[Résolu] Qvo6

MichelD33 · le 25 avril 2013

Le fichier JRT :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.9 (04.22.2013:1)

OS: Windows 7 Home Premium x64

Ran by MichelD on 25/04/2013 at 17:16:45,20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] browserprotect

Failed to delete: [service] browserprotect

Successfully stopped: [service] supdate

Successfully deleted: [service] supdate

Successfully stopped: [service] wajamupdater

Successfully deleted: [service] wajamupdater

Failed to stop: [service] yontoo desktop updater

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\boxore client

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\clover

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\combroadcaster

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combroadcaster

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\combroadcaster

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\comnetwork

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\comnetwork

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\comnetwork

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\consumer input update

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\consumer input update

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\consumer input update

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\coupon alert

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\coupon alert

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\coupon alert

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p browser plugin loader

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p browser plugin loader

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p browser plugin loader

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p search scope monitor

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p search scope monitor

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\couponalert_2p search scope monitor

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cscrkill

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cscrkill

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cscrkill

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\datamngr

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dealrunner

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dealrunner

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dealrunner

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dhagent

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dhagent

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dhagent

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\displayswitch

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\donkeyup

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\donkeyup

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\donkeyup

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\download beast

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\download beast

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\download beast

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\download-freesoft

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\download-freesoft

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\download-freesoft

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\driver genius

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\driverscanner

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\dw7

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eocalendar

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eocalendar

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eocalendar

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eocomputer

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eocomputer

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eocomputer

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eodesk3d

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eodesk3d

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eodesk3d

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eoengine

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eoengine

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eoengine

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eomap

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eomap

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eomap

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eophoto

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eophoto

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eophoto

Failed to delete: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\eoprogrammetele

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eoprogrammetele

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\eoprogrammetele

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pc speed maximizer

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yontoo desktop

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4063118693-3743606708-3248725021-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\64a6e60055d801f4bb8ac269354b72b8

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\64a6e60055d801f4bb8ac269354b72b8

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\1c875dde39636004ca8cdaec335b4160

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\ba086f2d38a8e1a47912955a68b3ad24

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mime\database\content type\application/x-vnd.software.oneclickctrl.8

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\software.oneclickctrl.8

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.coreclass

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.coreclass.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.ondemandcomclassmachine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softwareupdate.ondemandcomclassmachine.1.0

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Failed to delete: [Folder] "C:\ProgramData\browserprotect"

Successfully deleted: [Folder] "C:\ProgramData\installbrainservice"

Successfully deleted: [Folder] "C:\ProgramData\software"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\babsolution"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\dealply"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\yontoo"

Successfully deleted: [Folder] "C:\Users\MichelD\appdata\local\software"

Successfully deleted: [Folder] "C:\Users\MichelD\appdata\local\wajam"

Successfully deleted: [Folder] "C:\Program Files (x86)\babylontoolbar"

Failed to delete: [Folder] "C:\Program Files (x86)\boxore"

Successfully deleted: [Folder] "C:\Program Files (x86)\dealply"

Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed maximizer"

Successfully deleted: [Folder] "C:\Program Files (x86)\software"

Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"

Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\microsoft\windows\start menu\programs\dealply"

Successfully deleted: [Folder] "C:\Users\MichelD\AppData\Roaming\microsoft\windows\start menu\programs\wajam"

Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{14EDC038-AFF4-4CEB-9821-70211F0903BE}

Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{24CE2913-1F14-46CB-9B92-73EE532A26CA}

Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{3BE49273-6804-4E31-8D5B-3CDF829ED37A}

Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{74885B1F-35F5-4600-B164-E5AA89060B4B}

Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{A29919FC-1EF3-4C31-B178-FC730C0BF28A}

Successfully deleted: [Empty Folder] C:\Users\MichelD\appdata\local\{C9A3D00C-CA33-45FF-A12B-8BC594CF517A}

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\user.js

Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\bprotector_extensions.sqlite

Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\bprotector_prefs.js

Successfully deleted: [File] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\searchplugins\browserprotect.xml

Successfully deleted: [Folder] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\extensions\[email protected]

Successfully deleted: [Folder] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\extensions\jid1-uabu5A9hduqzCw@jetpack

Successfully deleted: [Folder] C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\extensions\[email protected]

Successfully deleted the following from C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=633C061E2A4B185F");

user_pref("browser.search.order.1", "Delta Search");

user_pref("browser.search.selectedEngine", "Delta Search");

user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=633C061E2A4B185F");

Emptied folder: C:\Users\MichelD\AppData\Roaming\mozilla\firefox\profiles\p2s2qu9t.default\minidumps [5 files]

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist

Successfully deleted: [Folder] C:\Users\MichelD\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25/04/2013 at 17:42:28,67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MichelD33 · le 25 avril 2013

1ère partie du dernier fichier :

Rapport de ZHPDiag v2013.4.24.149 par Nicolas Coolman, Update du 24/04/2013

Run by MichelD at 25/04/2013 17:50:45

State : Version à jour.

WhiteList : Enable

High Elevated Privileges : OK

UAC : Deactivate by program

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 10.0

---\\ Windows Product Information

~ Langage: Français

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, RETAIL channel

Windows ID Activation : OK

~ Windows Partial Key : J6VFR

Windows License : OK

~ Windows Remaining Initializations Number : 4

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System Protection

Kaspersky Internet Security 2012 v12.0.0.374

Windows Defender W7

---\\ System Optimizer

---\\ Software Update

Adobe Flash Player 11 Plugin

Adobe Reader X

Java 7 Update 7

---\\ System Information

~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4095 MB (54% free)

System Restore: Activé (Enable)

System drive C: has 32 GB (22%) free of 139 GB

---\\ Logged in mode

~ Computer Name: MICHELD-PC

~ User Name: MichelD

~ All Users Names: MichelD, HomeGroupUser$, Administrateur,

~ Unselected Option: None

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\MichelD\AppData\Roaming\

~ %Desktop% : C:\Users\MichelD\Desktop\

~ %Favorites% : C:\Users\MichelD\Favorites\

~ %LocalAppData% : C:\Users\MichelD\AppData\Local\

~ %StartMenu% : C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 139 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 296 Go of 466 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 308 Go of 466 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 10 Go)

G:\ CD-ROM drive (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Security Center: Scanned in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/6092

~ Mes musiques (My Musics) : 1/1274

~ Mes Videos (My Videos) : 2/9

~ Mes Favoris (My Favorites) : 1/26

~ Mes Documents (My Documents) : 3/2221

~ Mon Bureau (My Desktop) : 1/36

~ Menu demarrer (Programs) : 1/90

~ Hidden Files: Scanned in 00mn 09s

---\\ Processus lancés

[MD5.25306651A6252E8E84CB4B0E73E551AA] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe [2115416] [PID.2160]

[MD5.B77F17EBF26E81208B54DCFAB89778B6] - (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531784] [PID.3752]

