Script ZHPFix EmptyPrefetch FirewallRaz PROXYFix EmptyTemp EmptyFlash EmptyClsid SysRestore [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application O1 - Hosts: 74.208.10.249 gs.apple.com [MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles O42 - Logiciel: Bubble Dock (remove only) - (.Nosibay.) [HKCU][64Bits] -- Bubble Dock =>PUP.BubbleDock [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V10_fr_Setup_RASAPI32 =>PUP.iMesh HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V10_fr_Setup_RASMANCS =>PUP.iMesh [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock] =>PUP.BubbleDock^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^ [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^ [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^ O51 - MPSK:{b0af3540-f4b3-11df-a6e5-806e6f6e6963}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.) [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"= O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 G2 - GCE: Preference [User Data\Default] [biahaobfpkgeiomkihcdgknebbhadonc] 01NET.com V1 v.10.20.1.8, (Désactivé) O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline [HKCU\Software\YahooPartnerToolbar] O43 - CFD: 01/10/2013 - 12:04:46 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 13/10/2013 - 20:47:45 - [] ----D C:\Users\Alain-Sylvie\AppData\Local\CRE O69 - SBI: SearchScopes [HKCU] 9DA580E66FE64196ACDD5133BEB846D1 [DefaultScope] - (01NET.com V1 Customized Web Search) - http://search.conduit.com HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] [HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS] [HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32]