaspersky et je te tiens au courant. Normalement, je devrais avoir la nouvelle version de ce logiciel d'ici une semaine en renouvellement automatique. Merci pour tes conseils et tes remarques présentes et futures. Michel
  5. MichelD33
    Bonjour, Kaspersky internet sécurity 2012 et pour l'adresse, je l'avais bien écrite mais elle a sauté...Je réitère donc : http://cjoint.com/?CJrxfDK8mSb J'espère que cela va passer. Merci. Michel
  6. MichelD33
    Bonjour, Mon ordi est infecté par un Trojan généric 32, selon KASPERSKY. J'ai fait un scan avec ZHPDiag visible à l'adresse suivante Merci par avance à celui ou celle qui m'aidera à m'en débarrasser. Par ailleurs, depuis quelques temps une fenêtre "Rechercher un dossier" apparaît sur mon ordi et sur celui de ma femme. Cette fenêtre ne s'en va que par intervention sur le gestionnaire de programme. Là aussi, si vous pouviez m'aider se serait sympa. Michel
  7. MichelD33
    Bonjour à tous, Kaspersky me signale une menace au sujet de Microsoft visual 2010 qui, bien que légitime, pourrait être utilisé par des malintentionnés... Quelqu'un pourrait-il m'aider à comprendre ce qui se passe...? J'ai Window 7 Home Premium X64 Pack 1 et mon ordi est un HP XW 6600 workstation. Merci d'avance.
  8. MichelD33
    TOUT REMARCHE A NOUVEAU ! ! ! Un grand merci pour vos conseils, votre patience et surtout votre compétence. Bien cordialement.
  9. MichelD33
    Tout arrive, j'ai réussi à envoyer le fichier par l'adresse email ci-après : pjjoint.malekal.com - Submit a file
  10. MichelD33
    1ère partie du dernier fichier : Rapport de ZHPDiag v2013.4.24.149 par Nicolas Coolman, Update du 24/04/2013 Run by MichelD at 25/04/2013 17:50:45 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : J6VFR Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Kaspersky Internet Security 2012 v12.0.0.374 Windows Defender W7 ---\\ System Optimizer ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 7 ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (54% free) System Restore: Activé (Enable) System drive C: has 32 GB (22%) free of 139 GB ---\\ Logged in mode ~ Computer Name: MICHELD-PC ~ User Name: MichelD ~ All Users Names: MichelD, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\MichelD\AppData\Roaming\ ~ %Desktop% : C:\Users\MichelD\Desktop\ ~ %Favorites% : C:\Users\MichelD\Favorites\ ~ %LocalAppData% : C:\Users\MichelD\AppData\Local\ ~ %StartMenu% : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 139 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 296 Go of 466 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 308 Go of 466 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 10 Go) G:\ CD-ROM drive (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/6092 ~ Mes musiques (My Musics) : 1/1274 ~ Mes Videos (My Videos) : 2/9 ~ Mes Favoris (My Favorites) : 1/26 ~ Mes Documents (My Documents) : 3/2221 ~ Mon Bureau (My Desktop) : 1/36 ~ Menu demarrer (Programs) : 1/90 ~ Hidden Files: Scanned in 00mn 09s ---\\ Processus lancés [MD5.25306651A6252E8E84CB4B0E73E551AA] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2115416] [PID.2160] [MD5.B77F17EBF26E81208B54DCFAB89778B6] - (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531784] [PID.3752] [MD5.E986D1068AEF099CA3BE2AEAB4C8D643] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3832] [MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.2096] [MD5.37B7E005D70C490D320A4D3A088CC4EE] - (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [606496] [PID.4712] =>Adware.Boxore [MD5.39CE86DCBAA80CB73EAE4C0DEFC86504] - (.Pas de propriétaire - AnySend User interface.) -- C:\Program Files (x86)\AnySend\AnySendUI.exe [7309392] [PID.6080] [MD5.2C2F20747085946DE79A713879E09C4E] - (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Users\MichelD\Downloads\JRT.exe [535764] [PID.3816] [MD5.D9C8DC2D7EC28E3FF25C99EF17C8631A] - (...) -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280] [PID.6680] =>Toolbar.Babylon [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.972] [MD5.8ECBD447964D1D003FF0ADAA10AE3376] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6987264] [PID.2020] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.928] [MD5.C4C4736DCE60276E9B0CB0FE3A848586] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184] [PID.384] [MD5.07BA6D17E66879018B30B6C3F976EBED] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200] [PID.1196] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1816] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1500] [MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\Windows\SysWOW64\PSIService.exe [177704] [PID.2604] [MD5.379978BBCCE5B94C8CD0144A0C988C7E] - (.Pas de propriétaire - AnySend Sender Service.) -- C:\Program Files (x86)\AnySend\AnySendSVC.exe [3667024] [PID.2908] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\prefs.js M3 - MFPP: Plugins - [MichelD] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\amo@dealplyshopping.com] [] DealPly Shopping v2.0 (..) =>PUP.DealPly M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\{ab91efd4-6975-4081-8552-1b3922ed79e2}] [] HP Detect v1.0.5.1 (..) P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\MichelD\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Corel Photo Downloader] . (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [GBMPro9Agent] . (.Genie-soft - Genie Backup Agent.) -- C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O4 - HKLM\..\Wow6432Node\Run: [AnySend User Interface] . (.Pas de propriétaire - AnySend User interface.) -- C:\Program Files (x86)\AnySend\AnySendUI.exe O4 - HKLM\..\Wow6432Node\RunOnce: [Del1136264] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe O4 - HKLM\..\Wow6432Node\RunOnce: [Del1173673] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-4063118693-3743606708-3248725021-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-4063118693-3743606708-3248725021-1000\..\Run: [GBMPro9Agent] . (.Genie-soft - Genie Backup Agent.) -- C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\TaskBar: TuneUp Utilities - Interface de démarrage.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Qtrax Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe O4 - GS\QuickLaunch: Corel MediaOne.lnk . (.Corel, Inc. - MediaOne.) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel MediaOne.exe O4 - GS\QuickLaunch: Corel Paint Shop Pro Photo X2.lnk . (.Corel, Inc. - Paint Shop Pro X2.) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: AnySend.lnk . (...) -- C:\Program Files (x86)\AnySend\AnySendUI.exe O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe O4 - GS\Desktop: Cubase 6 64bit.lnk . (.Steinberg Media Technologies - Cubase 6.) -- E:\Cubase6\Cubase6.exe O4 - GS\Desktop: Cubase 7 64bit.lnk . (.Steinberg Media Technologies - Cubase 7.) -- E:\Program Files\Steinberg\Cubase 7\Cubase7.exe O4 - GS\Desktop: Disque amovible (I) - Raccourci.lnk . (...) -- I:\ O4 - GS\Desktop: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: livetrader - Raccourci.lnk . (...) -- C:\Users\MichelD\Downloads\livetrader.jnlp O4 - GS\Desktop: Mes Oeuvres - Raccourci.lnk . (...) -- D:\iTunes\Music\Michel Dasré\Mes Oeuvres O4 - GS\Desktop: My Music Tools.lnk . (...) -- C:\Program Files (x86)\Free M4a to MP3 Converter\mymusictools.url O4 - GS\Desktop: Numérisations.lnk . (...) -- C:\Users\MichelD\Documents\Numérisations O4 - GS\Desktop: PC Speed Maximizer.lnk . (...) -- C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe (.not file.) O4 - GS\Desktop: Qtrax Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe O4 - GS\Desktop: SIW.lnk . (.Topala Software Solutions - System Information.) -- C:\Program Files (x86)\SIW\siw.exe O4 - GS\Desktop: Solitaire.lnk - Clé orpheline O4 - GS\Desktop: Vider le presse papier.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe O4 - GS\Desktop: VST Connect SE Performer.lnk . (.Steinberg Media Technologies - Application.) -- E:\Program Files (x86)\Steinberg\VST Connect SE Performer\VST Connect SE Performer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier &virtuel [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico O9 - Extra button: Analyse des &liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AnySend (AnySendService) . (.Pas de propriétaire - AnySend Sender Service.) - C:\Program Files (x86)\AnySend\AnySendSVC.exe O23 - Service: NVIDIA Performance Driver Service (NVIDIA Performance Driver Service) . (.Pas de propriétaire - NVIDIA Performance Driver Service.) - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: Yontoo Desktop Updater (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (.not file.) =>PUP.Yontoo ~ Services: 13 Legitimates Filtered in 00mn 30s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DSite.job [294] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Michel wirelessspace-Différentiel.job [516] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Michel wirelessspace-Plein.job [516] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Sauvegarde MD-Différentiel.job [502] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Sauvegarde MD-Plein.job [502] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1084] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1088] [MD5.2C7532CCB6B383375E42B8B7B65700E3] [APT] [AnySendUpdate] (.AnySend.com.) -- C:\Program Files (x86)\AnySend\AnySendUpdater.exe [164512] [MD5.2C7532CCB6B383375E42B8B7B65700E3] [APT] [AnySendUpdateLogin] (.AnySend.com.) -- C:\Program Files (x86)\AnySend\AnySendUpdater.exe [164512] [MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\MichelD\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly [MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly [MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [EPUpdater] (...) -- C:\Users\MichelD\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe (.not file.) [0] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Michel wirelessspace-Diff‚rentiel] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Michel wirelessspace-Plein] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Sauvegarde MD-Diff‚rentiel] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Sauvegarde MD-Plein] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0] [MD5.43F7AD90C977B059FB0E4D94AFBBEA53] [APT] [{4A4D08F9-95C8-405E-AB0D-87238DE3FF34}] (.M-Audio.) -- D:\Restauration\C\Program Files\M-Audio\Fast Track Pro\FTPInstl.exe [28672] ~ Scheduled Task: 39 Legitimates Filtered in 00mn 05s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (RapportEI64) . (.Trusteer Ltd. - RapportEI.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys O41 - Driver: (RapportPG64) . (.Trusteer Ltd. - RapportPG64.