Script ZHPFix EmptyPrefetch FirewallRaz PROXYFix EmptyTemp EmptyFlash EmptyClsid SysRestore [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow M2 - MFEP: Extension [Utilisateur - 219tnzeo.default] {55dce8ba-9dec-4013-937e-adbf9317d990} M2 - MFEP: Extension [Utilisateur - 3kddhap9.default-1353620243249] {55dce8ba-9dec-4013-937e-adbf9317d990} M2 - MFEP: Extension [Utilisateur - ukeh6bm2.default-1358150954076] {55dce8ba-9dec-4013-937e-adbf9317d990} M2 - MFEP: Extension [Utilisateur - xymef0da.default-1413660484510] {55dce8ba-9dec-4013-937e-adbf9317d990} M2 - MFEP: Extension [Utilisateur - zwa8oxgq.default-1405790007734] {55dce8ba-9dec-4013-937e-adbf9317d990} O4 - GS\Desktop [Utilisateur]: MediaGet.lnk . (...) -- C:\Users\Utilisateur\AppData\Local\MediaGet2\mediaget.exe (.not file.) =>PUP.MediaGet O39 - APT: - (..) -- C:\Windows\Tasks\Coupons-shopping 0.2-firefoxinstaller.job [2366] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\Coupons-shopping 0.2-firefoxinstaller [2366] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\Tasks\Gooclic_fr 0.1-chromeinstaller.job [3096] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\Gooclic_fr 0.1-chromeinstaller [3096] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\Tasks\Gooclic_fr 0.1-enabler.job [1352] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\Gooclic_fr 0.1-enabler [1352] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\Tasks\Gooclic_fr 0.1-firefoxinstaller.job [2272] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\Gooclic_fr 0.1-firefoxinstaller [2272] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\Tasks\Gooclic_fr 0.1-updater.job [1518] =>PUP.CrossRider O41 - Driver: (pcwatch) . (...) - C:\Windows\system32\Drivers\pcwatch.sys =>PUP.WebProtect O42 - Logiciel: Web Protect for Windows - (.PC Publishing.) [HKLM] -- wp-dcollect-tgu =>PUP.WebProtect [HKCU\Software\PCTRunner] =>PUP.WebProtect [HKCU\Software\PluginAddon] [HKLM\Software\Browsers+_App#s#-nv] =>PUP.CrossRider [HKLM\Software\Coupons-shopping 0.2] =>PUP.CrossRider [HKLM\Software\Gooclic_fr 0.1] [HKLM\Software\PCTRunner] =>PUP.WebProtect O43 - CFD: 18/10/2014 - 22:23:24 - [] ----D C:\Program Files\Coupons-shopping 0.2 =>PUP.CrossRider O43 - CFD: 31/07/2014 - 10:40:01 - [] ----D C:\Program Files\Deal Keeper =>PUP.DealKeeper O43 - CFD: 17/10/2014 - 11:24:18 - [] ----D C:\Program Files\PCTRunner =>PUP.WebProtect O43 - CFD: 20/10/2014 - 15:22:36 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 20/10/2014 - 15:22:36 - [] ----D C:\Users\Utilisateur\AppData\Roaming\Babylon =>PUP.Babylon O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\pcwatch.sys . (...) -- C:\Windows\System32\Drivers\pcwatch.sys (.not file.) =>PUP.WebProtect O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\pcwatch.sys . (...) -- C:\Windows\System32\Drivers\pcwatch.sys (.not file.) =>PUP.WebProtect O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\pcwatch.sys [20480] =>PUP.WebProtect O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (...) -- Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") =>Broken.OpenCommand O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) =>Broken.OpenCommand [MD5.79E6443F01B4B1C3B957AA38DDD564FF] [WIS][17/07/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\f918617.msi [45056] =>Adware.Boxore HKLM\SOFTWARE\Microsoft\Tracing\20120702IminentSetup_RASAPI32 =>Adware.IMBooster HKLM\SOFTWARE\Microsoft\Tracing\20120702IminentSetup_RASMANCS =>Adware.IMBooster HKLM\SOFTWARE\Microsoft\Tracing\Fortunitas_RASAPI32 =>PUP.Fortunitas HKLM\SOFTWARE\Microsoft\Tracing\Fortunitas_RASMANCS =>PUP.Fortunitas HKLM\SOFTWARE\Microsoft\Tracing\Install_BubbleDock_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Microsoft\Tracing\Install_BubbleDock_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Microsoft\Tracing\mediaget_RASAPI32 =>PUP.MediaGet HKLM\SOFTWARE\Microsoft\Tracing\mediaget_RASMANCS =>PUP.MediaGet HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32 =>Hijacker.TornTV HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS =>Hijacker.TornTV HKLM\SOFTWARE\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch HKLM\SOFTWARE\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch HKLM\SOFTWARE\Microsoft\Tracing\updateFortunitas_RASAPI32 =>PUP.Fortunitas HKLM\SOFTWARE\Microsoft\Tracing\updateFortunitas_RASMANCS =>PUP.Fortunitas HKLM\SOFTWARE\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch HKLM\SOFTWARE\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch HKLM\SOFTWARE\Microsoft\Tracing\utilFortunitas_RASAPI32 =>PUP.Fortunitas HKLM\SOFTWARE\Microsoft\Tracing\utilFortunitas_RASMANCS =>PUP.Fortunitas SS - | Disabled 10/07/1658 0 | (MyOSProtect) . (...) - C:\Program Files\PCTRunner\MyOSProtect.exe =>PUP.WebProtect [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wp-dcollect-tgu] =>PUP.WebProtect^ [HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore [HKLM\Software\Google\Chrome\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb] =>Adware.InstallBrain C:\Program Files\Coupons-shopping 0.2 =>PUP.CrossRider^ C:\Program Files\Deal Keeper =>PUP.DealKeeper^ C:\Program Files\PCTRunner =>PUP.WebProtect^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\Users\Utilisateur\AppData\Roaming\Babylon =>PUP.Babylon^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow^ C:\Windows\Tasks\Coupons-shopping 0.2-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Coupons-shopping 0.2-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Gooclic_fr 0.1-chromeinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Gooclic_fr 0.1-chromeinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Gooclic_fr 0.1-enabler.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Gooclic_fr 0.1-enabler =>PUP.CrossRider^ C:\Windows\Tasks\Gooclic_fr 0.1-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Gooclic_fr 0.1-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Gooclic_fr 0.1-updater.job =>PUP.CrossRider^ [HKCU\Software\PCTRunner] =>PUP.WebProtect^ [HKLM\Software\Browsers+_App#s#-nv] =>PUP.CrossRider^ [HKLM\Software\Coupons-shopping 0.2] =>PUP.CrossRider^ [HKLM\Software\PCTRunner] =>PUP.WebProtect^ Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") =>Broken.OpenCommand^ Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) =>Broken.OpenCommand^ C:\Windows\Installer\f918617.msi =>Adware.Boxore^ M3 - MFPP: Plugins - [Utilisateur] -- C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\219tnzeo.default\searchplugins\lookineo.xml O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1 C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\ukeh6bm2.default-1358150954076\prefs.js (.not file.) C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\zwa8oxgq.default-1405790007734\prefs.js (.not file.) O44 - LFC:[MD5.56EB41F35EA2D3D52A824ABF2A7474E7] - 10/10/2014 - 13:59:43 ---A- . (...) -- C:\Windows\DPINST.LOG [70374] O51 - MPSK:{71be995b-8823-11e3-83fc-a0ff16a122ae}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.) O51 - MPSK:{cab3e28d-409e-11e2-bcc7-b89a02b7bb41}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.) M2 - MFEP: Extension [Utilisateur - 219tnzeo.default] {b8a90375-3b37-4954-86de-f96c458c4ce2} M2 - MFEP: Extension [Utilisateur - 3kddhap9.default-1353620243249] {b8a90375-3b37-4954-86de-f96c458c4ce2} M2 - MFEP: Extension [Utilisateur - ukeh6bm2.default-1358150954076] {b8a90375-3b37-4954-86de-f96c458c4ce2} M2 - MFEP: Extension [Utilisateur - xymef0da.default-1413660484510] {b8a90375-3b37-4954-86de-f96c458c4ce2} M2 - MFEP: Extension [Utilisateur - zwa8oxgq.default-1405790007734] {b8a90375-3b37-4954-86de-f96c458c4ce2} O23 - Service: Tool Manager service (ToolManagerService) . (.Pas de propriétaire - ToolManager.) - C:\Program Files\ToolManager\ToolManager.exe O39 - APT: - (..) -- C:\Windows\Tasks\1146eb7e-f196-496b-b47d-8f0bfe6d30ec-11.job [3796] O42 - Logiciel: Songpress 1.5 - (.Luca Allulli - Skeed.) [HKLM] -- Songpress O42 - Logiciel: VideoMate DVB-T / DAB / ISDBT USB Driver - (...) [HKLM] -- {9B56D73E-CBC7-4499-ACED-9ECCA72AE52C} O42 - Logiciel: VideoMate U600F & J500U Series - (.Compro.) [HKLM] -- {24A43F96-E8A7-4B31-AF65-4F6A6EB221FE} [HKLM\Software\Compro Technology, Inc.] [HKLM\Software\Compro] [HKLM\Software\ba27c46b-5758-41da-8824-93138f4a0d7f] O43 - CFD: 24/11/2012 - 19:12:55 - [] ----D C:\Program Files\Compro O43 - CFD: 12/07/2014 - 10:26:06 - [] ----D C:\Program Files\DM73 O43 - CFD: 02/08/2013 - 13:40:07 - [] ----D C:\Program Files\Songpress O43 - CFD: 27/09/2014 - 08:10:44 - [] ----D C:\Users\Utilisateur\AppData\Roaming\Advanced Cleaner Pro O58 - SDL:04/07/2014 - 17:41:48 ---A- . (...) -- C:\Windows\System32\Drivers\voxaldriverx86.sys [45264] [MD5.ADD164A61F1EB130F7A5C409BB49BA3A] [SPRF][12/07/2014] (.AnalogX, LLC - AnalogX AutoTune Installer.) -- C:\Users\Utilisateur\Desktop\autoi.exe [389912] [MD5.4A3DA7688D7963C8920C7E724160D270] [SPRF][22/09/2012] (...) -- C:\Users\Utilisateur\Desktop\mp3DC213.exe [247053] SS - | Auto 03/12/2013 43024 | (ToolManagerService) . (...) - C:\Program Files\ToolManager\ToolManager.exe O42 - Logiciel: Aff Packages - (...) [HKCU] -- Aff Packages [HKCU\Software\ELIGCHK]