[MD5.E986D1068AEF099CA3BE2AEAB4C8D643] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3832]

[MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.2096]

[MD5.37B7E005D70C490D320A4D3A088CC4EE] - (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [606496] [PID.4712] =>Adware.Boxore

[MD5.39CE86DCBAA80CB73EAE4C0DEFC86504] - (.Pas de propriétaire - AnySend User interface.) -- C:\Program Files (x86)\AnySend\AnySendUI.exe [7309392] [PID.6080]

[MD5.2C2F20747085946DE79A713879E09C4E] - (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Users\MichelD\Downloads\JRT.exe [535764] [PID.3816]

[MD5.D9C8DC2D7EC28E3FF25C99EF17C8631A] - (...) -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280] [PID.6680] =>Toolbar.Babylon

[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.972]

[MD5.8ECBD447964D1D003FF0ADAA10AE3376] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6987264] [PID.2020]

[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.928]

[MD5.C4C4736DCE60276E9B0CB0FE3A848586] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184] [PID.384]

[MD5.07BA6D17E66879018B30B6C3F976EBED] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200] [PID.1196]

[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1816]

[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1500]

[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\Windows\SysWOW64\PSIService.exe [177704] [PID.2604]

[MD5.379978BBCCE5B94C8CD0144A0C988C7E] - (.Pas de propriétaire - AnySend Sender Service.) -- C:\Program Files (x86)\AnySend\AnySendSVC.exe [3667024] [PID.2908]

~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Default\Preferences

~ Google Browser: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\MichelD\AppData\Roaming\Mozilla\Firefox\Profiles\p2s2qu9t.default\prefs.js

M3 - MFPP: Plugins - [MichelD] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon

M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\[email protected]] [] DealPly Shopping v2.0 (..) =>PUP.DealPly

M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\{ab91efd4-6975-4081-8552-1b3922ed79e2}] [] HP Detect v1.0.5.1 (..)

P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\MichelD\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ IE Browser: 14 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [Corel Photo Downloader] . (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [GBMPro9Agent] . (.Genie-soft - Genie Backup Agent.) -- C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe

O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O4 - HKLM\..\Wow6432Node\Run: [AnySend User Interface] . (.Pas de propriétaire - AnySend User interface.) -- C:\Program Files (x86)\AnySend\AnySendUI.exe

O4 - HKLM\..\Wow6432Node\RunOnce: [Del1136264] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe

O4 - HKLM\..\Wow6432Node\RunOnce: [Del1173673] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-21-4063118693-3743606708-3248725021-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-4063118693-3743606708-3248725021-1000\..\Run: [GBMPro9Agent] . (.Genie-soft - Genie Backup Agent.) -- C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe

~ Application: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe

O4 - GS\TaskBar: TuneUp Utilities - Interface de démarrage.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe

O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe

O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Programs: Qtrax Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

O4 - GS\QuickLaunch: Corel MediaOne.lnk . (.Corel, Inc. - MediaOne.) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel MediaOne.exe

O4 - GS\QuickLaunch: Corel Paint Shop Pro Photo X2.lnk . (.Corel, Inc. - Paint Shop Pro X2.) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe

O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe

O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe

O4 - GS\SendTo: AnySend.lnk . (...) -- C:\Program Files (x86)\AnySend\AnySendUI.exe

O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe

O4 - GS\Desktop: Cubase 6 64bit.lnk . (.Steinberg Media Technologies - Cubase 6.) -- E:\Cubase6\Cubase6.exe

O4 - GS\Desktop: Cubase 7 64bit.lnk . (.Steinberg Media Technologies - Cubase 7.) -- E:\Program Files\Steinberg\Cubase 7\Cubase7.exe

O4 - GS\Desktop: Disque amovible (I) - Raccourci.lnk . (...) -- I:\

O4 - GS\Desktop: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe

O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\MichelD\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop: livetrader - Raccourci.lnk . (...) -- C:\Users\MichelD\Downloads\livetrader.jnlp

O4 - GS\Desktop: Mes Oeuvres - Raccourci.lnk . (...) -- D:\iTunes\Music\Michel Dasré\Mes Oeuvres

O4 - GS\Desktop: My Music Tools.lnk . (...) -- C:\Program Files (x86)\Free M4a to MP3 Converter\mymusictools.url

O4 - GS\Desktop: Numérisations.lnk . (...) -- C:\Users\MichelD\Documents\Numérisations

O4 - GS\Desktop: PC Speed Maximizer.lnk . (...) -- C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe (.not file.)

O4 - GS\Desktop: Qtrax Player.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

O4 - GS\Desktop: SIW.lnk . (.Topala Software Solutions - System Information.) -- C:\Program Files (x86)\SIW\siw.exe

O4 - GS\Desktop: Solitaire.lnk - Clé orpheline

O4 - GS\Desktop: Vider le presse papier.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe

O4 - GS\Desktop: VST Connect SE Performer.lnk . (.Steinberg Media Technologies - Application.) -- E:\Program Files (x86)\Steinberg\VST Connect SE Performer\VST Connect SE Performer.exe

~ Global Startup: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Clavier &virtuel [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico

O9 - Extra button: Analyse des &liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{66F62AAB-3FD8-41FE-8C19-5B10517765D1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll

O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: AnySend (AnySendService) . (.Pas de propriétaire - AnySend Sender Service.) - C:\Program Files (x86)\AnySend\AnySendSVC.exe

O23 - Service: NVIDIA Performance Driver Service (NVIDIA Performance Driver Service) . (.Pas de propriétaire - NVIDIA Performance Driver Service.) - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: Yontoo Desktop Updater (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (.not file.) =>PUP.Yontoo

~ Services: 13 Legitimates Filtered in 00mn 30s

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DSite.job [294]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Michel wirelessspace-Différentiel.job [516]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Michel wirelessspace-Plein.job [516]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Sauvegarde MD-Différentiel.job [502]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBM - Sauvegarde MD-Plein.job [502]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1084]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1088]

[MD5.2C7532CCB6B383375E42B8B7B65700E3] [APT] [AnySendUpdate] (.AnySend.com.) -- C:\Program Files (x86)\AnySend\AnySendUpdater.exe [164512]

[MD5.2C7532CCB6B383375E42B8B7B65700E3] [APT] [AnySendUpdateLogin] (.AnySend.com.) -- C:\Program Files (x86)\AnySend\AnySendUpdater.exe [164512]

[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\MichelD\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly

[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly

[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [EPUpdater] (...) -- C:\Users\MichelD\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe (.not file.) [0]

[MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Michel wirelessspace-Diff‚rentiel] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520]

[MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Michel wirelessspace-Plein] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520]

[MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Sauvegarde MD-Diff‚rentiel] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520]

[MD5.4DDB69AAA25A997BF71CAB0490455234] [APT] [GBM - Sauvegarde MD-Plein] (.Genie9.) -- C:\Program Files\Genie9\Genie Backup Manager\GBM.exe [3858520]

[MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0]

[MD5.43F7AD90C977B059FB0E4D94AFBBEA53] [APT] [{4A4D08F9-95C8-405E-AB0D-87238DE3FF34}] (.M-Audio.) -- D:\Restauration\C\Program Files\M-Audio\Fast Track Pro\FTPInstl.exe [28672]

~ Scheduled Task: 39 Legitimates Filtered in 00mn 05s

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (RapportEI64) . (.Trusteer Ltd. - RapportEI.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

O41 - Driver: (RapportPG64) . (.Trusteer Ltd. - RapportPG64.) - C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

~ Drivers: 81 Legitimates Filtered in 00mn 01s

---\\ Logiciels installés (O42)

O42 - Logiciel: Any Send Packages - (...) [HKCU][64Bits] -- Any Send Packages

O42 - Logiciel: Any Send Packages 80 - (...) [HKCU][64Bits] -- Any Send Packages 80

O42 - Logiciel: Babylon toolbar - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>Toolbar.Babylon

O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071} =>Adware.Boxore

O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon

O42 - Logiciel: Ciel Comptes Personnels 9.0 - (.Ciel.) [HKLM][64Bits] -- {AEE86F74-2EF1-49F2-8739-CC0A94688639}

O42 - Logiciel: DealPly (remove only) - (.DealPly Technologies Ltd..) [HKLM][64Bits] -- DealPly =>PUP.DealPly

O42 - Logiciel: DealPly - (...) [HKCU][64Bits] -- DealPly =>PUP.DealPly

O42 - Logiciel: Fortuneo LIVE TRADER - (.Ariane Software.) [HKCU][64Bits] -- Fortuneo LIVE TRADER

O42 - Logiciel: Officejet Pro 8500 A909 Series - (.HP.) [HKLM][64Bits] -- {D850BEF5-67AF-4071-9538-FA9AC725D62C}

O42 - Logiciel: Update for Any Send - (...) [HKCU][64Bits] -- DSite

O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>Toolbar.Wajam

O42 - Logiciel: Yontoo 2.052 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>PUP.Yontoo

O42 - Logiciel: eLicenser Control - (.Steinberg Media Technologies GmbH.) [HKLM][64Bits] -- eLicenser Control

O42 - Logiciel: mySongBook Player - (.Arobas Music.) [HKLM][64Bits] -- {42F6B687-F7B1-41A8-87CB-043FBBE4621D}_is1

~ Logic: 170 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\5d5dd8ae56eeb45]

[HKCU\Software\DataMngr] =>PUP.Datamngr

[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr

[HKCU\Software\InstallCore] =>PUP.InstallCore

[HKLM\Software\SampleShellExtnesion]

[HKLM\Software\Tarma Installer] =>Toolbar.Tarma

[HKLM\Software\Wow6432Node\5d5dd8ae56eeb45]

[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore

[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr

~ Key Software: 199 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 25/04/2013 - 17:01:36 - [0,578] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore

O43 - CFD: 28/03/2013 - 08:41:55 - [14,985] ----D C:\Program Files (x86)\eLicenser

O43 - CFD: 25/04/2013 - 17:02:51 - [7,800] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon

O43 - CFD: 07/12/2012 - 19:01:25 - [55,981] ----D C:\ProgramData\eLicenser

O43 - CFD: 19/10/2012 - 22:51:03 - [0] ----D C:\ProgramData\mySongBook Player

O43 - CFD: 25/04/2013 - 17:04:37 - [1,063] ----D C:\Users\MichelD\AppData\Roaming\Any Send Packages

O43 - CFD: 17/05/2011 - 15:43:14 - [91,799] ----D C:\Users\MichelD\AppData\Roaming\Fortuneo

O43 - CFD: 19/10/2012 - 22:51:07 - [0,019] ----D C:\Users\MichelD\AppData\Roaming\mySongBook Player

O43 - CFD: 28/03/2013 - 08:42:13 - [1,319] ----D C:\Users\MichelD\AppData\Roaming\VST XMLs

O43 - CFD: 09/03/2011 - 18:25:10 - [0,000] ----D C:\Users\MichelD\AppData\Local\eLicenser

O43 - CFD: 25/04/2013 - 17:06:54 - [0,002] ----D C:\Users\MichelD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX

~ Program Folder: 199 Legitimates Filtered in 00mn 23s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.DD5886554BD01EEC7AF7AB9B5E04DC8F] - 25/04/2013 - 15:51:26 ---A- . (...) -- C:\Windows\ntbtlog.txt [8785950]

O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 ---A- . (...) -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616]

O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 ---A- . (...) -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616]

O44 - LFC:[MD5.E35456656EEC2B2B78DE504164839C00] - 25/04/2013 - 15:29:05 ---A- . (...) -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [788]

O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 RSHAD . (...) -- C:\Windows\System32\BMXState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616]

O44 - LFC:[MD5.6CE4F49D6A25B6DA4B55906B72A0B7CD] - 25/04/2013 - 15:29:05 RSHAD . (...) -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [61616]

O44 - LFC:[MD5.E35456656EEC2B2B78DE504164839C00] - 25/04/2013 - 15:29:05 RSHAD . (...) -- C:\Windows\System32\DVCState-{00000001-00000000-00000004-00001102-00000005-60031102}.rfx [788]

~ Files: 71 Legitimates Filtered in 00mn 20s

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:[MD5.76B8F23E01D0264E65B52DF863C20D73] - 24/04/2013 - 08:40:46 ---A- - C:\Windows\Prefetch\IECACHEWININETLDR.EXE-38A7F315.pf

O45 - LFCP:[MD5.B225D014736335943DA709FF4483BF8E] - 24/04/2013 - 13:16:41 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-5427B272.pf

O45 - LFCP:[MD5.F1E95CA42DCB67ACB74B0C6011178A16] - 25/04/2013 - 09:10:44 ---A- - C:\Windows\Prefetch\MLV_AR_QVO6.EXE-244DCF5E.pf =>Hijacker.Qvo6

O45 - LFCP:[MD5.7903F21F32962275414C2F25A87AC9B8] - 25/04/2013 - 09:11:55 ---A- - C:\Windows\Prefetch\SAMSUNG-ALLSHARE-WINDOWS-DOWN-46BFF43C.pf

O45 - LFCP:[MD5.3DD8488D0B15C7D5380EC9FB33E876EA] - 25/04/2013 - 09:14:17 ---A- - C:\Windows\Prefetch\EXQ.EXE-31772F9B.pf

O45 - LFCP:[MD5.9B697ED1E4EAF215909EA114942F8851] - 25/04/2013 - 09:14:26 ---A- - C:\Windows\Prefetch\DESK365.EXE-EF050FAE.pf

O45 - LFCP:[MD5.71AB86C076405BD42513D468E25C2ADD] - 25/04/2013 - 09:14:54 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-888160B9.pf

O45 - LFCP:[MD5.D9017C516D319EF33C3067EED1D828F7] - 25/04/2013 - 09:19:11 ---A- - C:\Windows\Prefetch\EDHELPER64.EXE-3463BBCC.pf

O45 - LFCP:[MD5.E8FCB72B5EA59F0FCD26BB4C1EED0C10] - 25/04/2013 - 09:19:13 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-8515B334.pf

O45 - LFCP:[MD5.BB02E73E2228A73E861DE9C924FF7750] - 25/04/2013 - 09:21:33 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6538F154.pf

O45 - LFCP:[MD5.A0E3452DF0B6708A8B84F9FAA5BC987A] - 25/04/2013 - 09:46:05 ---A- - C:\Windows\Prefetch\STARTUPMANAGER.EXE-E7DA45E9.pf

O45 - LFCP:[MD5.6E2207D80803EBEB7F41C40A8A21C7BB] - 25/04/2013 - 09:46:44 ---A- - C:\Windows\Prefetch\PROGRAMDEACTIVATOR.EXE-410663F9.pf

O45 - LFCP:[MD5.075A49A57640FA8B352CA9E9408A49EE] - 25/04/2013 - 10:00:12 ---A- - C:\Windows\Prefetch\GBM.EXE-ACFAFDDD.pf

O45 - LFCP:[MD5.D641D372D3F93BE740F48E54DABDBB41] - 25/04/2013 - 13:23:25 ---A- - C:\Windows\Prefetch\CLIP.EXE-0206BCBB.pf

O45 - LFCP:[MD5.1B9720EDBB5788D4FA975E1A6AC07ED5] - 25/04/2013 - 13:42:04 ---A- - C:\Windows\Prefetch\CUBASE7.EXE-D9AE6297.pf

O45 - LFCP:[MD5.942E8CBA340F5A04631E3C20D10492C8] - 25/04/2013 - 13:42:06 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-821F3DA0.pf

O45 - LFCP:[MD5.51485AB188ABE97F82DF2B8E93B4EF52] - 25/04/2013 - 13:42:24 ---A- - C:\Windows\Prefetch\VIDEODECODE.EXE-DB7BF03E.pf

O45 - LFCP:[MD5.02715D24A0094F5993DE524A4DD88BC2] - 25/04/2013 - 13:42:26 ---A- - C:\Windows\Prefetch\VIDEOPRELOAD.EXE-6DAB722D.pf

O45 - LFCP:[MD5.519C9DAEF0CABCAD6FF5BE5687850CAD] - 25/04/2013 - 13:42:31 ---A- - C:\Windows\Prefetch\VIDEOOUTPUT.EXE-58EC7097.pf

O45 - LFCP:[MD5.7F87E43334BD95F3120A4362A7F3481E] - 25/04/2013 - 15:48:51 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-7EEABF0C.pf

~ Prefetcher: 140 Legitimates Filtered in 00mn 01s

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]

O58 - SDL:[MD5.311A0F828A8B80E790C1F60633D35F05] - 15/03/2011 - 15:55:06 RSH-- . (...) -- C:\Windows\SysWOW64\613320F2CF.sys [88]

~ Drivers: Scanned in 00mn 00s

2ème partie du dernier fichier :

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 22/04/2013 - 08:54:54 ---A- C:\Users\MichelD\AppData\Local\Corel\LastDBFilter.PspCache [64]

O61 - LFC: 22/04/2013 - 08:54:54 ---A- C:\Users\MichelD\AppData\Local\Corel\LastDBTreeSel.PspCache [64]

O61 - LFC: 22/04/2013 - 08:59:19 ----- C:\Users\MichelD\Documents\My PSP Files\Paramètres par défaut\Preset_Crop_ Dernières options appliquées.PspScript [671]

O61 - LFC: 22/04/2013 - 09:15:38 ---A- C:\Users\MichelD\AppData\Local\Corel\ImageDB.db [2161664]

O61 - LFC: 22/04/2013 - 10:09:24 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\index.gix [1422105]

O61 - LFC: 22/04/2013 - 10:09:39 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\log_backup.bin [53969]

O61 - LFC: 22/04/2013 - 10:09:39 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000023\log_backup.html [26756]

O61 - LFC: 22/04/2013 - 13:51:57 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Lead_02.wav [0]

O61 - LFC: 22/04/2013 - 14:34:53 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-05.bak [919071]

O61 - LFC: 22/04/2013 - 14:59:25 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Lead_03.wav [13328928]

O61 - LFC: 22/04/2013 - 14:59:25 ----- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Lead_03.peak [208352]

O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\internal_files.lst [274]

O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\maindata.sys [1113]

O61 - LFC: 23/04/2013 - 10:01:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\treeobj.gdat [487]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\Desktop.gdat [8076]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\index.gix [1423741]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\mydoc.gdat [1585304]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\regsitry.gdat [214]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\wincontacts.gdat [264]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\winmail.gdat [20130]

O61 - LFC: 23/04/2013 - 10:11:40 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\winsettings.gdat [48090]

O61 - LFC: 23/04/2013 - 10:18:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\log_backup.bin [54397]

O61 - LFC: 23/04/2013 - 10:18:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000024\log_backup.html [26752]

O61 - LFC: 23/04/2013 - 14:40:56 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269291]

O61 - LFC: 24/04/2013 - 10:46:26 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\index.gix [1423753]

O61 - LFC: 24/04/2013 - 10:46:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\log_backup.bin [54731]

O61 - LFC: 24/04/2013 - 10:46:41 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000025\log_backup.html [26756]

O61 - LFC: 24/04/2013 - 13:37:17 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-04.bak [919618]

O61 - LFC: 25/04/2013 - 08:54:03 ---A- C:\Users\MichelD\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]

O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\internal_files.lst [274]

O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\maindata.sys [1113]

O61 - LFC: 25/04/2013 - 10:01:33 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\treeobj.gdat [487]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\Desktop.gdat [8076]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\index.gix [1424164]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\mydoc.gdat [1585760]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\regsitry.gdat [214]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\wincontacts.gdat [264]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\winmail.gdat [20132]

O61 - LFC: 25/04/2013 - 10:10:28 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\winsettings.gdat [48090]

O61 - LFC: 25/04/2013 - 10:10:30 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\JobSettings.dat [2397]

O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Data\backupStatus.dat [4730]

O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\log_backup.bin [54595]

O61 - LFC: 25/04/2013 - 10:16:16 ---A- C:\Users\MichelD\AppData\Roaming\Genie-Soft\GBMPro8x64\Jobs\Michel wirelessspace\00000026\log_backup.html [26750]

O61 - LFC: 25/04/2013 - 13:36:32 ---A- C:\Users\MichelD\Documents\ZHPDiag [62267]

O61 - LFC: 25/04/2013 - 13:39:33 ---A- C:\Users\MichelD\Downloads\pjjoint_uploader.exe [333056]

O61 - LFC: 25/04/2013 - 13:42:31 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\mediabay3.db [14004224]

O61 - LFC: 25/04/2013 - 13:45:09 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_03.wav [5278276]

O61 - LFC: 25/04/2013 - 13:45:09 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_03.peak [82560]

O61 - LFC: 25/04/2013 - 13:46:42 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_04.wav [4400672]

O61 - LFC: 25/04/2013 - 13:46:42 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_04.peak [68848]

O61 - LFC: 25/04/2013 - 13:47:12 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_05.wav [888052]

O61 - LFC: 25/04/2013 - 13:47:12 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_05.peak [13960]

O61 - LFC: 25/04/2013 - 13:47:34 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_06.wav [1075956]

O61 - LFC: 25/04/2013 - 13:47:34 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_06.peak [16896]

O61 - LFC: 25/04/2013 - 13:55:23 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_07.wav [3699180]

O61 - LFC: 25/04/2013 - 13:55:23 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_07.peak [57888]

O61 - LFC: 25/04/2013 - 13:58:10 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-03.bak [920871]

O61 - LFC: 25/04/2013 - 14:00:51 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_08.wav [385852]

O61 - LFC: 25/04/2013 - 14:00:51 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_08.peak [6120]

O61 - LFC: 25/04/2013 - 14:01:50 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Guitar (Audio)_09.wav [4249720]

O61 - LFC: 25/04/2013 - 14:01:50 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Guitar (Audio)_09.peak [66488]

O61 - LFC: 25/04/2013 - 14:02:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_02.wav [1573780]

O61 - LFC: 25/04/2013 - 14:02:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_02.peak [24680]

O61 - LFC: 25/04/2013 - 14:02:54 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_03.wav [1588558]

O61 - LFC: 25/04/2013 - 14:02:54 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_03.peak [24912]

O61 - LFC: 25/04/2013 - 14:03:55 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_04.wav [4265540]

O61 - LFC: 25/04/2013 - 14:03:55 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_04.peak [66736]

O61 - LFC: 25/04/2013 - 14:09:17 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_06.wav [4227264]

O61 - LFC: 25/04/2013 - 14:09:17 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_06.peak [66136]

O61 - LFC: 25/04/2013 - 14:12:16 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_07.wav [2079036]

O61 - LFC: 25/04/2013 - 14:12:16 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_07.peak [32576]

O61 - LFC: 25/04/2013 - 14:12:37 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_08.wav [691160]

O61 - LFC: 25/04/2013 - 14:12:37 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_08.peak [10888]

O61 - LFC: 25/04/2013 - 14:12:56 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_09.wav [729120]

O61 - LFC: 25/04/2013 - 14:12:56 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_09.peak [11480]

O61 - LFC: 25/04/2013 - 14:13:26 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_10.wav [1652858]

O61 - LFC: 25/04/2013 - 14:13:26 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_10.peak [25912]

O61 - LFC: 25/04/2013 - 14:13:26 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD-02.bak [995953]

O61 - LFC: 25/04/2013 - 14:14:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_11.wav [4250940]

O61 - LFC: 25/04/2013 - 14:14:24 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_11.peak [66512]

O61 - LFC: 25/04/2013 - 14:14:48 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_12.wav [1077228]

O61 - LFC: 25/04/2013 - 14:14:48 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_12.peak [16920]

O61 - LFC: 25/04/2013 - 14:15:22 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_13.wav [2118900]

O61 - LFC: 25/04/2013 - 14:15:22 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_13.peak [33192]

O61 - LFC: 25/04/2013 - 14:15:41 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_14.wav [776684]

O61 - LFC: 25/04/2013 - 14:15:41 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_14.peak [12224]

O61 - LFC: 25/04/2013 - 14:16:40 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_15.wav [4316476]

O61 - LFC: 25/04/2013 - 14:16:40 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_15.peak [67536]

O61 - LFC: 25/04/2013 - 14:17:00 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_16.wav [736448]

O61 - LFC: 25/04/2013 - 14:17:00 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_16.peak [11592]

O61 - LFC: 25/04/2013 - 14:17:57 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Audio\Copie de Guitar (Audio)_17.wav [3960476]

O61 - LFC: 25/04/2013 - 14:17:57 ---A- C:\Users\MichelD\Documents\Cubase Projects\Creedence-01\Images\Copie de Guitar (Audio)_17.peak [61968]

O61 - LFC: 25/04/2013 - 14:28:27 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD.bak [999989]

O61 - LFC: 25/04/2013 - 15:19:40 ---A- C:\Users\MichelD\Documents\Cubase Projects\Work\Work Blues en La MD.cpr [999985]

O61 - LFC: 25/04/2013 - 15:19:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\External Plugins.xml [79]

O61 - LFC: 25/04/2013 - 15:19:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Midi Devices.bin [13722]

O61 - LFC: 25/04/2013 - 15:19:45 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Quick Controls MIDI.xml [1082]

O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Key Commands.xml [156824]

O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Port Setup.xml [3348]

O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Vst2xBlacklist Cubase.xml [322]

O61 - LFC: 25/04/2013 - 15:19:46 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Vst2xPlugins Cubase.xml [17590]

O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\GuitarLib.xml [73063]

O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\MediaDefaults.xml [178922]

O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Default Font.xml [253]

O61 - LFC: 25/04/2013 - 15:19:47 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Setting Window.xml [154]

O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Edit Modifiers.xml [2224]

O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\Chord Symbols.pxml [3722]

O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\MediaBrowserLocations.pxml [2847]

O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Presets\RAMPresets.xml [15314]

O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Score Custom Palettes.xml [3075]

O61 - LFC: 25/04/2013 - 15:19:48 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Window Layouts.xml [194]

O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\ContentManager.xml [63657]

O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Defaults.xml [2252465]

O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\VstPlugInfoV2.xml [46511]

O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\VstPresetCompatibilityPlugInfo.xml [6294]

O61 - LFC: 25/04/2013 - 15:19:59 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\scannedFolders3.bin [17666]

O61 - LFC: 25/04/2013 - 15:20:00 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Cubase Module Cache.xml [133962]

O61 - LFC: 25/04/2013 - 15:20:03 ---A- C:\Users\MichelD\AppData\Roaming\Steinberg\Cubase 7_64\Frame.xml [272]

O61 - LFC: 25/04/2013 - 15:20:50 ---A- C:\Users\MichelD\Downloads\adwcleaner.exe [619461]

O61 - LFC: 25/04/2013 - 15:40:19 ---A- C:\Users\MichelD\Downloads\AnySendSetup.exe [685624]

O61 - LFC: 25/04/2013 - 16:05:25 ---A- C:\Users\MichelD\AppData\Roaming\AnySend\VidPlays.dat [9]

O61 - LFC: 25/04/2013 - 16:05:43 ---A- C:\Users\MichelD\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [94208]

O61 - LFC: 25/04/2013 - 16:05:46 ---A- C:\Users\MichelD\AppData\Roaming\DSite\UpdateProc\config.dat [111]

