Script ZHPFix EmptyPrefetch FirewallRaz PROXYFix EmptyTemp EmptyFlash EmptyClsid SysRestore G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.1.0 (Désactivé) =>PUP.Funmoods G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] Nouvel onglet v.5.1 (Désactivé) =>Adware.SearchYa O4 - GS\QuickLaunch [NETPLAYERSKZ]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\TaskBar [NETPLAYERSKZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Program [NETPLAYERSKZ]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\SystemTools [NETPLAYERSKZ]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_53] Clé orpheline =>PUP.AgenceExclusive [MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find [MD5.00000000000000000000000000000000] [APT] [DSite] (...) -- C:\Users\NETPLAYERSKZ\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite O39 - APT: DSite - (...) -- C:\Windows\Tasks\DSite.job [306] =>Hijacker.iHaveNet O39 - APT: DSite - (...) -- C:\Windows\System32\Tasks\DSite [306] =>Hijacker.DSite [HKCU\Software\AppDataLow\Software\LyricsWoofer] =>Adware.AddLyrics [HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}] [HKCU\Software\DSiteProducts] =>Hijacker.DSite [HKCU\Software\Duuqu] =>PUP.Duuqu [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix [HKLM\Software\Wow6432Node\TUTO_4PC] =>PUP.AgenceExclusive [HKLM\Software\Wow6432Node\V9] [HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia [HKLM\Software\Wow6432Node\deskSvc] =>Hijacker.22Find O43 - CFD: 02/02/2014 - 14:48:07 - [0] ----D C:\Program Files (x86)\NeWSaverr =>PUP.NewSaver O43 - CFD: 23/05/2014 - 15:15:05 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 30/03/2014 - 06:47:04 - [0] ----D C:\ProgramData\Performancer O43 - CFD: 02/07/2013 - 04:40:22 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 09/11/2012 - 14:59:11 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 07/08/2014 - 13:25:46 - [0] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\DSite =>Hijacker.DSite O43 - CFD: 02/07/2013 - 04:31:38 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\eIntaller O43 - CFD: 02/07/2013 - 04:31:27 - [0] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\Nosibay =>PUP.BubbleDock O43 - CFD: 08/08/2013 - 16:12:02 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Local\Duuqu =>PUP.Duuqu O45 - LFCP:[MD5.DCCCBAAB7502322B8BAB2031E2292A35] - 21/10/2014 - 08:31:52 ---A- - C:\Windows\Prefetch\EVEREST_DISKBENCH.DLL-C4F913C6.pf =>PUP.GiganticSavings O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6 O69 - SBI: SearchScopes [HKCU] {32958601-AC28-B0B0-B43C-3FDDF72FD894} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (Funmoods) - http://searchfunmoods.com =>PUP.Funmoods HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\desk365_RASAPI32 =>Hijacker.22Find HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\desk365_RASMANCS =>Hijacker.22Find HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASAPI32 =>PUP.Funmoods HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASMANCS =>PUP.Funmoods HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32 =>Adware.IncrediBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS =>Adware.IncrediBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32 =>Adware.IncrediBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS =>Adware.IncrediBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsFanUpdater_RASAPI32 =>Adware.AddLyrics HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsFanUpdater_RASMANCS =>Adware.AddLyrics HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsWooferUPD_RASAPI32 =>Adware.AddLyrics HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsWooferUPD_RASMANCS =>Adware.AddLyrics HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\nsb1_ar_2013613141731_qvo6_RASAPI32 =>Hijacker.Qvo6 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\nsb1_ar_2013613141731_qvo6_RASMANCS =>Hijacker.Qvo6 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32 =>Adware.PricePeep HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS =>Adware.PricePeep HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32 =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0C5C_RASAPI32 =>Adware.Yontoo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0C5C_RASMANCS =>Adware.Yontoo [HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^ [HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser] =>Hijacker.22Find^ [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_53 =>PUP.AgenceExclusive^ C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^ C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj =>Adware.SearchYa^ C:\Program Files (x86)\NeWSaverr =>PUP.NewSaver^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\Users\NETPLAYERSKZ\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\NETPLAYERSKZ\AppData\Roaming\DSite =>Hijacker.DSite^ C:\Users\NETPLAYERSKZ\AppData\Roaming\Nosibay =>PUP.BubbleDock^ C:\Users\NETPLAYERSKZ\AppData\Local\Duuqu =>PUP.Duuqu^ C:\Users\NETPLAYERSKZ\AppData\Roaming\eIntaller =>PUP.eSafeSecurity C:\Users\NETPLAYERSKZ\AppData\LocalLow\SearchNewTab =>Adware.FastSaveApp C:\Windows\Tasks\DSite.job =>Hijacker.iHaveNet^ C:\Windows\System32\Tasks\DSite =>Hijacker.DSite^ [HKCU\Software\AppDataLow\Software\LyricsWoofer] =>Adware.AddLyrics^ [HKCU\Software\DSiteProducts] =>Hijacker.DSite^ [HKCU\Software\Duuqu] =>PUP.Duuqu^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu^ [HKLM\Software\Wow6432Node\TUTO_4PC] =>PUP.AgenceExclusive^ [HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia^ [HKLM\Software\Wow6432Node\deskSvc] =>Hijacker.22Find^ C:\Users\NETPLAYERSKZ\Downloads\SaveAs.exe =>PUP.Offerware [HKCU\Software\Softonic] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASMANCS [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] [HKCU\Software\Softonic] O51 - MPSK:{9f74d21f-29c7-11e2-a824-8c89a5e5edce}\AutoRun\command. (.Pas de propriétaire - Saints Row IV (c) Deep Silver Setup.) -- E:\setup.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified G1 - GCS: Preference [User Data\Default] None R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O43 - CFD: 21/08/2013 - 06:33:29 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\Reg C:\Program Files\Intel\AMT\UNS.exe O23 - Service: Intel Active Management Technology User Notification Service (UNS) - Intel Corporation - HKLM\SYSTEM\CurrentControlSet\Services\UNS C:\Windows\system32\wuaueng.dll SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe