



Script ZHPFix
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  =>Hijacker.Application
M3 - MFPP: Plugins - [Gerard] -- C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\o1rk4fld.default-1371304376015\searchplugins\Mysearchdial.xml  =>Adware.MyWebSearch
M3 - MFR0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com  =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com  =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com  =>Adware.MyWebSearch
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877   =>Hijacker.Proxy
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
[MD5.00000000000000000000000000000000] [APT] [CLMLSvc] (...) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [DVDAgent] (...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Gerard\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.)   [0]  =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-1468545578-3278257766-1571490070-1001] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-1468545578-3278257766-1571490070-1001] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4E592180-EC3D-4B3F-90CE-D2F0436377AD}] (...) -- C:\Users\Gerard\Downloads\PoiEdit2007-2-FRA.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{70ABAE2C-EF27-4F9C-95B8-A60BA96D9681}] (...) -- C:\Users\Gerard\Downloads\GoogleCalendarSync_Installer.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{7EF73935-8765-45B1-8665-5362A90E89CD}] (...) -- C:\Users\Gerard\Downloads\logitech_logitech_quickcam_10.5.1_build_2029b_3861.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{8B795836-CD26-42A4-92A7-35145E3C3166}] (...) -- C:\Users\Gerard\Downloads\PoiEdit_2007.2_7781.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{98A5F69E-02E1-4B81-A0C9-14C9A5D459E1}] (...) -- C:\Users\Gerard\Downloads\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_ex_kerio_4.6.1861_francais_11071(2).exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{CA0EB3D5-E025-4343-BC87-7E63E7F19E7E}] (...) -- C:\Users\Gerard\Documents\CD Installation\Epson 2480\EPSetup.exe (.not file.)   [0]O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job   [296]  =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [{F399EC3D-1A37-4844-B9D2-70C59DCB24BC}] (...) -- C:\Users\Gerard\AppData\Roaming\GeneWeb-6.07\gw\gwsetup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{FDA6ADAD-FD40-4653-93B9-ECD2BFD31815}] (...) -- C:\Users\Gerard\Documents\Setup\genealogie-logiciel\heredis10\Heredis Pro 10.1 - Crack.exe (.not file.)   [0]
O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job   [296]  =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial   [296]  =>Adware.MyWebSearch
[HKCU\Software\ForumerIT]  =>Toolbar.Forumer
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\Norton]
[HKCU\Software\mysearchdial.com]  =>Adware.MyWebSearch
[HKCU\Software\sysTPL]
[HKLM\Software\EnigmaSoftwareGroup]
O43 - CFD: 21/11/2013 - 10:00:59 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 27/10/2010 - 21:09:00 - [] ----D C:\ProgramData\Norton
O43 - CFD: 15/04/2014 - 20:20:56 - [] ----D C:\Program Files (x86)\sysTPL
O43 - CFD: 13/08/2010 - 10:51:20 - [] ----D C:\ProgramData\NortonInstaller
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("browser.search.order.1", "Mysearchdial");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.AL", 2);  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.aflt", "ir_14_11_ff");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyC0CyCtByC0DtDtDyB0CyEyDyC0EzyyBtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDt[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.cntry", "FR");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.cr", "645560570");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.dfltLng", "");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.dfltSrch", true);  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.dnsErr", true);  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.excTlbr", false);  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.hdrMd5", "0995C690E5A0023B1DF361BC1B8991C6");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.hmpg", true);  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DtDtD[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.id", "6C626D007C456E97");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.instlDay", "16143");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.instlRef", "140305_b");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.lastB", "http://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DtDtDyB[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.014:27:39");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DtD[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.prdct", "mysearchdial");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.sg", "none");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.tlbrId", "base");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D[...]  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial_i.newTab", false);  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial_i.smplGrp", "none");  =>Adware.MyWebSearch
O69 - SBI: prefs.js [Gerard - o1rk4fld.default-1371304376015] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:27:39");  =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {ACA88F5E-8F8E-4637-97E9-A16547B4A3EF} - (Ask Search) - http://websearch.ask.com  =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32  =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS  =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32  =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS  =>Adware.PredictAd
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\kujytuo_RASAPI32  =>Virus.Kujytuo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\kujytuo_RASMANCS  =>Virus.Kujytuo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASAPI32  =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASMANCS  =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32  =>PUP.Dealio
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS  =>PUP.Dealio
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32  =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS  =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASAPI32  =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASMANCS  =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-10D4_RASAPI32  =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-10D4_RASMANCS  =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application   =>Hijacker.Agent
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF]   =>PUP.Dealio
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc]   =>PUP.eSafeSecurity
[HKLM\Software\Classes\esrv.mysearchdialESrvc]   =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1]   =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc]   =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1]   =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
C:\Users\Gerard\AppData\Local\Software   =>Adware.Boxore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified   =>Hijacker.Application^
C:\Windows\Tasks\MySearchDial.job   =>Adware.MyWebSearch^
C:\Windows\System32\Tasks\MySearchDial   =>Adware.MyWebSearch^
[HKCU\Software\ForumerIT]   =>Toolbar.Forumer^
[HKCU\Software\mysearchdial.com]   =>Adware.MyWebSearch^
C:\Users\Gerard\AppData\Local\Temp\nsa7DBC.exe  =>Toolbar.Conduit
C:\Users\Gerard\AppData\Local\Temp\nsbA436.exe  =>Toolbar.Conduit
C:\Users\Gerard\AppData\Local\Temp\nsh1344.exe  =>Toolbar.Conduit
C:\Users\Gerard\AppData\Local\Temp\nsr230D.exe  =>Toolbar.Conduit
C:\Users\Gerard\AppData\Local\Temp\nsr9161.exe  =>Toolbar.Conduit
C:\Users\Gerard\AppData\Local\Temp\nsrB4BB.exe  =>Toolbar.Conduit
C:\Users\Gerard\AppData\Local\Temp\nsw290.exe  =>Toolbar.Conduit
FirewallRaz
EmptyFlash
Emptytemp
ShortcutFix