O61 - LFC: 25/04/2013 - 16:06:52 R--A- C:\Users\MichelD\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\ARPPRODUCTICON.exe [69632]

O61 - LFC: 25/04/2013 - 16:06:52 R--A- C:\Users\MichelD\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe [49152]

O61 - LFC: 25/04/2013 - 16:07:01 ---A- C:\Users\MichelD\Qtrax\Player\Config.txt [9]

O61 - LFC: 25/04/2013 - 16:11:03 ---A- C:\Users\MichelD\Downloads\File_Extractor_4.exe [1147968]

O61 - LFC: 25/04/2013 - 16:16:16 ---A- C:\Users\MichelD\Downloads\JRT.exe [535764]

O61 - LFC: 25/04/2013 - 16:17:03 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data [81920]

O61 - LFC: 25/04/2013 - 16:17:03 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data [100352]

O61 - LFC: 25/04/2013 - 16:17:03 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data [81920]

O61 - LFC: 25/04/2013 - 16:17:04 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences [32265]

O61 - LFC: 25/04/2013 - 16:17:04 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences [55964]

O61 - LFC: 25/04/2013 - 16:17:04 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Profile 4\Preferences [14369]

O61 - LFC: 25/04/2013 - 16:17:58 ---A- C:\Users\MichelD\Downloads\JRT (1).exe [535764]

O61 - LFC: 25/04/2013 - 16:51:00 ---A- C:\Users\MichelD\AppData\Local\Google\Chrome\User Data\Local State [31204]

O61 - LFC: 25/04/2013 - 16:53:17 ---A- C:\Users\MichelD\AppData\Roaming\AnySend\AnySend.dat [32]

~ 198 Fichiers temporaires (Temporary files)

~ 2 Fichiers cookies (Cookies files)

~ Files: 635 Legitimates Filtered in 02mn 42s

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ ADS: Scanned in 00mn 00s

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - Delta Search =>Toolbar.DeltaSearch

~ Keys: Scanned in 00mn 00s

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.CC962A92841E5AA865DFBDB7F733F06E] [sPRF][24/03/2013] (...) -- C:\ProgramData\NTUSER.dat [262144]

[MD5.E803BB7697898ED5E84C59D80596F19D] [sPRF][25/04/2013] (.AnySend.com - AnySend Setup.) -- C:\Users\MichelD\AppData\Local\Temp\AnySendSetup.exe [15823856]

[MD5.60AE40FDCBBD543C73D6ABEE09F06212] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\etime.dat [10]

[MD5.CB0107FDE27B05772F79977D05DEFA6E] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\mlv_ar_qvo6.exe [93776] =>Hijacker.Qvo6

[MD5.5A8222C703B4A34F2227A652A49A2827] [sPRF][11/03/2011] (.Tarma Software Research Pty Ltd - Tarma® Installer.) -- C:\Users\MichelD\AppData\Local\Temp\up-1A9C.exe [227984] =>Toolbar.Tarma

[MD5.BCFAEE85EC74C624D660EF170D1FCEB5] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\wajam_install.exe [493544] =>Toolbar.Wajam

[MD5.5A8222C703B4A34F2227A652A49A2827] [sPRF][11/03/2011] (.Tarma Software Research Pty Ltd - Tarma® Installer.) -- C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.exe [227984] =>Toolbar.Tarma

[MD5.F257C2C04DFDC84D506BA85D2F33C738] [sPRF][19/02/2011] (.Genie-soft - Genie Timeline.) -- C:\Users\MichelD\Desktop\GenieTimelineSetupPro.exe [169325096]

[MD5.FD0675CA67B9C62DA0C248A7ECD9FB9E] [sPRF][08/08/2012] (.ManiacTools.com - Free M4a to MP3 Converter Setup.) -- C:\Users\MichelD\Desktop\m4a-to-mp3-converter.exe [5922048]

[MD5.47AFEAEFD72C146BF261EEE7EFEDC96A] [sPRF][25/10/2008] (.Macrovision Corporation - Setup.exe.) -- C:\Users\MichelD\Desktop\PSPP12_Corel_Retail_PF_EN_IE_FR_DE_ES_IT_NL_ESD.exe [343592608]

~ Files: Scanned in 00mn 11s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "{DAC0C5EC-1933-4AEF-AC03-2CC00E925B3E}" | In - None - P17 - TRUE | .(.Steinberg Media Technologies - Application.) -- E:\Program Files (x86)\Steinberg\VST Connect SE Performer\VST Connect SE Performer.exe

O87 - FAEL: "{7461D0CA-0E92-4FF2-A58B-06310F781B01}" | In - None - P17 - TRUE | .(.Steinberg Media Technologies - Cubase 7.) -- E:\Program Files\Steinberg\Cubase 7\Cubase7.exe

O87 - FAEL: "{F6FFB485-D9C2-4778-9986-F221B91A9092}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - AnySend Sender Service.) -- C:\Program Files (x86)\AnySend\AnySendSVC.exe

~ Firewall: 229 Legitimates Filtered in 00mn 01s

---\\ Scan Additionnel (O88)

Database Version : v2.11707 - (24/04/2013)

Clés trouvées (Keys found) : 104

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 1

Fichiers trouvés (Files found) : 3

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore

[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =>Toolbar.Wajam

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo

[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo

[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo

[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo

[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam

[HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit

[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam

[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent

[HKLM\Software\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo

[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent

[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.Agent

[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo

[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo

[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo

[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam

[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo

[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent

[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam

[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore

[HKCU\Software\DataMngr] =>Adware.Bandoo

[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo

[HKLM\Software\Tarma Installer] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore

[HKCU\Software\InstallCore] =>Adware.InstallCore

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector

[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch

[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch

[HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}] =>Adware.Boxore

[HKLM\Software\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore

[HKLM\Software\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}] =>PUP.DealPly

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^

C:\Program Files (x86)\Boxore =>Adware.Boxore

C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.exe =>Adware.Yontoo

C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.log =>Adware.Yontoo

C:\Users\MichelD\AppData\Local\Temp\wajam_install.exe =>Toolbar.Wajam

~ Additionnel Scan: 302127 Items scanned in 01mn 10s

---\\ Product Upgrade Codes (O90)

O90 - PUC: "1EAD96AE2CB1DE84BAA9425A8CCA0817" . (.Boxore Client.) -- C:\Windows\Installer\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}\boxore.ico =>Adware.Boxore

~ Update Products: 162 Legitimates Filtered in 00mn 00s

---\\ Random Export Key (O91)

[HKCU\Software\5d5dd8ae56eeb45] =>Toolbar.Babylon^

[HKCU\Software\5d5dd8ae56eeb45]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"

[HKCU\Software\5d5dd8ae56eeb45]:version="2.6.1249.132"