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys ~ Drivers: 81 Legitimates Filtered in 00mn 01s ---\\ Logiciels installés (O42) O42 - Logiciel: Any Send Packages - (...) [HKCU][64Bits] -- Any Send Packages O42 - Logiciel: Any Send Packages 80 - (...) [HKCU][64Bits] -- Any Send Packages 80 O42 - Logiciel: Babylon toolbar - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>Toolbar.Babylon O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071} =>Adware.Boxore O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon O42 - Logiciel: Ciel Comptes Personnels 9.0 - (.Ciel.) [HKLM][64Bits] -- {AEE86F74-2EF1-49F2-8739-CC0A94688639} O42 - Logiciel: DealPly (remove only) - (.DealPly Technologies Ltd..) [HKLM][64Bits] -- DealPly =>PUP.DealPly O42 - Logiciel: DealPly - (...) [HKCU][64Bits] -- DealPly =>PUP.DealPly O42 - Logiciel: Fortuneo LIVE TRADER - (.Ariane Software.) [HKCU][64Bits] -- Fortuneo LIVE TRADER O42 - Logiciel: Officejet Pro 8500 A909 Series - (.HP.) [HKLM][64Bits] -- {D850BEF5-67AF-4071-9538-FA9AC725D62C} O42 - Logiciel: Update for Any Send - (...) [HKCU][64Bits] -- DSite O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>Toolbar.Wajam O42 - Logiciel: Yontoo 2.052 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>PUP.Yontoo O42 - Logiciel: eLicenser Control - (.Steinberg Media Technologies GmbH.) [HKLM][64Bits] -- eLicenser Control O42 - Logiciel: mySongBook Player - (.Arobas Music.) [HKLM][64Bits] -- {42F6B687-F7B1-41A8-87CB-043FBBE4621D}_is1 ~ Logic: 170 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5d5dd8ae56eeb45] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\InstallCore] =>PUP.InstallCore [HKLM\Software\SampleShellExtnesion] [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\Wow6432Node\5d5dd8ae56eeb45] [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr ~ Key Software: 199 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 25/04/2013 - 17:01:36 - [0,578] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore O43 - CFD: 28/03/2013 - 08:41:55 - [14,985] ----D C:\Program Files (x86)\eLicenser O43 - CFD: 25/04/2013 - 17:02:51 - [7,800] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon O43 - CFD: 07/12/2012 - 19:01:25 - [55,981] ----D C:\ProgramData\eLicenser O43 - CFD: 19/10/2012 - 22:51:03 - [0] ----D C:\ProgramData\mySongBook Player O43 - CFD: 25/04/2013 - 17:04:37 - [1,063] ----D C:\Users\MichelD\AppData\Roaming\Any Send Packages O43 - CFD: 17/05/2011 - 15:43:14 - [91,799] ----D C:\Users\MichelD\AppData\Roaming\Fortuneo O43 - CFD: 19/10/2012 - 22:51:07 - [0,019] ----D C:\Users\MichelD\AppData\Roaming\mySongBook Player O43 - CFD: 28/03/2013 - 08:42:13 - [1,319] ----D C:\Users\MichelD\AppData\Roaming\VST XMLs O43 - CFD: 09/03/2011 - 18:25:10 - [0,000] ----D C:\Users\MichelD\AppData\Local\eLicenser O43 - CFD: 25/04/2013 - 17:06:54 - [0,002] ----D C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX ~ Program Folder: 199 Legitimates Filtered in 00mn 23s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.DD5886554BD01EEC7AF7AB9B5E04DC8F] - 25/04/2013 - 15:51:26 ---A- . (...) -- C:\Windows\ntbtlog.txt [8785950] O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 ---A- . (...) -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 ---A- . (...) -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.E35456656EEC2B2B78DE504164839C00] - 25/04/2013 - 15:29:05 ---A- . (...) -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [788] O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 RSHAD . (...) -- C:\Windows\System32\BMXState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 RSHAD . (...) -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.E35456656EEC2B2B78DE504164839C00] - 25/04/2013 - 15:29:05 RSHAD . (...) -- C:\Windows\System32\DVCState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [788] ~ Files: 71 Legitimates Filtered in 00mn 20s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.76B8F23E01D0264E65B52DF863C20D73] - 24/04/2013 - 08:40:46 ---A- - C:\Windows\Prefetch\IECACHEWININETLDR.EXE-38A7F315.pf O45 - LFCP:[MD5.B225D014736335943DA709FF4483BF8E] - 24/04/2013 - 13:16:41 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-5427B272.pf O45 - LFCP:[MD5.F1E95CA42DCB67ACB74B0C6011178A16] - 25/04/2013 - 09:10:44 ---A- - C:\Windows\Prefetch\MLV_AR_QVO6.EXE-244DCF5E.pf =>Hijacker.Qvo6 O45 - LFCP:[MD5.7903F21F32962275414C2F25A87AC9B8] - 25/04/2013 - 09:11:55 ---A- - C:\Windows\Prefetch\SAMSUNG-ALLSHARE-WINDOWS-DOWN-46BFF43C.pf O45 - LFCP:[MD5.3DD8488D0B15C7D5380EC9FB33E876EA] - 25/04/2013 - 09:14:17 ---A- - C:\Windows\Prefetch\EXQ.EXE-31772F9B.pf O45 - LFCP:[MD5.9B697ED1E4EAF215909EA114942F8851] - 25/04/2013 - 09:14:26 ---A- - C:\Windows\Prefetch\DESK365.EXE-EF050FAE.pf O45 - LFCP:[MD5.71AB86C076405BD42513D468E25C2ADD] - 25/04/2013 - 09:14:54 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-888160B9.pf O45 - LFCP:[MD5.D9017C516D319EF33C3067EED1D828F7] - 25/04/2013 - 09:19:11 ---A- - C:\Windows\Prefetch\EDHELPER64.EXE-3463BBCC.pf O45 - LFCP:[MD5.E8FCB72B5EA59F0FCD26BB4C1EED0C10] - 25/04/2013 - 09:19:13 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-8515B334.pf O45 - LFCP:[MD5.BB02E73E2228A73E861DE9C924FF7750] - 25/04/2013 - 09:21:33 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6538F154.pf O45 - LFCP:[MD5.A0E3452DF0B6708A8B84F9FAA5BC987A] - 25/04/2013 - 09:46:05 ---A- - C:\Windows\Prefetch\STARTUPMANAGER.EXE-E7DA45E9.pf O45 - LFCP:[MD5.6E2207D80803EBEB7F41C40A8A21C7BB] - 25/04/2013 - 09:46:44 ---A- - C:\Windows\Prefetch\PROGRAMDEACTIVATOR.EXE-410663F9.pf O45 - LFCP:[MD5.075A49A57640FA8B352CA9E9408A49EE] - 25/04/2013 - 10:00:12 ---A- - C:\Windows\Prefetch\GBM.EXE-ACFAFDDD.pf O45 - LFCP:[MD5.D641D372D3F93BE740F48E54DABDBB41] - 25/04/2013 - 13:23:25 ---A- - C:\Windows\Prefetch\CLIP.EXE-0206BCBB.pf O45 - LFCP:[MD5.1B9720EDBB5788D4FA975E1A6AC07ED5] - 25/04/2013 - 13:42:04 ---A- - C:\Windows\Prefetch\CUBASE7.EXE-D9AE6297.pf O45 - LFCP:[MD5.942E8CBA340F5A04631E3C20D10492C8] - 25/04/2013 - 13:42:06 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-821F3DA0.pf O45 - LFCP:[MD5.51485AB188ABE97F82DF2B8E93B4EF52] - 25/04/2013 - 13:42:24 ---A- - C:\Windows\Prefetch\VIDEODECODE.EXE-DB7BF03E.pf O45 - LFCP:[MD5.02715D24A0094F5993DE524A4DD88BC2] - 25/04/2013 - 13:42:26 ---A- - C:\Windows\Prefetch\VIDEOPRELOAD.EXE-6DAB722D.pf O45 - LFCP:[MD5.519C9DAEF0CABCAD6FF5BE5687850CAD] - 25/04/2013 - 13:42:31 ---A- - C:\Windows\Prefetch\VIDEOOUTPUT.EXE-58EC7097.pf O45 - LFCP:[MD5.7F87E43334BD95F3120A4362A7F3481E] - 25/04/2013 - 15:48:51 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-7EEABF0C.pf ~ Prefetcher: 140 Legitimates Filtered in 00mn 01s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.311A0F828A8B80E790C1F60633D35F05] - 15/03/2011 - 15:55:06 RSH-- . (...) -- C:\Windows\SysWOW64\613320F2CF.sys [88] ~ Drivers: Scanned in 00mn 00s 2ème partie du dernier fichier : ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 22/04/2013 - 08:54:54 ---A- C:\Users\MichelD\AppData\Local\Corel\LastDBFilter.PspCache [64] O61 - LFC: 22/04/2013 - 08:54:54 ---A- C:\Users\MichelD\AppData\Local\Corel\LastDBTreeSel.PspCache [64] O61 - LFC: 22/04/2013 - 08:59:19 ----- C:\Users\MichelD\Documents\My PSP Files\Paramètres par défaut\Preset_Crop_ Dernières options appliquées.PspScript [671] O61 - LFC: 22/04/2013 - 09:15:38 ---A- C:\Users\MichelD\AppData\Local\Corel\ImageDB.db [2161664] O61 - LFC: 22/04/2013 - 10:09:24 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\index.gix [1422105] O61 - LFC: 22/04/2013 - 10:09:39 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\log_backup.bin [53969] O61 - LFC: 22/04/2013 - 10:09:39 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\log_backup.html [26756] O61 - LFC: 22/04/2013 - 13:51:57 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Lead_02.wav [0] O61 - LFC: 22/04/2013 - 14:34:53 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-05.bak [919071] O61 - LFC: 22/04/2013 - 14:59:25 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Lead_03.wav [13328928] O61 - LFC: 22/04/2013 - 14:59:25 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Lead_03.peak [208352] O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\internal_files.lst [274] O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\maindata.sys [1113] O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\treeobj.gdat [487] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\Desktop.gdat [8076] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\index.gix [1423741] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\mydoc.gdat [1585304] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\regsitry.gdat [214] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\wincontacts.gdat [264] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\winmail.gdat [20130] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\winsettings.gdat [48090] O61 - LFC: 23/04/2013 - 10:18:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\log_backup.bin [54397] O61 - LFC: 23/04/2013 - 10:18:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\log_backup.html [26752] O61 - LFC: 23/04/2013 - 14:40:56 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269291] O61 - LFC: 24/04/2013 - 10:46:26 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\index.gix [1423753] O61 - LFC: 24/04/2013 - 10:46:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\log_backup.bin [54731] O61 - LFC: 24/04/2013 - 10:46:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\log_backup.html [26756] O61 - LFC: 24/04/2013 - 13:37:17 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-04.bak [919618] O61 - LFC: 25/04/2013 - 08:54:03 ---A- C:\Users\MichelD\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163] O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\internal_files.lst [274] O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\maindata.sys [1113] O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\treeobj.gdat [487] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\Desktop.gdat [8076] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\index.gix [1424164] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\mydoc.gdat [1585760] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\regsitry.gdat [214] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\wincontacts.gdat [264] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\winmail.gdat [20132] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\winsettings.gdat [48090] O61 - LFC: 25/04/2013 - 10:10:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\JobSettings.dat [2397] O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Data\backupStatus.dat [4730] O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\log_backup.bin [54595] O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\log_backup.html [26750] O61 - LFC: 25/04/2013 - 13:36:32 ---A- C:\Users\MichelD\Documents\ZHPDiag [62267] O61 - LFC: 25/04/2013 - 13:39:33 ---A- C:\Users\MichelD\Downloads\pjjoint_uploader.exe [333056] O61 - LFC: 25/04/2013 - 13:42:31 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\mediabay3.db [14004224] O61 - LFC: 25/04/2013 - 13:45:09 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_03.wav [5278276] O61 - LFC: 25/04/2013 - 13:45:09 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_03.peak [82560] O61 - LFC: 25/04/2013 - 13:46:42 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_04.wav [4400672] O61 - LFC: 25/04/2013 - 13:46:42 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_04.peak [68848] O61 - LFC: 25/04/2013 - 13:47:12 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_05.wav [888052] O61 - LFC: 25/04/2013 - 13:47:12 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_05.peak [13960] O61 - LFC: 25/04/2013 - 13:47:34 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_06.wav [1075956] O61 - LFC: 25/04/2013 - 13:47:34 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_06.peak [16896] O61 - LFC: 25/04/2013 - 13:55:23 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_07.wav [3699180] O61 - LFC: 25/04/2013 - 13:55:23 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_07.peak [57888] O61 - LFC: 25/04/2013 - 13:58:10 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-03.bak [920871] O61 - LFC: 25/04/2013 - 14:00:51 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_08.wav [385852] O61 - LFC: 25/04/2013 - 14:00:51 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_08.peak [6120] O61 - LFC: 25/04/2013 - 14:01:50 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_09.wav [4249720] O61 - LFC: 25/04/2013 - 14:01:50 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_09.peak [66488] O61 - LFC: 25/04/2013 - 14:02:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_02.wav [1573780] O61 - LFC: 25/04/2013 - 14:02:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_02.peak [24680] O61 - LFC: 25/04/2013 - 14:02:54 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_03.wav [1588558] O61 - LFC: 25/04/2013 - 14:02:54 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_03.peak [24912] O61 - LFC: 25/04/2013 - 14:03:55 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_04.wav [4265540] O61 - LFC: 25/04/2013 - 14:03:55 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_04.peak [66736] O61 - LFC: 25/04/2013 - 14:09:17 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_06.wav [4227264] O61 - LFC: 25/04/2013 - 14:09:17 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_06.peak [66136] O61 - LFC: 25/04/2013 - 14:12:16 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_07.wav [2079036] O61 - LFC: 25/04/2013 - 14:12:16 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_07.peak [32576] O61 - LFC: 25/04/2013 - 14:12:37 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_08.wav [691160] O61 - LFC: 25/04/2013 - 14:12:37 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_08.peak [10888] O61 - LFC: 25/04/2013 - 14:12:56 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_09.wav [729120] O61 - LFC: 25/04/2013 - 14:12:56 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_09.peak [11480] O61 - LFC: 25/04/2013 - 14:13:26 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_10.wav [1652858] O61 - LFC: 25/04/2013 - 14:13:26 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_10.peak [25912] O61 - LFC: 25/04/2013 - 14:13:26 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-02.bak [995953] O61 - LFC: 25/04/2013 - 14:14:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_11.wav [4250940] O61 - LFC: 25/04/2013 - 14:14:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_11.peak [66512] O61 - LFC: 25/04/2013 - 14:14:48 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_12.wav [1077228] O61 - LFC: 25/04/2013 - 14:14:48 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_12.peak [16920] O61 - LFC: 25/04/2013 - 14:15:22 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_13.wav [2118900] O61 - LFC: 25/04/2013 - 14:15:22 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_13.peak [33192] O61 - LFC: 25/04/2013 - 14:15:41 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_14.wav [776684] O61 - LFC: 25/04/2013 - 14:15:41 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_14.peak [12224] O61 - LFC: 25/04/2013 - 14:16:40 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_15.wav [4316476] O61 - LFC: 25/04/2013 - 14:16:40 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_15.peak [67536] O61 - LFC: 25/04/2013 - 14:17:00 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_16.wav [736448] O61 - LFC: 25/04/2013 - 14:17:00 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_16.peak [11592] O61 - LFC: 25/04/2013 - 14:17:57 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_17.wav [3960476] O61 - LFC: 25/04/2013 - 14:17:57 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_17.peak [61968] O61 - LFC: 25/04/2013 - 14:28:27 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD.bak [999989] O61 - LFC: 25/04/2013 - 15:19:40 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD.cpr [999985] O61 - LFC: 25/04/2013 - 15:19:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\External Plugins.xml [79] O61 - LFC: 25/04/2013 - 15:19:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Midi Devices.bin [13722] O61 - LFC: 25/04/2013 - 15:19:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Quick Controls MIDI.xml [1082] O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Key Commands.xml [156824] O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Port Setup.xml [3348] O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Vst2xBlacklist Cubase.xml [322] O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Vst2xPlugins Cubase.xml [17590] O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\GuitarLib.xml [73063] O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\MediaDefaults.xml [178922] O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Default Font.xml [253] O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Setting Window.xml [154] O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Edit Modifiers.xml [2224] O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\Chord Symbols.pxml [3722] O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\MediaBrowserLocations.pxml [2847] O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\RAMPresets.xml [15314] O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Custom Palettes.xml [3075] O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Window Layouts.xml [194] O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\ContentManager.xml [63657] O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Defaults.xml [2252465] O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\VstPlugInfoV2.xml [46511] O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\VstPresetCompatibilityPlugInfo.xml [6294] O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\scannedFolders3.bin [17666] O61 - LFC: 25/04/2013 - 15:20:00 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Cubase Module Cache.xml [133962] O61 - LFC: 25/04/2013 - 15:20:03 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Frame.xml [272] O61 - LFC: 25/04/2013 - 15:20:50 ---A- C:\Users\MichelD\Downloads\adwcleaner.exe [619461] O61 - LFC: 25/04/2013 - 15:40:19 ---A- C:\Users\MichelD\Downloads\AnySendSetup.exe [685624] O61 - LFC: 25/04/2013 - 16:05:25 ---A- C:\Users\MichelD\AppData\Roaming\AnySend\VidPlays.dat [9] O61 - LFC: 25/04/2013 - 16:05:43 ---A- C:\Users\MichelD\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [94208] O61 - LFC: 25/04/2013 - 16:05:46 ---A- C:\Users\MichelD\AppData\Roaming\DSite\UpdateProc\config.dat [111] O61 - LFC: 25/04/2013 - 16:06:52 R--A- C:\Users\MichelD\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\ARPPRODUCTICON.exe [69632] O61 - LFC: 25/04/2013 - 16:06:52 R--A- C:\Users\MichelD\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe [49152] O61 - LFC: 25/04/2013 - 16:07:01 ---A- C:\Users\MichelD\Qtrax\Player\Config.txt [9] O61 - LFC: 25/04/2013 - 16:11:03 ---A- C:\Users\MichelD\Downloads\File_Extractor_4.exe [1147968] O61 - LFC: 25/04/2013 - 16:16:16 ---A- C:\Users\MichelD\Downloads\JRT.exe [535764] O61 - LFC: 25/04/2013 - 16:17:03 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data [81920] O61 - LFC: 25/04/2013 - 16:17:03 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data [100352] O61 - LFC: 25/04/2013 - 16:17:03 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data [81920] O61 - LFC: 25/04/2013 - 16:17:04 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences [32265] O61 - LFC: 25/04/2013 - 16:17:04 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences [55964] O61 - LFC: 25/04/2013 - 16:17:04 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 4\Preferences [14369] O61 - LFC: 25/04/2013 - 16:17:58 ---A- C:\Users\MichelD\Downloads\JRT (1).exe [535764] O61 - LFC: 25/04/2013 - 16:51:00 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Local State [31204] O61 - LFC: 25/04/2013 - 16:53:17 ---A- C:\Users\MichelD\AppData\Roaming\AnySend\AnySend.dat [32] ~ 198 Fichiers temporaires (Temporary files) ~ 2 Fichiers cookies (Cookies files) ~ Files: 635 Legitimates Filtered in 02mn 42s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - Delta Search =>Toolbar.DeltaSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.CC962A92841E5AA865DFBDB7F733F06E] [sPRF][24/03/2013] (...) -- C:\ProgramData\NTUSER.dat [262144] [MD5.E803BB7697898ED5E84C59D80596F19D] [sPRF][25/04/2013] (.AnySend.com - AnySend Setup.) -- C:\Users\MichelD\AppData\Local\Temp\AnySendSetup.exe [15823856] [MD5.60AE40FDCBBD543C73D6ABEE09F06212] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\etime.dat [10] [MD5.CB0107FDE27B05772F79977D05DEFA6E] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\mlv_ar_qvo6.exe [93776] =>Hijacker.Qvo6 [MD5.5A8222C703B4A34F2227A652A49A2827] [sPRF][11/03/2011] (.Tarma Software Research Pty Ltd - Tarma® Installer.) -- C:\Users\MichelD\AppData\Local\Temp\up-1A9C.exe [227984] =>Toolbar.Tarma [MD5.BCFAEE85EC74C624D660EF170D1FCEB5] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\wajam_install.exe [493544] =>Toolbar.Wajam [MD5.5A8222C703B4A34F2227A652A49A2827] [sPRF][11/03/2011] (.Tarma Software Research Pty Ltd - Tarma® Installer.) -- C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.exe [227984] =>Toolbar.Tarma [MD5.F257C2C04DFDC84D506BA85D2F33C738] [sPRF][19/02/2011] (.Genie-soft - Genie Timeline.) -- C:\Users\MichelD\Desktop\GenieTimelineSetupPro.exe [169325096] [MD5.FD0675CA67B9C62DA0C248A7ECD9FB9E] [sPRF][08/08/2012] (.ManiacTools.com - Free M4a to MP3 Converter Setup.) -- C:\Users\MichelD\Desktop\m4a-to-mp3-converter.exe [5922048] [MD5.47AFEAEFD72C146BF261EEE7EFEDC96A] [sPRF][25/10/2008] (.Macrovision Corporation - Setup.exe.) -- C:\Users\MichelD\Desktop\PSPP12_Corel_Retail_PF_EN_IE_FR_DE_ES_IT_NL_ESD.exe [343592608] ~ Files: Scanned in 00mn 11s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{DAC0C5EC-1933-4AEF-AC03-2CC00E925B3E}" | In - None - P17 - TRUE | .(.Steinberg Media Technologies - Application.) -- E:\Program Files (x86)\Steinberg\VST Connect SE Performer\VST Connect SE Performer.exe O87 - FAEL: "{7461D0CA-0E92-4FF2-A58B-06310F781B01}" | In - None - P17 - TRUE | .(.Steinberg Media Technologies - Cubase 7.) -- E:\Program Files\Steinberg\Cubase 7\Cubase7.exe O87 - FAEL: "{F6FFB485-D9C2-4778-9986-F221B91A9092}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - AnySend Sender Service.) -- C:\Program Files (x86)\AnySend\AnySendSVC.exe ~ Firewall: 229 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11707 - (24/04/2013) Clés trouvées (Keys found) : 104 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 3 [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore [HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKLM\Software\Tarma Installer] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}] =>Adware.Boxore [HKLM\Software\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Wow6432Node\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Wow6432Node\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ C:\Program Files (x86)\Boxore =>Adware.Boxore C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.exe =>Adware.Yontoo C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.log =>Adware.Yontoo C:\Users\MichelD\AppData\Local\Temp\wajam_install.exe =>Toolbar.Wajam ~ Additionnel Scan: 302127 Items scanned in 01mn 10s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1EAD96AE2CB1DE84BAA9425A8CCA0817" . (.Boxore Client.) -- C:\Windows\Installer\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}\boxore.ico =>Adware.Boxore ~ Update Products: 162 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\5d5dd8ae56eeb45] =>Toolbar.Babylon^ [HKCU\Software\5d5dd8ae56eeb45]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\5d5dd8ae56eeb45]:version="2.6.1249.132" [HKLM\Software\Wow6432Node\5d5dd8ae56eeb45] =>Toolbar.Babylon^ [HKLM\Software\Wow6432Node\5d5dd8ae56eeb45]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\Wow6432Node\5d5dd8ae56eeb45]:version="2.6.1249.132" ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 3667024 | (AnySendService) . (...) - C:\Program Files (x86)\AnySend\AnySendSVC.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 31/10/2012 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Disabled 2787280 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon SS - | Demand 11/06/2011 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe SR - | Auto 23/02/2009 307200 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe SS - | Auto 19/07/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/07/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 28/10/2010 357456 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 4901888 | (NVIDIA Performance Driver Service) . (...) - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 177704 | (ProtexisLicensing) . (...) - C:\Windows\SysWOW64\PSIService.exe SR - | Auto 02/04/2013 1124184 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 31/01/2013 2402080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Auto 0 | (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>PUP.Yontoo ~ Services: Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by MichelD at 25/04/2013 18:03:46 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by MichelD at 25/04/2013 18:03:48 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2055 Legitimates filtered by white list End of the scan (820 lines in 13mn 02s)(0)
  11. MichelD33
    Le fichier JRT : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.9 (04.22.2013:1) OS: Windows 7 Home Premium x64 Ran by MichelD on 25/04/2013 at 17:16:45,20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] browserprotect Failed to delete: [service] browserprotect Successfully stopped: [service] supdate Successfully deleted: [service] supdate Successfully stopped: [service] wajamupdater Successfully deleted: [service] wajamupdater Failed to stop: [service] yontoo desktop updater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\boxore client Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\clover Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\combroadcaster Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combroadcaster Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\combroadcaster Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\comnetwork Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\comnetwork Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\comnetwork Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\consumer input update Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\consumer input update Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\consumer input update Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\coupon alert Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\coupon alert Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\coupon alert Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p browser plugin loader Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p browser plugin loader Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p browser plugin loader Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p search scope monitor Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p search scope monitor Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p search scope monitor Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cscrkill Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cscrkill Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cscrkill Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\datamngr Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dealrunner Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dealrunner Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dealrunner Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dhagent Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dhagent Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dhagent Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\displayswitch Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\donkeyup Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\donkeyup Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\donkeyup Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\download beast Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\download beast Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\download beast Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\download-freesoft Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\download-freesoft Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\download-freesoft Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\driver genius Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\driverscanner Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7 Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dw7 Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dw7 Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eocalendar Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eocalendar Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eocalendar Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eocomputer Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eocomputer Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eocomputer Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eodesk3d Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eodesk3d Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eodesk3d Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eoengine Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eoengine Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eoengine Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eomap Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eomap Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eomap Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eophoto Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eophoto Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eophoto Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eoprogrammetele Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eoprogrammetele Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eoprogrammetele Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pc speed maximizer Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yontoo desktop Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4063118693-3743606708-3248725021-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\64a6e60055d801f4bb8ac269354b72b8 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\64a6e60055d801f4bb8ac269354b72b8 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\1c875dde39636004ca8cdaec335b4160 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\ba086f2d38a8e1a47912955a68b3ad24 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mime\database\content type\application/x-vnd.software.oneclickctrl.8 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\software.oneclickctrl.8 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.coreclass Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.coreclass.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.ondemandcomclassmachine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.ondemandcomclassmachine.1.0 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Failed to delete: [Folder] "C:\ProgramData\browserprotect" Successfully deleted: [Folder] "C:\ProgramData\installbrainservice" Successfully deleted: [Folder] "C:\ProgramData\software" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\babsolution" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\dealply" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\yontoo" Successfully deleted: [Folder] "C:\Users\MichelD\appdata\local\software" Successfully deleted: [Folder] "C:\Users\MichelD\appdata\local\wajam" Successfully deleted: [Folder] "C:\Program Files (x86)\babylontoolbar" Failed to delete: [Folder] "C:\Program Files (x86)\boxore" Successfully deleted: [Folder] "C:\Program Files (x86)\dealply" Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed maximizer" Successfully deleted: [Folder] "C:\Program Files (x86)\software" Successfully deleted: [Folder] "C:\Program Files (x86)\wajam" Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\microsoft\windows\start menu\programs\dealply" Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\microsoft\windows\start menu\programs\wajam" Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{14EDC038-AFF4-4CEB-9821-70211F0903BE} Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{24CE2913-1F14-46CB-9B92-73EE532A26CA} Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{3BE49273-6804-4E31-8D5B-3CDF829ED37A} Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{74885B1F-35F5-4600-B164-E5AA89060B4B} Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{A29919FC-1EF3-4C31-B178-FC730C0BF28A} Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{C9A3D00C-CA33-45FF-A12B-8BC594CF517A} ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\user.js Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\bprotector_prefs.js Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\searchplugins\browserprotect.xml Successfully deleted: [Folder] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Folder] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\extensions\jid1-uabu5A9hduqzCw@jetpack Successfully deleted: [Folder] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\extensions\plugin@yontoo.com Successfully deleted the following from C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\prefs.js user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=633C061E2A4B185F"); user_pref("browser.search.order.1", "Delta Search"); user_pref("browser.search.selectedEngine", "Delta Search"); user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=633C061E2A4B185F"); Emptied folder: C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\minidumps [5 files] ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist Successfully deleted: [Folder] C:\Users\MichelD\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25/04/2013 at 17:42:28,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  12. MichelD33
    Et maintenant, le 2ème : # AdwCleaner v2.202 - Rapport créé le 25/04/2013 à 16:27:31 # Mis à jour le 23/04/2013 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : MichelD - MICHELD-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\MichelD\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Program Files (x86)\BabylonToolbar Dossier Supprimé : C:\Program Files (x86)\Common Files\AVG Secure Search Dossier Supprimé : C:\Program Files (x86)\Desk 365 Dossier Supprimé : C:\ProgramData\Babylon Dossier Supprimé : C:\ProgramData\Codecs Pack Manager Dossier Supprimé : C:\ProgramData\eSafe Dossier Supprimé : C:\Users\MichelD\AppData\Local\PackageAware Dossier Supprimé : C:\Users\MichelD\AppData\Local\Temp\Desk365 Dossier Supprimé : C:\Users\MichelD\AppData\Roaming\Babylon Dossier Supprimé : C:\Users\MichelD\AppData\Roaming\BabylonToolbar Dossier Supprimé : C:\Users\MichelD\AppData\Roaming\eIntaller Dossier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\jetpack Fichier Désinfecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Fichier Désinfecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk Fichier Désinfecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Fichier Désinfecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Fichier Désinfecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk Fichier Désinfecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Fichier Désinfecté : C:\Users\MichelD\Desktop\Google Chrome.lnk Fichier Désinfecté : C:\Users\Public\Desktop\Mozilla Firefox.lnk Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Fichier Supprimé : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml Fichier Supprimé : C:\user.js Fichier Supprimé : C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Fichier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bProtector_extensions.rdf Fichier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bprotector_extensions.sqlite Fichier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bprotector_prefs.js Fichier Supprimé : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\searchplugins\bProtect.xml Fichier Supprimé : C:\Windows\SysWOW64\searchplugins\bProtect.xml ***** [Registre] ***** Clé Supprimée : HKCU\Software\BabylonToolbar Clé Supprimée : HKCU\Software\bProtector Clé Supprimée : HKCU\Software\DataMngr Clé Supprimée : HKCU\Software\DataMngr_Toolbar Clé Supprimée : HKCU\Software\Microsoft\Babylon Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Clé Supprimée : HKCU\Software\Softonic Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Clé Supprimée : HKLM\Software\Babylon Clé Supprimée : HKLM\Software\BabylonToolbar Clé Supprimée : HKLM\Software\bProtector Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Clé Supprimée : HKLM\SOFTWARE\Classes\b Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Clé Supprimée : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193 Clé Supprimée : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\Software\DataMngr Clé Supprimée : HKLM\Software\Desksvc Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Clé Supprimée : HKLM\Software\qvo6Software Clé Supprimée : HKLM\Software\V9 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Donnée Supprimée : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 Donnée Supprimée : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 Donnée Supprimée : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16476 Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 --> hxxp://www.google.com Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 --> hxxp://www.google.com Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={5FB27DD6-C601-49A6-9B6C-78DF2E11E3C9}&mid=7b89029a19c247d1970dd1566fe40f0d-8e306a048529d410709c9bfdbd27e45c5f61dc70&lang=fr&ds=tt014&pr=sa&d=2011-12-16 09:30:46&v=9.0.0.22&sap=nt --> hxxp://www.google.com Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 --> hxxp://www.google.com Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 --> hxxp://www.google.com Remplacé : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 --> hxxp://www.google.com Remplacé : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 --> hxxp://www.google.com -\\ Mozilla Firefox v10.0 (fr) Fichier : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\prefs.js C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\user.js ... Supprimé ! Supprimée : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114022&tt=3212_5&babsrc=NT_ss&mntr[...] Supprimée : user_pref("extensions.BabylonToolbar.admin", false); Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Supprimée : user_pref("extensions.BabylonToolbar.excTlbr", false); Supprimée : user_pref("extensions.BabylonToolbar.id", "633cab74000000000000061e2a4b185f"); Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15560"); Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Supprimée : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6"); Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6"); Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", ""); Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114022&tt=3212_5"); Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", true); Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=114022&tt=3212_[...] Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.615:54:03"); Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114022&tt=3212_5&babsrc=KW_ss&mntrId=633c[...] Supprimée : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid[...] Supprimée : user_pref("browser.search.defaultenginename", "qvo6"); Supprimée : user_pref("browser.search.order.1", "qvo6"); Supprimée : user_pref("browser.search.selectedEngine", "qvo6"); -\\ Google Chrome v26.0.1410.64 Fichier : C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\Preferences Supprimée [l.3578] : urls_to_restore_on_startup = [ "hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid[...] ************************* AdwCleaner[R1].txt - [17476 octets] - [25/04/2013 16:21:52] AdwCleaner[s1].txt - [15690 octets] - [25/04/2013 16:27:31] ########## EOF - C:\AdwCleaner[s1].txt - [15751 octets] ##########
  13. MichelD33
    Ci-après le premier fichier : # AdwCleaner v2.202 - Rapport créé le 25/04/2013 à 16:21:52 # Mis à jour le 23/04/2013 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : MichelD - MICHELD-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\MichelD\Downloads\adwcleaner.exe # Option [Recherche] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Présent : C:\Program Files (x86)\BabylonToolbar Dossier Présent : C:\Program Files (x86)\Common Files\AVG Secure Search Dossier Présent : C:\Program Files (x86)\Desk 365 Dossier Présent : C:\ProgramData\Babylon Dossier Présent : C:\ProgramData\Codecs Pack Manager Dossier Présent : C:\ProgramData\eSafe Dossier Présent : C:\Users\MichelD\AppData\Local\PackageAware Dossier Présent : C:\Users\MichelD\AppData\Local\Temp\Desk365 Dossier Présent : C:\Users\MichelD\AppData\Roaming\Babylon Dossier Présent : C:\Users\MichelD\AppData\Roaming\BabylonToolbar Dossier Présent : C:\Users\MichelD\AppData\Roaming\eIntaller Dossier Présent : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\jetpack Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\MichelD\Desktop\Google Chrome.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Infecté : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649) Fichier Présent : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Fichier Présent : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Fichier Présent : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml Fichier Présent : C:\user.js Fichier Présent : C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Fichier Présent : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bProtector_extensions.rdf Fichier Présent : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bprotector_extensions.sqlite Fichier Présent : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bprotector_prefs.js Fichier Présent : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\searchplugins\bProtect.xml Fichier Présent : C:\Windows\SysWOW64\searchplugins\bProtect.xml ***** [Registre] ***** Clé Présente : HKCU\Software\BabylonToolbar Clé Présente : HKCU\Software\bProtector Clé Présente : HKCU\Software\DataMngr Clé Présente : HKCU\Software\DataMngr_Toolbar Clé Présente : HKCU\Software\Microsoft\Babylon Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Clé Présente : HKCU\Software\Softonic Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Clé Présente : HKLM\Software\Babylon Clé Présente : HKLM\Software\BabylonToolbar Clé Présente : HKLM\Software\bProtector Clé Présente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Présente : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Clé Présente : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Présente : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Clé Présente : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Présente : HKLM\SOFTWARE\Classes\AppID\escort.DLL Clé Présente : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Clé Présente : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Clé Présente : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Clé Présente : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Clé Présente : HKLM\SOFTWARE\Classes\b Clé Présente : HKLM\SOFTWARE\Classes\Babylon.dskBnd Clé Présente : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Clé Présente : HKLM\SOFTWARE\Classes\bbylnApp.appCore Clé Présente : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Clé Présente : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Clé Présente : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Clé Présente : HKLM\SOFTWARE\Classes\escort.escortIEPane Clé Présente : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Clé Présente : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Clé Présente : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Clé Présente : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193 Clé Présente : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Présente : HKLM\Software\DataMngr Clé Présente : HKLM\Software\Desksvc Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Clé Présente : HKLM\Software\qvo6Software Clé Présente : HKLM\Software\V9 Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Clé Présente : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Clé Présente : HKU\S-1-5-21-4063118693-3743606708-3248725021-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Clé Présente : HKU\S-1-5-21-4063118693-3743606708-3248725021-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Clé Présente : HKU\S-1-5-21-4063118693-3743606708-3248725021-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Donnée Présente : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 Donnée Présente : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 Donnée Présente : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 Valeur Présente : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Valeur Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16476 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={5FB27DD6-C601-49A6-9B6C-78DF2E11E3C9}&mid=7b89029a19c247d1970dd1566fe40f0d-8e306a048529d410709c9bfdbd27e45c5f61dc70&lang=fr&ds=tt014&pr=sa&d=2011-12-16 09:30:46&v=9.0.0.22&sap=nt [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649 -\\ Mozilla Firefox v10.0 (fr) Fichier : C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\prefs.js Présente : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114022&tt=3212_5&babsrc=NT_ss&mntr[...] Présente : user_pref("extensions.BabylonToolbar.admin", false); Présente : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Présente : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Présente : user_pref("extensions.BabylonToolbar.excTlbr", false); Présente : user_pref("extensions.BabylonToolbar.id", "633cab74000000000000061e2a4b185f"); Présente : user_pref("extensions.BabylonToolbar.instlDay", "15560"); Présente : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Présente : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Présente : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Présente : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Présente : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Présente : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6"); Présente : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6"); Présente : user_pref("extensions.BabylonToolbar_i.babExt", ""); Présente : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114022&tt=3212_5"); Présente : user_pref("extensions.BabylonToolbar_i.newTab", true); Présente : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=114022&tt=3212_[...] Présente : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Présente : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Présente : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.615:54:03"); Présente : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114022&tt=3212_5&babsrc=KW_ss&mntrId=633c[...] Présente : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid[...] Présente : user_pref("browser.search.defaultenginename", "qvo6"); Présente : user_pref("browser.search.order.1", "qvo6"); Présente : user_pref("browser.search.selectedEngine", "qvo6"); -\\ Google Chrome v26.0.1410.64 Fichier : C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\Preferences Présente [l.3578] : urls_to_restore_on_startup = [ "hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3160815AS_6RX3HGPB&ts=1366877649" ] ************************* AdwCleaner[R1].txt - [17387 octets] - [25/04/2013 16:21:52] ########## EOF - C:\AdwCleaner[R1].txt - [17448 octets] ##########
  14. MichelD33
    Pardon pour ma question, je pensais qu'il fallait que je passe par PJJ 1ère partie : Rapport de ZHPDiag v2013.4.24.149 par Nicolas Coolman, Update du 24/04/2013 Run by MichelD at 25/04/2013 14:04:52 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : J6VFR Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Kaspersky Internet Security 2012 v12.0.0.374 Windows Defender W7 ---\\ System Optimizer ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 7 ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (36% free) System Restore: Activé (Enable) System drive C: has 33 GB (23%) free of 139 GB ---\\ Logged in mode ~ Computer Name: MICHELD-PC ~ User Name: MichelD ~ All Users Names: MichelD, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\MichelD\AppData\Roaming\ ~ %Desktop% : C:\Users\MichelD\Desktop\ ~ %Favorites% : C:\Users\MichelD\Favorites\ ~ %LocalAppData% : C:\Users\MichelD\AppData\Local\ ~ %StartMenu% : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 33 Go of 139 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 296 Go of 466 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 308 Go of 466 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 10 Go) G:\ CD-ROM drive (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B8965FB53551B5455630A4B804D0791F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 07:04:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1655656] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/6092 ~ Mes musiques (My Musics) : 1/1270 ~ Mes Videos (My Videos) : 2/18 ~ Mes Favoris (My Favorites) : 1/52 ~ Mes Documents (My Documents) : 3/4348 ~ Mon Bureau (My Desktop) : 1/64 ~ Menu demarrer (Programs) : 1/172 ~ Hidden Files: Scanned in 00mn 10s ---\\ Processus lancés [MD5.25306651A6252E8E84CB4B0E73E551AA] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2115416] [PID.2944] [MD5.B77F17EBF26E81208B54DCFAB89778B6] - (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531784] [PID.3260] [MD5.E986D1068AEF099CA3BE2AEAB4C8D643] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3488] [MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.1940] [MD5.3073BFF2DE45BC5B5E6EDA3DEB81C3DB] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe [15976512] [PID.3864] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.5708] [MD5.D5DD67242AE56B98EFE63AAEB54D7141] - (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe [1054496] [PID.5288] [MD5.40B0984898872680829A49EDBCB0954D] - (.TuneUp Software - TuneUp Uninstall Manager.) -- C:\Program Files (x86)\TuneUp Utilities 2013\UninstallManager.exe [230176] [PID.5144] [MD5.8ECBD447964D1D003FF0ADAA10AE3376] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6987264] [PID.4708] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.920] [MD5.C4C4736DCE60276E9B0CB0FE3A848586] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184] [PID.448] [MD5.07BA6D17E66879018B30B6C3F976EBED] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200] [PID.1196] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1812] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1888] [MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\Windows\SysWOW64\PSIService.exe [177704] [PID.2108] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] Google ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\prefs.js C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\user.js M3 - MFPP: Plugins - [MichelD] -- C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\searchplugins\bProtect.xml M3 - MFPP: Plugins - [MichelD] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg-secure-search.xml M3 - MFPP: Plugins - [MichelD] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [MichelD] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6 M0 - MFSP: prefs.js [MichelD - p2s2qu9t.default] Qvo6.com =>Hijacker.Qvo6 M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\jid1-uabu5A9hduqzCw@jetpack] [] SpeedFox v0.9.11 (..) M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\{ab91efd4-6975-4081-8552-1b3922ed79e2}] [] HP Detect v1.0.5.1 (..) P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\MichelD\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ~ Firefox Browser: 42 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com =>Hijacker.Qvo6 R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com =>Hijacker.Qvo6 R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com =>Hijacker.Qvo6 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com =>Hijacker.Qvo6 R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://isearch.avg.com R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - Pas de description.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll =>Toolbar.Babylon ~ BHO: 20 Legitimates Filtered in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Corel Photo Downloader] . (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [GBMPro9Agent] . (.Genie-soft - Genie Backup Agent.) -- C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-4063118693-3743606708-3248725021-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-4063118693-3743606708-3248725021-1000\..\Run: [GBMPro9Agent] . (.Genie-soft - Genie Backup Agent.) -- C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\TaskBar: TuneUp Utilities - Interface de démarrage.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com =>Hijacker.Qvo6 O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com =>Hijacker.Qvo6 O4 - GS\QuickLaunch: Corel MediaOne.lnk . (.Corel, Inc. - MediaOne.) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel MediaOne.exe O4 - GS\QuickLaunch: Corel Paint Shop Pro Photo X2.lnk . (.Corel, Inc. - Paint Shop Pro X2.) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com =>Hijacker.Qvo6 O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe Qvo6.com =>Hijacker.Qvo6 O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com =>Hijacker.Qvo6 O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe O4 - GS\Desktop: Cubase 6 64bit.lnk . (.Steinberg Media Technologies - Cubase 6.) -- E:\Cubase6\Cubase6.exe O4 - GS\Desktop: Cubase 7 64bit.lnk . (.Steinberg Media Technologies - Cubase 7.) -- E:\Program Files\Steinberg\Cubase 7\Cubase7.exe O4 - GS\Desktop: Disque amovible (I) - Raccourci.lnk . (...) -- I:\ O4 - GS\Desktop: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com =>Hijacker.Qvo6 O4 - GS\Desktop: livetrader - Raccourci.lnk . (...) -- C:\Users\MichelD\Downloads\livetrader.jnlp O4 - GS\Desktop: Mes Oeuvres - Raccourci.lnk . (...) -- D:\iTunes\Music\Michel Dasré\Mes Oeuvres O4 - GS\Desktop: My Music Tools.lnk . (...) -- C:\Program Files (x86)\Free M4a to MP3 Converter\mymusictools.url O4 - GS\Desktop: Numérisations.lnk . (...) -- C:\Users\MichelD\Documents\Numérisations O4 - GS\Desktop: SIW.lnk . (.Topala Software Solutions - System Information.) -- C:\Program Files (x86)\SIW\siw.exe O4 - GS\Desktop: Solitaire.lnk - Clé orpheline O4 - GS\Desktop: VST Connect SE Performer.lnk . (.Steinberg Media Technologies - Application.) -- E:\Program Files (x86)\Steinberg\VST Connect SE Performer\VST Connect SE Performer.exe ~ Global Startup: Scanned in 00mn 07s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier &virtuel [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico O9 - Extra button: Analyse des &liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: NVIDIA Performance Driver Service (NVIDIA Performance Driver Service) . (.Pas de propriétaire - NVIDIA Performance Driver Service.) - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe ~ Services: 12 Legitimates Filtered in 00mn 12s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Michel wirelessspace-Différentiel.job [516] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Michel wirelessspace-Plein.job [516] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Sauvegarde MD-Différentiel.job [502] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Sauvegarde MD-Plein.job [502] [MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Michel wirelessspace-Diff‚rentiel] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Michel wirelessspace-Plein] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Sauvegarde MD-Diff‚rentiel] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Sauvegarde MD-Plein] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520] [MD5.43F7AD90C977B059FB0E4D94AFBBEA53] [APT] [{4A4D08F9-95C8-405E-AB0D-87238DE3FF34}] (.M-Audio.) -- D:\Restauration\C\Program Files\M-Audio\Fast Track Pro\FTPInstl.exe [28672] ~ Scheduled Task: 54 Legitimates Filtered in 00mn 11s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (RapportEI64) . (.Trusteer Ltd. - RapportEI.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys O41 - Driver: (RapportPG64) . (.Trusteer Ltd. - RapportPG64.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys ~ Drivers: 81 Legitimates Filtered in 00mn 01s ---\\ Logiciels installés (O42) O42 - Logiciel: Babylon toolbar on IE - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>Toolbar.Babylon O42 - Logiciel: BabylonObjectInstaller - (.Babylon Ltd.) [HKLM][64Bits] -- {83AA2913-C123-4146-85BD-AD8F93971D39} =>Toolbar.Babylon O42 - Logiciel: Ciel Comptes Personnels 9.0 - (.Ciel.) [HKLM][64Bits] -- {AEE86F74-2EF1-49F2-8739-CC0A94688639} O42 - Logiciel: Fortuneo LIVE TRADER - (.Ariane Software.) [HKCU][64Bits] -- Fortuneo LIVE TRADER O42 - Logiciel: Officejet Pro 8500 A909 Series - (.HP.) [HKLM][64Bits] -- {D850BEF5-67AF-4071-9538-FA9AC725D62C} O42 - Logiciel: eLicenser Control - (.Steinberg Media Technologies GmbH.) [HKLM][64Bits] -- eLicenser Control O42 - Logiciel: mySongBook Player - (.Arobas Music.) [HKLM][64Bits] -- {42F6B687-F7B1-41A8-87CB-043FBBE4621D}_is1 ~ Logic: 148 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Softonic] [HKCU\Software\bProtector] [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\V9] [HKLM\Software\Wow6432Node\bProtector] [HKLM\Software\Wow6432Node\deskSvc] ~ Key Software: 184 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 08/08/2012 - 15:47:38 - [2,022] ----D C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon O43 - CFD: 25/04/2013 - 10:19:20 - [0] ----D C:\Program Files (x86)\Desk 365 O43 - CFD: 28/03/2013 - 08:41:55 - [14,985] ----D C:\Program Files (x86)\eLicenser O43 - CFD: 08/08/2012 - 15:47:02 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 08/08/2012 - 15:48:49 - [4,592] ----D C:\ProgramData\Codecs Pack Manager O43 - CFD: 07/12/2012 - 19:01:25 - [55,980] ----D C:\ProgramData\eLicenser O43 - CFD: 08/08/2012 - 15:50:30 - [0,010] ----D C:\ProgramData\InstallBrainService O43 - CFD: 19/10/2012 - 22:51:03 - [0] ----D C:\ProgramData\mySongBook Player O43 - CFD: 08/08/2012 - 15:47:02 - [0,019] ----D C:\Users\MichelD\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 08/08/2012 - 15:47:53 - [2,113] ----D C:\Users\MichelD\AppData\Roaming\BabylonToolbar =>Toolbar.Babylon O43 - CFD: 25/04/2013 - 10:10:34 - [5,560] ----D C:\Users\MichelD\AppData\Roaming\eIntaller O43 - CFD: 17/05/2011 - 15:43:14 - [91,799] ----D C:\Users\MichelD\AppData\Roaming\Fortuneo O43 - CFD: 19/10/2012 - 22:51:07 - [0,019] ----D C:\Users\MichelD\AppData\Roaming\mySongBook Player O43 - CFD: 28/03/2013 - 08:42:13 - [1,319] ----D C:\Users\MichelD\AppData\Roaming\VST XMLs O43 - CFD: 09/03/2011 - 18:25:10 - [0,000] ----D C:\Users\MichelD\AppData\Local\eLicenser ~ 6 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 205 Legitimates Filtered in 00mn 23s 2ème partie : ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.44A14DF301961801210D69E28DB5DA8A] - 25/04/2013 - 13:05:59 ---A- . (...) -- C:\Windows\ntbtlog.txt [8745610] O44 - LFC:[MD5.DA7BF39F443B4D5B4190742D90FDD5F8] - 25/04/2013 - 12:28:30 ---A- . (...) -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.DA7BF39F443B4D5B4190742D90FDD5F8] - 25/04/2013 - 12:28:30 ---A- . (...) -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.E35456656EEC2B2B78DE504164839C00] - 25/04/2013 - 12:28:30 ---A- . (...) -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [788] O44 - LFC:[MD5.DA7BF39F443B4D5B4190742D90FDD5F8] - 25/04/2013 - 12:28:30 RSHAD . (...) -- C:\Windows\System32\BMXState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.DA7BF39F443B4D5B4190742D90FDD5F8] - 25/04/2013 - 12:28:30 RSHAD . (...) -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616] O44 - LFC:[MD5.E35456656EEC2B2B78DE504164839C00] - 25/04/2013 - 12:28:30 RSHAD . (...) -- C:\Windows\System32\DVCState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [788] ~ Files: 67 Legitimates Filtered in 00mn 26s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.A50A4C59BCD2FD605D3913C24D114DCB] - 22/04/2013 - 14:12:06 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-7EEABF0C.pf O45 - LFCP:[MD5.2F7151FE8366BB635A1E7C236EA86D6A] - 22/04/2013 - 14:15:48 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-821F3DA0.pf O45 - LFCP:[MD5.76B8F23E01D0264E65B52DF863C20D73] - 24/04/2013 - 08:40:46 ---A- - C:\Windows\Prefetch\IECACHEWININETLDR.EXE-38A7F315.pf O45 - LFCP:[MD5.F87AA9357DFBFFC2D3168281ECF763E9] - 24/04/2013 - 13:16:40 ---A- - C:\Windows\Prefetch\CUBASE7.EXE-D9AE6297.pf O45 - LFCP:[MD5.B225D014736335943DA709FF4483BF8E] - 24/04/2013 - 13:16:41 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-5427B272.pf O45 - LFCP:[MD5.A4AD9350905B23DF64B740E17A36A2E8] - 24/04/2013 - 13:16:53 ---A- - C:\Windows\Prefetch\VIDEODECODE.EXE-DB7BF03E.pf O45 - LFCP:[MD5.7DC2DE1D26236B063F9747A65D3694C6] - 24/04/2013 - 13:16:55 ---A- - C:\Windows\Prefetch\VIDEOPRELOAD.EXE-6DAB722D.pf O45 - LFCP:[MD5.054308C625915456A456B016780BD5FB] - 24/04/2013 - 13:16:58 ---A- - C:\Windows\Prefetch\VIDEOOUTPUT.EXE-58EC7097.pf O45 - LFCP:[MD5.F1E95CA42DCB67ACB74B0C6011178A16] - 25/04/2013 - 09:10:44 ---A- - C:\Windows\Prefetch\MLV_AR_QVO6.EXE-244DCF5E.pf =>Hijacker.Qvo6 O45 - LFCP:[MD5.7903F21F32962275414C2F25A87AC9B8] - 25/04/2013 - 09:11:55 ---A- - C:\Windows\Prefetch\SAMSUNG-ALLSHARE-WINDOWS-DOWN-46BFF43C.pf O45 - LFCP:[MD5.3DD8488D0B15C7D5380EC9FB33E876EA] - 25/04/2013 - 09:14:17 ---A- - C:\Windows\Prefetch\EXQ.EXE-31772F9B.pf O45 - LFCP:[MD5.9B697ED1E4EAF215909EA114942F8851] - 25/04/2013 - 09:14:26 ---A- - C:\Windows\Prefetch\DESK365.EXE-EF050FAE.pf O45 - LFCP:[MD5.71AB86C076405BD42513D468E25C2ADD] - 25/04/2013 - 09:14:54 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-888160B9.pf O45 - LFCP:[MD5.D9017C516D319EF33C3067EED1D828F7] - 25/04/2013 - 09:19:11 ---A- - C:\Windows\Prefetch\EDHELPER64.EXE-3463BBCC.pf O45 - LFCP:[MD5.E8FCB72B5EA59F0FCD26BB4C1EED0C10] - 25/04/2013 - 09:19:13 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-8515B334.pf O45 - LFCP:[MD5.BB02E73E2228A73E861DE9C924FF7750] - 25/04/2013 - 09:21:33 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6538F154.pf O45 - LFCP:[MD5.A0E3452DF0B6708A8B84F9FAA5BC987A] - 25/04/2013 - 09:46:05 ---A- - C:\Windows\Prefetch\STARTUPMANAGER.EXE-E7DA45E9.pf O45 - LFCP:[MD5.6E2207D80803EBEB7F41C40A8A21C7BB] - 25/04/2013 - 09:46:44 ---A- - C:\Windows\Prefetch\PROGRAMDEACTIVATOR.EXE-410663F9.pf O45 - LFCP:[MD5.075A49A57640FA8B352CA9E9408A49EE] - 25/04/2013 - 10:00:12 ---A- - C:\Windows\Prefetch\GBM.EXE-ACFAFDDD.pf ~ Prefetcher: 134 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.311A0F828A8B80E790C1F60633D35F05] - 15/03/2011 - 15:55:06 RSH-- . (...) -- C:\Windows\SysWOW64\613320F2CF.sys [88] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 22/04/2013 - 08:54:54 ---A- C:\Users\MichelD\AppData\Local\Corel\LastDBFilter.PspCache [64] O61 - LFC: 22/04/2013 - 08:54:54 ---A- C:\Users\MichelD\AppData\Local\Corel\LastDBTreeSel.PspCache [64] O61 - LFC: 22/04/2013 - 08:59:19 ----- C:\Users\MichelD\Documents\My PSP Files\Paramètres par défaut\Preset_Crop_ Dernières options appliquées.PspScript [671] O61 - LFC: 22/04/2013 - 09:15:38 ---A- C:\Users\MichelD\AppData\Local\Corel\ImageDB.db [2161664] O61 - LFC: 22/04/2013 - 10:09:24 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\index.gix [1422105] O61 - LFC: 22/04/2013 - 10:09:39 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\log_backup.bin [53969] O61 - LFC: 22/04/2013 - 10:09:39 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\log_backup.html [26756] O61 - LFC: 22/04/2013 - 13:51:57 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Lead_02.wav [0] O61 - LFC: 22/04/2013 - 14:34:53 ----- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-02.bak [919071] O61 - LFC: 22/04/2013 - 14:59:25 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Lead_03.wav [13328928] O61 - LFC: 22/04/2013 - 14:59:25 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Lead_03.peak [208352] O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\internal_files.lst [274] O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\maindata.sys [1113] O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\treeobj.gdat [487] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\Desktop.gdat [8076] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\index.gix [1423741] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\mydoc.gdat [1585304] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\regsitry.gdat [214] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\wincontacts.gdat [264] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\winmail.gdat [20130] O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\winsettings.gdat [48090] O61 - LFC: 23/04/2013 - 10:18:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\log_backup.bin [54397] O61 - LFC: 23/04/2013 - 10:18:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\log_backup.html [26752] O61 - LFC: 23/04/2013 - 14:40:56 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269291] O61 - LFC: 24/04/2013 - 10:46:26 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\index.gix [1423753] O61 - LFC: 24/04/2013 - 10:46:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\log_backup.bin [54731] O61 - LFC: 24/04/2013 - 10:46:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\log_backup.html [26756] O61 - LFC: 24/04/2013 - 13:16:57 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\mediabay3.db [14004224] O61 - LFC: 24/04/2013 - 13:37:17 ----- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD.bak [919618] O61 - LFC: 24/04/2013 - 21:52:34 ----- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD.cpr [919813] O61 - LFC: 24/04/2013 - 21:52:42 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\External Plugins.xml [79] O61 - LFC: 24/04/2013 - 21:52:42 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Midi Devices.bin [13722] O61 - LFC: 24/04/2013 - 21:52:42 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Quick Controls MIDI.xml [1082] O61 - LFC: 24/04/2013 - 21:52:43 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Key Commands.xml [156824] O61 - LFC: 24/04/2013 - 21:52:43 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Port Setup.xml [3348] O61 - LFC: 24/04/2013 - 21:52:43 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Vst2xBlacklist Cubase.xml [322] O61 - LFC: 24/04/2013 - 21:52:43 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Vst2xPlugins Cubase.xml [17590] O61 - LFC: 24/04/2013 - 21:52:44 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\MediaDefaults.xml [178922] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Edit Modifiers.xml [2224] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\GuitarLib.xml [73063] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\Chord Symbols.pxml [3723] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\MediaBrowserLocations.pxml [2847] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\RAMPresets.xml [15296] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Custom Palettes.xml [3075] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Default Font.xml [253] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Setting Window.xml [154] O61 - LFC: 24/04/2013 - 21:52:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Window Layouts.xml [194] O61 - LFC: 24/04/2013 - 21:52:56 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Defaults.xml [2228725] O61 - LFC: 24/04/2013 - 21:52:56 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\scannedFolders3.bin [17502] O61 - LFC: 24/04/2013 - 21:52:57 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\ContentManager.xml [63657] O61 - LFC: 24/04/2013 - 21:52:57 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Cubase Module Cache.xml [133962] O61 - LFC: 24/04/2013 - 21:52:57 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\VstPlugInfoV2.xml [46511] O61 - LFC: 24/04/2013 - 21:52:57 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\VstPresetCompatibilityPlugInfo.xml [6294] O61 - LFC: 24/04/2013 - 21:53:01 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Frame.xml [272] O61 - LFC: 25/04/2013 - 08:54:03 ---A- C:\Users\MichelD\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163] O61 - LFC: 25/04/2013 - 09:11:34 ---A- C:\Users\MichelD\AppData\Roaming\eIntaller\BF2F71D6B141430b8F06B109D1DEBAE6\eXQ.exe [691256] O61 - LFC: 25/04/2013 - 09:13:34 ---A- C:\Users\MichelD\AppData\Roaming\eIntaller\BF2F71D6B141430b8F06B109D1DEBAE6\eGdpSvc.exe [969280] O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\internal_files.lst [274] O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\maindata.sys [1113] O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\treeobj.gdat [487] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\Desktop.gdat [8076] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\index.gix [1424164] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\mydoc.gdat [1585760] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\regsitry.gdat [214] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\wincontacts.gdat [264] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\winmail.gdat [20132] O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\winsettings.gdat [48090] O61 - LFC: 25/04/2013 - 10:10:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\JobSettings.dat [2397] O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Data\backupStatus.dat [4730] O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\log_backup.bin [54595] O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\log_backup.html [26750] O61 - LFC: 25/04/2013 - 13:05:49 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Local State [31226] ~ 64 Fichiers temporaires (Temporary files) ~ 2 Fichiers cookies (Cookies files) ~ Files: 322 Legitimates Filtered in 06mn 34s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe Qvo6.com =>Hijacker.Qvo6 O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe" Qvo6.com =>Hijacker.Qvo6 O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe Qvo6.com =>Hijacker.Qvo6 ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("browser.newtab.url", "http://search.babylon.com/?affID=114022&tt=3212_5&babsrc=NT_ss&mntrId=633cab74000000000000061e2a4'>http://search.babylon.com/?affID=114022&tt=3212_5&babsrc=NT_ss&mntrId=633cab74000000000000061e2a4[...] =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.id", "633cab74000000000000061e2a4b185f"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.instlDay", "15560"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114022&tt=3212_5"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=114022&tt=3212_5&babsrc=NT_ss&mntrId=633cab74[...] =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.615:54:03"); =>Toolbar.Babylon O69 - SBI: prefs.js [MichelD - p2s2qu9t.default] user_pref("keyword.URL", "http://search.babylon.com/?affID=114022&tt=3212_5&babsrc=KW_ss&mntrId=633cab74000000000000061e2a4b185f&q[...] =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - Babylon Search =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - Qvo6.com =>Hijacker.Qvo6 O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.CC962A92841E5AA865DFBDB7F733F06E] [sPRF][24/03/2013] (...) -- C:\ProgramData\NTUSER.dat [262144] [MD5.CB0107FDE27B05772F79977D05DEFA6E] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\mlv_ar_qvo6.exe [93776] =>Hijacker.Qvo6 [MD5.F257C2C04DFDC84D506BA85D2F33C738] [sPRF][19/02/2011] (.Genie-soft - Genie Timeline.) -- C:\Users\MichelD\Desktop\GenieTimelineSetupPro.exe [169325096] [MD5.FD0675CA67B9C62DA0C248A7ECD9FB9E] [sPRF][08/08/2012] (.ManiacTools.com - Free M4a to MP3 Converter Setup.) -- C:\Users\MichelD\Desktop\m4a-to-mp3-converter.exe [5922048] [MD5.47AFEAEFD72C146BF261EEE7EFEDC96A] [sPRF][25/10/2008] (.Macrovision Corporation - Setup.exe.) -- C:\Users\MichelD\Desktop\PSPP12_Corel_Retail_PF_EN_IE_FR_DE_ES_IT_NL_ESD.exe [343592608] ~ Files: Scanned in 00mn 09s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{DAC0C5EC-1933-4AEF-AC03-2CC00E925B3E}" | In - None - P17 - TRUE | .(.Steinberg Media Technologies - Application.) -- E:\Program Files (x86)\Steinberg\VST Connect SE Performer\VST Connect SE Performer.exe O87 - FAEL: "{7461D0CA-0E92-4FF2-A58B-06310F781B01}" | In - None - P17 - TRUE | .(.Steinberg Media Technologies - Cubase 7.) -- E:\Program Files\Steinberg\Cubase 7\Cubase7.exe ~ Firewall: 228 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11707 - (24/04/2013) Clés trouvées (Keys found) : 99 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 8 Fichiers trouvés (Files found) : 2 [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\b] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd.1] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore.1] =>Toolbar.Babylon [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\esrv.BabylonESrvc] =>Toolbar.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc.1] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\bProtector] =>PUP.BProtector [HKLM\Software\Wow6432Node\bProtector] =>PUP.BProtector [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}] =>Toolbar.Babylon [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\Wow6432Node\qvo6Software] =>Hijacker.Qvo6 [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon C:\Program Files (x86)\Desk 365 =>Hijacker.22find C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\InstallBrainService =>PUP.InstallBrain C:\Users\MichelD\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\MichelD\AppData\Roaming\BabylonToolbar =>Toolbar.Babylon C:\Users\MichelD\AppData\Local\Temp\Desk365 =>Hijacker.22find C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bprotector_extensions.sqlite =>PUP.BProtector C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\bprotector_prefs.js =>PUP.BProtector ~ Additionnel Scan: 300587 Items scanned in 00mn 51s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 31/10/2012 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 11/06/2011 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe SR - | Auto 23/02/2009 307200 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe SS - | Auto 19/07/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/07/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 28/10/2010 357456 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 4901888 | (NVIDIA Performance Driver Service) . (...) - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 177704 | (ProtexisLicensing) . (...) - C:\Windows\SysWOW64\PSIService.exe SR - | Auto 02/04/2013 1124184 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 31/01/2013 2402080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by MichelD at 25/04/2013 14:24:17 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by MichelD at 25/04/2013 14:24:19 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1751 Legitimates filtered by white list End of the scan (745 lines in 19mn 26s)(0)
  15. MichelD33
    Désolé, mais je n'arrive pas à scinder en 2 le fichier et à le poster à l'aide de pjoint...avez vous une combine...?
  16. MichelD33
    Merci pour votre réponse. En cliquant sur envoyer, j'ai le message suivant : "Possible Spam détecté, le copier/coller ne sera pas pris en compte comme dépot" Comment puis-je vous l'envoyer ?
  17. MichelD33
    Bonjour à tous, Ce matin, en téléchargeant le logiciel "myshare samsung", j'ai un logiciel malveillant qui c'est invité et qui modifie ma page d'accueil Google chrome en Qvo6. J'ai lu sur le forum que des solutions existent pour l'éradiquer et j'ai donc téléchargé ZHPDiag et ses accessoires. J'ai fait un diagnostic et j'aimerai un peu d'aide pour me débarrasser de l'importun. Je peste contre Kaspersky qui l'a laissé entré. Merci d'avance
×
×
  • Créer...