Sujet Précédent Sujet Suivant

Ordinateur met 5 à 8 min à atteindre le bureau.

Fermé
Tb214 Messages postés 3 Date d'inscription dimanche 11 mai 2014 Statut Membre Dernière intervention 11 mai 2014 - 11 mai 2014 à 16:49
Tb214 Messages postés 3 Date d'inscription dimanche 11 mai 2014 Statut Membre Dernière intervention 11 mai 2014 - 11 mai 2014 à 18:02
Bonjour,
Mon ordinateur DELL acheter il y a un peu plus d'1 an met 5 à 8 min à arrivé sur la page d'acceuil du bureau après que j'ai entré mon mot de passe. Durant ce lapse de temps l'écran est noir seul la souris peu apparaître et la composante ctrl-alt-suppr fonctionne m'affichant une page qui ne change rien même si je clic sur gestionnaire des tâches (pu réduire un peu le temps d'attente).

De plus, quelque fois un message d'alerte (pas souvent) m'indique que le fichier user/Tb/appdata/roaming/wp_update.exe est manquant. Je sais que c'est un fichier virus mais, le fait qu'il soit manquant n'est il pas positif ?! Y a t'il un lien entre l'attente et ce fichier...

Comment puis je résoudre cette situation ?

Merci de vos réponses.
A voir également:

4 réponses

Réponse 1 / 4
Novtwent Messages postés 79 Date d'inscription lundi 21 avril 2014 Statut Membre Dernière intervention 11 mai 2014 8
11 mai 2014 à 17:00
Bonjour,

essayez de passer un coup de Ccleaner ainsi que faire une analyse complète de votre ordinateur avec un antivirus.
1
Réponse 2 / 4
Tb214 Messages postés 3 Date d'inscription dimanche 11 mai 2014 Statut Membre Dernière intervention 11 mai 2014
11 mai 2014 à 17:13
Alors j'avais déja fait de nombreux scans minutieux (avast) mais sans résultat !

Je sais qu'il est courant ici d'utiliser ZHPDiag, j'ai donc fait un scan :

~ Rapport de ZHPDiag v2014.5.11.59 - Nicolas Coolman (11/05/2014)
~ Lancé par Tb (11/05/2014 16:27:16)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17105
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 2J8YG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2018
Spybot - Search & Destroy v2.2.25
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3953 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 333 GB (51%) free of 645 GB

---\\ Mode de connexion au système
~ Computer Name: TBS-PC
~ User Name: Tb
~ All Users Names: Thibault, Tb, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Tb\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Tb\AppData\Roaming\
~ %Desktop% : C:\Users\Tb\Desktop\
~ %Favorites% : C:\Users\Tb\Favorites\
~ %LocalAppData% : C:\Users\Tb\AppData\Local\
~ %StartMenu% : C:\Users\Tb\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 333 Go of 645 Go)
D: CD-ROM drive (Not Inserted)
X: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 13 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 13:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 10:11:56.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/02/2014 - 10:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 10:20:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/03/2014 - 04:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 16:44:13.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/841
~ Mes musiques (My Musics) : 1/161
~ Mes Videos (My Videos) : 2/131
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/104
~ Mon Bureau (My Desktop) : 2/211
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 11s



---\\ Processus lancés
[MD5.EE73B56ED71EB6383F25FA5468923BB2] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144] [PID.2724]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.5080]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.5100]
[MD5.90A3525C7399B7784D28F99EA1A51C4C] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616] [PID.0]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.4780]
[MD5.BB3152BE7A21289456CB299175962EC8] - (...) -- C:\Program Files (x86)\Bench\BService\bservice.exe [49664] [PID.4824] =>PUP.GiganticSavings
[MD5.0ABEEA039C171D5DB4EF78BCE6BAB73D] - (...) -- C:\Program Files (x86)\Bench\Wd\wd.exe [60416] [PID.5084] =>PUP.GiganticSavings
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.5372]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.5384]
[MD5.02BDD66D2EA1C47790BC24DF497E5783] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520] [PID.5476]
[MD5.2991C495CF25B9AD4E05002222A1E3B0] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.exe [493072] [PID.5972]
[MD5.A555FFDA6E54201D9F6AE4A6F37BDD4B] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4160528] [PID.5996]
[MD5.FF2CE3EC0F87A69B2F61EF9D89514800] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.5928]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.5792]
[MD5.4E36C444397A1C7FDFB9A10D4852CA55] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7872512] [PID.4072]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Tb\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [algmakeomkafjglfhpomolfhjppoojff] Pricora v.1.23.5, (Désactivé) =>Adware.Pricora
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.8.4, (Désactivé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
G2 - GCE: Preference [User Data\Default] [mfkamignjaneflbgdjegpidckhjdiibj] Storimbo v.1.0.0 (Désactivé) =>PUP.Storimbo
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nikdaiaidiiiogaidkkekcmokcgcdeac] Discount Dragon v.1.0, (Activé) =>PUP.DiscountDragon
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] uTorrentBar_FR v.10.16.2.9, (Désactivé) =>P2P.µTorrent
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 12s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww7.nationzoom.com =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ww7.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ww7.nationzoom.com =>Hijacker.NationZoom
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 54.225.95.126 nikdaiaidiiiogaidkkekcmokcgcdeac
Votre fichier Hosts comporte 15516 adresses détournées
~ Hosts File: Scanned in 00mn 05s
~ Nombre de lignes (Lines number): 15516



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Video Downloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Discount Dragon BHO [64Bits] - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} . (.Pas de propriétaire - FrameworkBHO.) -- C:\Program Files (x86)\Discount Dragon\FrameworkBHO.dll =>PUP.DiscountDragon
O2 - BHO: mysearchdial Helper Object [64Bits] - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Clé orpheline =>Adware.MyWebSearch
O2 - BHO: BonanzaDeals [64Bits] - {fe063412-bea4-4d76-8ed3-183be6220d17} . (...) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (.not file.) =>Adware.BonanzaDeals
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Webplayer.lnk . (...) -- C:\Program Files (x86)\Webplayer\Webplayer.exe (.not file.) =>Adware.SocialSkinz
O4 - GS\QuickLaunch [Tb]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Tb]: µTorrent (2).lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Tb]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 5 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Tb]: PricePeepUpdater.lnk . (...) -- C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (.not file.) =>Adware.PricePeep
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Epson Stylus SX210] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Tb\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_50] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [BService] . (...) -- C:\Program Files (x86)\Bench\BService\bservice.exe =>PUP.GiganticSavings
O4 - HKLM\..\Wow6432Node\Run: [Wd] . (...) -- C:\Program Files (x86)\Bench\Wd\wd.exe =>PUP.GiganticSavings
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\RunOnce: [Discount Dragon-repairJob] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>PUP.DiscountDragon
O4 - HKUS\S-1-5-21\..\Run: [resource] Clé orpheline
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Clé orpheline
O4 - HKUS\S-1-5-21-3938316196-3329010463-1507528362-1005\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-3938316196-3329010463-1507528362-1005\..\Run: [Epson Stylus SX210] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3938316196-3329010463-1507528362-1005\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-3938316196-3329010463-1507528362-1005\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-3938316196-3329010463-1507528362-1005\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Tb\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09EC0457-1D1B-487F-814B-A9E7C9EA54F1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0AA8342-3243-44D3-8FDF-24270B20D602}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{09EC0457-1D1B-487F-814B-A9E7C9EA54F1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0AA8342-3243-44D3-8FDF-24270B20D602}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service BonanzaDealsLive (bonanzadealslive) (bonanzadealslive) . (...) - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (.not file.) =>Adware.BonanzaDeals
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Service Software Update (Software_update) (Software_update) . (...) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) =>Adware.Boxore
O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (.not file.) =>PUP.Wajam
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
~ Services: 27 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-S-1-5-21-3938316196-3329010463-1507528362-1005] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings
[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings
[MD5.00000000000000000000000000000000] [APT] [BonanzaDealsUpdate] (...) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe (.not file.) [0] =>Adware.BonanzaDeals
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Tb\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.59BE5C8AD4758A4405E13BCE1D3BE665] [APT] [Pricora-chromeinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-chromeinstaller.exe [460800] =>Adware.Pricora
[MD5.DAA7EAAEEB67125192A16FCCE7EEDD9D] [APT] [Pricora-codedownloader] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe [476672] =>Adware.Pricora
[MD5.1696645FDB0519682C3D79DACA321A71] [APT] [Pricora-enabler] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-enabler.exe [342528] =>Adware.Pricora
[MD5.D724F163E9FE2848318E0807B3CE563D] [APT] [Pricora-firefoxinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-firefoxinstaller.exe [722432] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [SoftwareUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0] =>Adware.Boxore
[MD5.00000000000000000000000000000000] [APT] [SoftwareUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (.not file.) [0] =>Adware.Boxore
[MD5.87948212C71A773AEF4C68029BFAE924] [APT] [wp_update] (...) -- C:\Users\Tb\AppData\Roaming\~ruojoku.exe [493272] =>PUP.WpManager
[MD5.0718A6D0B993B334F15D6BF57AC8C871] [APT] [{E0286E3D-CB10-4399-9252-06DFB1796544}] (...) -- C:\Users\Tb\Downloads\avast!-Antivirus-Gratuit.exe [123869]
[MD5.00000000000000000000000000000000] [APT] [{EB3712B5-167C-47ED-8A8E-6A13905A7800}] (...) -- C:\Program Files (x86)\Wajam\uninstall.exe (.not file.) [0] =>PUP.Wajam
O39 - APT: bench-S-1-5-21-3938316196-3329010463-1507528362-1005 - (...) -- C:\Windows\Tasks\bench-S-1-5-21-3938316196-3329010463-1507528362-1005.job [352] =>PUP.GiganticSavings
O39 - APT: bench-S-1-5-21-3938316196-3329010463-1507528362-1005 - (...) -- C:\Windows\System32\Tasks\bench-S-1-5-21-3938316196-3329010463-1507528362-1005 [352] =>PUP.GiganticSavings
O39 - APT: bench-sys - (...) -- C:\Windows\Tasks\bench-sys.job [352] =>PUP.GiganticSavings
O39 - APT: bench-sys - (...) -- C:\Windows\System32\Tasks\bench-sys [352] =>PUP.GiganticSavings
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Epson Printer Software Downloader [260]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3938316196-3329010463-1507528362-1005Core [908]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3938316196-3329010463-1507528362-1005UA [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [294] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [294] =>Adware.MyWebSearch
O39 - APT: Pricora-chromeinstaller - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-chromeinstaller.job [1880] =>Adware.Pricora
O39 - APT: Pricora-chromeinstaller - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-chromeinstaller [1880] =>Adware.Pricora
O39 - APT: Pricora-codedownloader - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-codedownloader.job [1182] =>Adware.Pricora
O39 - APT: Pricora-codedownloader - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-codedownloader [1182] =>Adware.Pricora
O39 - APT: Pricora-enabler - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-enabler.job [1082] =>Adware.Pricora
O39 - APT: Pricora-enabler - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-enabler [1082] =>Adware.Pricora
O39 - APT: Pricora-firefoxinstaller - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-firefoxinstaller.job [1806] =>Adware.Pricora
O39 - APT: Pricora-firefoxinstaller - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-firefoxinstaller [1806] =>Adware.Pricora
O39 - APT: SoftwareUpdateTaskMachineCore - (...) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [920]
O39 - APT: SoftwareUpdateTaskMachineCore - (...) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore [920]
O39 - APT: SoftwareUpdateTaskMachineUA - (...) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [924]
O39 - APT: SoftwareUpdateTaskMachineUA - (...) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA [924]
~ Scheduled Task: 52 Legitimates Filtered in 00mn 03s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (aswKbd) . (. - .) - C:\WINDOWS\system32\drivers\aswKbd.sys (.not file.)
~ Drivers: 44 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
O42 - Logiciel: Discount Dragon - (.Smart Apps.) [HKLM][64Bits] -- 38900_Discount Dragon =>PUP.DiscountDragon
O42 - Logiciel: Le Maître de l'Olympe - Zeus. - (...) [HKLM][64Bits] -- Le Maître de l'Olympe - Zeus.
O42 - Logiciel: Pricora - (.Corporate Inc.) [HKLM][64Bits] -- Pricora =>Adware.Pricora
O42 - Logiciel: WPM17.8.0.3297 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {F750DB0E-D452-3108-63C9-FE16BC686741} =>Adware.SocialSkinz
~ Logic: 26 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5c53d88cbc68bd14] =>Hijacker.Eazel
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Storimbo] =>PUP.Storimbo
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKCU\Software\Vittalia] =>Adware.Vittalia
[HKLM\Software\Wow6432Node\5c53d88cbc68bd14] =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\AdvertisingSupport] =>PUP.AdvertisingSupport
[HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\Storimbo] =>PUP.Storimbo
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 280 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/02/2014 - 22:31:20 - [] ----D C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon
O43 - CFD: 19/11/2013 - 16:11:05 - [] ----D C:\Program Files (x86)\Pricora =>Adware.Pricora
O43 - CFD: 22/02/2014 - 14:13:16 - [] ----D C:\Program Files (x86)\Storimbo =>PUP.Storimbo
O43 - CFD: 12/10/2013 - 18:36:37 - [] ----D C:\Program Files (x86)\WebGamePlay
O43 - CFD: 14/01/2014 - 02:32:41 - [0] ----D C:\ProgramData\BoxUpdChk =>Adware.Boxore
O43 - CFD: 13/01/2014 - 02:21:30 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 28/11/2013 - 17:36:12 - [] ----D C:\Users\Tb\AppData\Roaming\0V1L2Z2Z1T1I1L1T =>Adware.InstallCore
O43 - CFD: 22/02/2014 - 11:54:13 - [] ----D C:\Users\Tb\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 11/05/2014 - 01:27:51 - [] --H-D C:\Users\Tb\AppData\Roaming\RPPrivate
O43 - CFD: 05/09/2013 - 12:20:05 - [] ----D C:\Users\Tb\AppData\Roaming\WebGamePlay
O43 - CFD: 11/05/2014 - 16:09:25 - [] ----D C:\Users\Tb\AppData\Roaming\wp_update =>PUP.WpManager
O43 - CFD: 06/05/2014 - 13:47:35 - [] ----D C:\Users\Tb\AppData\Local\Discount Dragon =>PUP.DiscountDragon
O43 - CFD: 22/02/2014 - 14:13:16 - [0] ----D C:\Users\Tb\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 01/10/2013 - 13:34:55 - [0] ----D C:\Users\Tb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
~ Program Folder: 166 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 29/04/2014 - 09:40:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
~ Files: 21 Legitimates Filtered in 00mn 15s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/04/2014 - 09:40:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:13/12/2012 - 20:46:19 ---A- . (...) -- C:\Windows\System32\Drivers\aswnet.sys.sum [175]
O58 - SDL:29/04/2014 - 09:40:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:29/06/2013 - 17:05:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:29/06/2013 - 17:05:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:29/04/2014 - 09:40:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:29/06/2013 - 17:05:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:29/04/2009 - 16:28:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [30208]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:24/07/2012 - 11:59:56 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [540160]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 70 Legitimates Filtered in 00mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.87948212C71A773AEF4C68029BFAE924] [SPRF][29/11/2013] (.Pas de propriétaire - wp_update scheduler.) -- C:\Users\Tb\AppData\Roaming\~ruojoku.exe [493272] =>PUP.WpManager
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][13/01/2014] (...) -- C:\Users\Tb\Desktop\adwcleaner-1.606-en.exe [581957]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{92630B6C-8C33-43B3-9301-2B9B1D5DEBCD}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DEB0C6AA-5980-4BBA-9BF1-190DB1BD82B6}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Tb\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "543A7381D6C0EA24CA6DC6F4F54F09AB" . (.Iminent.) -- C:\Windows\Installer\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\WINDOWS\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5c53d88cbc68bd14\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\2.6.1694.246\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.221]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.221]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.221]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.221]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.221]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.221]:version="2.6.1562.221" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5c53d88cbc68bd14\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5c53d88cbc68bd14]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tz
0
Réponse 3 / 4
bazfile Messages postés 56670 Date d'inscription samedi 29 décembre 2012 Statut Modérateur, Contributeur sécurité Dernière intervention 20 décembre 2024 19 337
11 mai 2014 à 17:25
Bonjour,
Ne poste pas tes rapports dans tes messages il ne logent pas dedans et en plus c'est galère pour celui qui t'aide, ton rapport ZHPdiag n'étant pas complet fait ceci dans l'ordre :

1- Télécharge et enregistre sur le bureau ADWcleaner
- Ouvre ADWcleaner en cliquant avec le bouton droit de ta souris et en choisissant Exécuter en tant qu'administrateur (pour W7, Vista, W8 seulement) pour Windows XP ouvrir normalement.
- La fenêtre d'ADWcleaner s'ouvre clique sur Scanner une fois le scan terminé clique sur Nettoyer
- Le nettoyage terminé tu devras redémarrer ton ordinateur
- Au redémarrage de l'ordinateur le rapport de suppression d'ADWcleaner s'affichera à l'écran tu le mettra dans ton prochain message toujours via un lien https://www.cjoint.com/

Voici le mode d'emploi d'ADWcleaner au cas où tu en aurais besoin : http://general-changelog-team.fr/fr/accueil/66-multilangue/tutoriels/securite/311-utiliser-adwcleaner-version-3-x

Puis :

Réinitialise ton ou tes navigateur(s).
Réinitialiser Google Chrome : https://support.google.com/chrome/answer/3296214?hl=fr
Réinitialiser Firefox :
https://support.mozilla.org/fr/kb/reparer-firefox-reinitialiser-modules-parametres?redirectlocale=fr&redirectslug=reinitialiser-firefox-corriger-facilement-problemes
Réinitialiser Internet Explorer : https://support.microsoft.com/fr-fr/help/923737

Puis

2 -Télécharge, installe et ouvre ZHPdiag lance l'analyse en cliquant sur Configurer puis sur la loupe sans + ni-, une fois l'analyse terminée tu auras un rapport ZHPDiag.txt sur le bureau tu le postes sur https://www.cjoint.com/ dont voici un tutoriel : https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers puis met le lien généré par Cjoint dans ta réponse.
0
Réponse 4 / 4
Tb214 Messages postés 3 Date d'inscription dimanche 11 mai 2014 Statut Membre Dernière intervention 11 mai 2014
11 mai 2014 à 18:02
oui, je suis bien conscient en voyant la taille que c'était un peu long pour un message et je m'en excuse. Mais je n'ai pas trouvé la fonction en envoyer un fichier.

Bref, encore toutes mes excuses. Je vais faire ce que tu me conseil, et je reviens vers toi une fois que cela sera fait car d'autres taches m'attendent pour le moment.

merci.
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
chaima csc
chaima -
chaima -

1 réponse