Script ZHPFix G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [jfhbklndhffnahdploecdffbedhgjnce] Vonteera Safe ads v.1.7.1 (Activé) =>Trojan.Vonteera G2 - GCE: Preference [User Data\Default] [lcnnhcneegeeojhgpfijnlnocjdmlaon] Value apps v.1.7.0.2, (Activé) =>Toolbar.Conduit R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,C:\Program Files\aSkGSMkg1fÍêÎhcchkolb.exe\hcchkolb.exe, O4 - GS\Desktop [Sarah]: Sync Folder.lnk . (...) -- C:\Program Files\MyPC Backup\MyPC Backup.exe (.not file.) =>PUP.MyPCBackup O4 - HKCU\..\Run: [urlspace] . (.???? - ????.) -- C:\Users\Sarah\AppData\Local\Temp\Rar$EXa0.906\jingling.exe O4 - HKCU\..\Run: [xdm] C:\Users\Sarah\AppData\Local\XDM\xdm.exe (.not file.) O4 - HKUS\S-1-5-21-3378345410-2053796844-1416534942-1000\..\Run: [urlspace] . (.???? - ????.) -- C:\Users\Sarah\AppData\Local\Temp\Rar$EXa0.906\jingling.exe O4 - HKUS\S-1-5-21-3378345410-2053796844-1416534942-1000\..\Run: [xdm] C:\Users\Sarah\AppData\Local\XDM\xdm.exe (.not file.) O9 - Extra button: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} -- C:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll (.not file.) =>Spyware.WinToFlash O20 - AppInit_DLLs: . (...) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (.not file.) =>Toolbar.Conduit [MD5.00000000000000000000000000000000] [APT] [{988842BB-31DA-4EA5-B573-C14146D42AF9}] (...) -- F:\RECYCLER\S-1-5-11-1377250243-6882882407-436105280-8774\ligZNHiH.cpl (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B20836D3-4EF4-4387-B4DF-E4C124DD5619}] (...) -- C:\Users\Sarah\Documents\FIFA 08\Fifa 08 startimes.com.iljocker(PC-RIP)\Setup.exe (.not file.) [0] O41 - Driver: (wStLibG) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG.sys O42 - Logiciel: Mega Browse - (.Mega Browse.) [HKLM] -- Mega Browse O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit O42 - Logiciel: WinToFlash Suggestor - (.Think Tank Labs, LLC.) [HKLM] -- WinToFlash Suggestor =>Spyware.WinToFlash [HKCU\Software\Mega Browse] [HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera [HKLM\Software\InstallMate] [HKLM\Software\mamverifier] O43 - CFD: 05/04/2014 - 14:33:37 - [1.212] ----D C:\Program Files\Mega Browse O43 - CFD: 26/03/2014 - 11:36:22 - [2.083] ----D C:\ProgramData\InstallMate =>PUP.Tarma O44 - LFC:[MD5.2258346DB7A33CAAA85F26D9154CC04D] - 05/04/2014 - 11:50:50 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG.sys [52928] O44 - LFC:[MD5.7450C5524D479A55D790C2BF6FA92397] - 26/03/2014 - 11:36:27 ----- . (...) -- C:\Windows\System32\ogg.dll [24576] O44 - LFC:[MD5.82D58FC961DDF0EC5C61CDC0C3F14FE6] - 26/03/2014 - 11:36:27 ----- . (.Pas de propriétaire - vbzlib data compression library.) -- C:\Windows\System32\vbzlib1.dll [73728] O58 - SDL:[MD5.2258346DB7A33CAAA85F26D9154CC04D] - 05/04/2014 - 11:50:50 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG.sys [52928] O64 - Services: CurCS - 05/04/2014 - C:\Windows\System32\drivers\wStLibG.sys (wStLibG) .(.StdLib - StdLib.) - LEGACY_WSTLIBG O87 - FAEL: "{816EE57C-A81A-4B1D-B6DF-F1B0A4DE7B9A}" | In - Public - P6 - TRUE | .(.???? - ????.) -- C:\Users\Sarah\AppData\Local\Temp\Rar$EXa0.906\jingling.exe O87 - FAEL: "{B8F1C691-F9EE-4E00-A2CE-3533F5039D1F}" | In - Public - P17 - TRUE | .(.???? - ????.) -- C:\Users\Sarah\AppData\Local\Temp\Rar$EXa0.906\jingling.exe [HKLM\Software\Google\Chrome\Extensions\jfhbklndhffnahdploecdffbedhgjnce] =>Trojan.Vonteera^ [HKLM\Software\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon] =>Toolbar.Conduit^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinToFlash Suggestor] =>Spyware.WinToFlash^ [HKCU\Software\AppDataLow\Software\WinToFlash Suggestor] =>Spyware.WinToFlash C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce =>Trojan.Vonteera^ C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon =>Toolbar.Conduit^ C:\ProgramData\InstallMate =>PUP.Tarma^ [HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera^ EmptyFlash EmptyTemp EmptyClsid FirewallRaz Proxyfix SysRestore