[HKLM\Software\Wow6432Node\5d5dd8ae56eeb45] =>Toolbar.Babylon^

[HKLM\Software\Wow6432Node\5d5dd8ae56eeb45]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"

[HKLM\Software\Wow6432Node\5d5dd8ae56eeb45]:version="2.6.1249.132"

~ Export Key Software: Scanned in 00mn 00s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 3667024 | (AnySendService) . (...) - C:\Program Files (x86)\AnySend\AnySendSVC.exe

SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 31/10/2012 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Disabled 2787280 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon

SS - | Demand 11/06/2011 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

SR - | Auto 23/02/2009 307200 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

SS - | Auto 19/07/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 19/07/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 22/12/2009 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SS - | Demand 28/10/2010 357456 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 4901888 | (NVIDIA Performance Driver Service) . (...) - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 177704 | (ProtexisLicensing) . (...) - C:\Windows\SysWOW64\PSIService.exe

SR - | Auto 02/04/2013 1124184 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 31/01/2013 2402080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe

SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SS - | Auto 0 | (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>PUP.Yontoo

~ Services: Scanned in 00mn 02s

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by MichelD at 25/04/2013 18:03:46

device: opened successfully

user: error reading MBR

Disk trace:

error: Read Descripteur non valide

kernel: error reading MBR

~ MBR: 9 Legitimates Filtered in 00mn 02s

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by MichelD at 25/04/2013 18:03:48

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

~ 2055 Legitimates filtered by white list

End of the scan (820 lines in 13mn 02s)(0)

pear · le 25 avril 2013

Vous devez trouver sur le bureau ou ,sinon, dans le dossier où vous avez installé Zhpdiag ces 3 icônes .

Cliquer sur l'icône Zhpfix

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

pour cela;

Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas

Ctrl+c mettre le tout en mémoire

Ctrl+v pour inscrire le texte dans le Document ou, mieux, en cliquant le bouton Coller le presse papier au milieu,en haut, à gauche[1]

[MD5.37B7E005D70C490D320A4D3A088CC4EE] - (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [606496] [PID.4712] =>

[MD5.D9C8DC2D7EC28E3FF25C99EF17C8631A] - (...) -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280] [PID.6680] => Infection PUP (Toolbar.Babylon)*

M3 - MFPP: Plugins - [MichelD] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml => Infection PUP (Toolbar.Babylon)*

M2 - MFEP: prefs.js [MichelD - p2s2qu9t.default\amo@dealplyshopping.com] [] DealPly Shopping v2.0 (..) => Infection PUP (PUP.DealPly)*

O23 - Service: Yontoo Desktop Updater (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (.not file.) => Infection PUP (Adware.Yontoo)*

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1084] => Infection PUP (Adware.Boxore)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1088] => Infection PUP (Adware.Boxore)

[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\MichelD\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] => Infection PUP (PUP.DealPly)*

[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] => Infection PUP (PUP.DealPly)*

[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] => Infection PUP (Hijacker.22find)*

[MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0] => Infection Diverse (Adware.Boxore)

[MD5.00000000000000000000000000000000] [APT] [softwareUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0] => Infection Diverse (Adware.Boxore)

O42 - Logiciel: Babylon toolbar - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar => Infection PUP (Toolbar.Babylon)*

O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071} => Infection PUP (Adware.Boxore)*

O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} => Infection PUP (Toolbar.Babylon)*

O42 - Logiciel: DealPly (remove only) - (.DealPly Technologies Ltd..) [HKLM][64Bits] -- DealPly => Infection PUP (PUP.DealPly)*

O42 - Logiciel: DealPly - (...) [HKCU][64Bits] -- DealPly => Infection PUP (PUP.DealPly)*

O42 - Logiciel: Yontoo 2.052 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection PUP (Adware.Yontoo)*

[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*

[HKCU\Software\DataMngr_Toolbar] => Infection PUP (PUP.BearShare)*

[HKCU\Software\InstallCore] => Infection PUP (Adware.InstallCore)

[HKLM\Software\Wow6432Node\Boxore] => Infection PUP (Adware.Boxore)*

[HKLM\Software\Wow6432Node\DataMngr] => Infection PUP (PUP.BearShare)*

O43 - CFD: 25/04/2013 - 17:01:36 - [0,578] ----D C:\Program Files (x86)\Boxore => Infection PUP (Adware.Boxore)*

O43 - CFD: 25/04/2013 - 17:02:51 - [7,800] ----D C:\ProgramData\BrowserProtect => Infection PUP (Toolbar.Babylon)*

O45 - LFCP:[MD5.9B697ED1E4EAF215909EA114942F8851] - 25/04/2013 - 09:14:26 ---A- - C:\Windows\Prefetch\DESK365.EXE-EF050FAE.pf => Infection PUP (Hijacker.22find)*

[MD5.5A8222C703B4A34F2227A652A49A2827] [sPRF][11/03/2011] (.Tarma Software Research Pty Ltd - Tarma® Installer.) -- C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.exe [227984] => Infection PUP (Adware.Yontoo)*

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] => Infection Diverse (Adware.Boxore)

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (PUP.ClaroSearch)

[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)

[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)

[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] => Infection PUP (Adware.PredictAd)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] => Infection PUP (Adware.PredictAd)

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] => Infection PUP (Toolbar.Babylon)*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] => Infection PUP (PUP.DealPly)*

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] => Infection PUP (PUP.DealPly)*

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] => Infection PUP (PUP.BProtector)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] => Infection PUP (Toolbar.Babylon)

[HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] => Infection PUP (Adware.Yontoo)*

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] => Infection PUP (Hijacker.22Find)

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}] => Infection PUP (Adware.Boxore)

[HKLM\Software\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] => Infection PUP (Adware.Boxore)

[HKLM\Software\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] => Infection PUP (Adware.Boxore)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] => Infection PUP (Adware.Boxore)

[HKLM\Software\Wow6432Node\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] => Infection PUP (Adware.Boxore)

[HKLM\Software\Wow6432Node\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] => Infection PUP (Adware.Boxore)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] => Infection PUP (Adware.Boxore)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] => Infection PUP (Adware.Boxore)

C:\Program Files (x86)\Boxore => Infection PUP (Adware.Boxore)*

C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.exe => Infection PUP (Adware.Yontoo)*

C:\Users\MichelD\AppData\Local\Temp\yontoo-C4-1028.log => Infection PUP (Adware.Yontoo)*

O90 - PUC: "1EAD96AE2CB1DE84BAA9425A8CCA0817" . (.Boxore Client.) -- C:\Windows\Installer\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}\boxore.ico => Infection PUP (Adware.Boxore)*

[HKCU\Software\5d5dd8ae56eeb45]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)

[HKLM\Software\Wow6432Node\5d5dd8ae56eeb45]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)

SR - | Disabled 2787280 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => Infection PUP (Toolbar.Babylon)*

SS - | Auto 0 | (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe => Infection PUP (Adware.Yontoo)*

O4 - GS\Desktop: Solitaire.lnk - Clé orpheline => Orphean Key not necessary

[MD5.00000000000000000000000000000000] [APT] [EPUpdater] (...) -- C:\Users\MichelD\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe (.not file.) [0] => Fichier absent

O45 - LFCP:[MD5.76B8F23E01D0264E65B52DF863C20D73] - 24/04/2013 - 08:40:46 ---A- - C:\Windows\Prefetch\IECACHEWININETLDR.EXE-38A7F315.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.B225D014736335943DA709FF4483BF8E] - 24/04/2013 - 13:16:41 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-5427B272.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.F1E95CA42DCB67ACB74B0C6011178A16] - 25/04/2013 - 09:10:44 ---A- - C:\Windows\Prefetch\MLV_AR_QVO6.EXE-244DCF5E.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.7903F21F32962275414C2F25A87AC9B8] - 25/04/2013 - 09:11:55 ---A- - C:\Windows\Prefetch\SAMSUNG-ALLSHARE-WINDOWS-DOWN-46BFF43C.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.3DD8488D0B15C7D5380EC9FB33E876EA] - 25/04/2013 - 09:14:17 ---A- - C:\Windows\Prefetch\EXQ.EXE-31772F9B.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.71AB86C076405BD42513D468E25C2ADD] - 25/04/2013 - 09:14:54 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-888160B9.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.D9017C516D319EF33C3067EED1D828F7] - 25/04/2013 - 09:19:11 ---A- - C:\Windows\Prefetch\EDHELPER64.EXE-3463BBCC.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.E8FCB72B5EA59F0FCD26BB4C1EED0C10] - 25/04/2013 - 09:19:13 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-8515B334.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.BB02E73E2228A73E861DE9C924FF7750] - 25/04/2013 - 09:21:33 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6538F154.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.A0E3452DF0B6708A8B84F9FAA5BC987A] - 25/04/2013 - 09:46:05 ---A- - C:\Windows\Prefetch\STARTUPMANAGER.EXE-E7DA45E9.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.6E2207D80803EBEB7F41C40A8A21C7BB] - 25/04/2013 - 09:46:44 ---A- - C:\Windows\Prefetch\PROGRAMDEACTIVATOR.EXE-410663F9.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.075A49A57640FA8B352CA9E9408A49EE] - 25/04/2013 - 10:00:12 ---A- - C:\Windows\Prefetch\GBM.EXE-ACFAFDDD.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.D641D372D3F93BE740F48E54DABDBB41] - 25/04/2013 - 13:23:25 ---A- - C:\Windows\Prefetch\CLIP.EXE-0206BCBB.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.1B9720EDBB5788D4FA975E1A6AC07ED5] - 25/04/2013 - 13:42:04 ---A- - C:\Windows\Prefetch\CUBASE7.EXE-D9AE6297.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.942E8CBA340F5A04631E3C20D10492C8] - 25/04/2013 - 13:42:06 ---A- - C:\Windows\Prefetch\SYNSOPOS.EXE-821F3DA0.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.51485AB188ABE97F82DF2B8E93B4EF52] - 25/04/2013 - 13:42:24 ---A- - C:\Windows\Prefetch\VIDEODECODE.EXE-DB7BF03E.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.02715D24A0094F5993DE524A4DD88BC2] - 25/04/2013 - 13:42:26 ---A- - C:\Windows\Prefetch\VIDEOPRELOAD.EXE-6DAB722D.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.519C9DAEF0CABCAD6FF5BE5687850CAD] - 25/04/2013 - 13:42:31 ---A- - C:\Windows\Prefetch\VIDEOOUTPUT.EXE-58EC7097.pf => Fichier du dossier Prefetcher

O45 - LFCP:[MD5.7F87E43334BD95F3120A4362A7F3481E] - 25/04/2013 - 15:48:51 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-7EEABF0C.pf => Fichier du dossier Prefetcher

O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam => Toolbar.Wajam*

[HKLM\Software\Tarma Installer] => Toolbar.Tarma

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing => Toolbar.Bing

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - Delta Search => Toolbar.DeltaSearch*

[MD5.BCFAEE85EC74C624D660EF170D1FCEB5] [sPRF][25/04/2013] (...) -- C:\Users\MichelD\AppData\Local\Temp\wajam_install.exe [493544] => Toolbar.Wajam*

[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] => Toolbar.Wajam

[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] => Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] => Toolbar.Wajam

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] => Toolbar.Conduit

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] => Toolbar.Conduit

[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] => Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] => Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] => Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] => Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] => Toolbar.Agent

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] => Toolbar.TuneUp

[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] => Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] => Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] => Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] => Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] => Toolbar.Agent

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] => Toolbar.Wajam*

[HKLM\Software\Tarma Installer] => Toolbar.Tarma

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] => Toolbar.Bing

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] => Toolbar.Bing

[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] => Toolbar.DeltaSearch

[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] => Toolbar.DeltaSearch

C:\Users\MichelD\AppData\Local\Temp\wajam_install.exe => Toolbar.Wajam*

EmptyFlash

EmptyTemp

EmptyClsid

FirewallRaz

Proxyfix

Hostfix

SysRestore

Cliquer sur "Go" |2]

Si vous ne voyez pas le boutonGo, cliquez sur le bouton du milieu, en haut, à gauche.[1]

Redémarrer pour achever le nettoyage.

Copier-coller,dans la réponse, le contenu du rapport ZHPFixReport.txt qui s'affiche .

Si besoin; il est enregistré sous C:\ZHP\ZHPFixReport.txt

MichelD33 · le 25 avril 2013

Tout arrive, j'ai réussi à envoyer le fichier par l'adresse email ci-après :

pjjoint.malekal.com - Submit a file

MichelD33 · le 25 avril 2013

TOUT REMARCHE A NOUVEAU ! ! !

Un grand merci pour vos conseils, votre patience et surtout votre compétence.

Bien cordialement.

Dylav · le 25 avril 2013

Bonjour Michel,

Si tu considères que la question est réglée, et sous couvert de pear, n'oublie pas de le signaler en taguant du mot [Résolu] le titre de ton sujet…

[1] En bas du premier message de ton sujet, clique sur [Modifier],

[2] En bas de l'éditeur qui s'ouvre, clique sur [Utiliser l'éditeur complet],

[3] En haut de l'éditeur complet, ajoute [Résolu] au titre de ton sujet,

[4] Clique sur le bouton [Enregistrer le message modifié] pour valider.

Connexion

Pas encore inscrit ?

[Résolu] Qvo6

Messages recommandés

MichelD33

Lien vers le commentaire

Partager sur d’autres sites

MichelD33

Lien vers le commentaire

Partager sur d’autres sites

pear

Lien vers le commentaire

Partager sur d’autres sites

MichelD33

Lien vers le commentaire

Partager sur d’autres sites

MichelD33

Lien vers le commentaire

Partager sur d’autres sites

Dylav

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer