Script ZHPFix O[MD5.6383C805CBA4A7A27BEBB9919D64AF20] [APT] [Java Update] (...) -- C:\Program Files (x86)\Java\Java.exe [187464] [MD5.5AFC57E409E859D48EBAC2540A8E3460] [APT] [keepup] (...) -- C:\Users\c4\AppData\Roaming\miaul\RJFC.exe [82504] [MD5.70516B1AF02E441076D114B513B248FB] [APT] [Office] (...) -- C:\Program Files (x86)\Office\Office.exe [187464] O42 - Logiciel: EKF Diagnostics - (...) [HKCU][64Bits] -- EKF-Diagnostics O42 - Logiciel: Euroimmun_Analyzer_I - (...) [HKLM][64Bits] -- {FDB6058D-ECB5-4DCB-95E7-B61D832BC614} [HKCU\Software\Euroimmun] [HKCU\Software\MyTransitGuide_b7] [HKLM\Software\Wow6432Node\EUROIMMUN] [HKLM\Software\Wow6432Node\MyTransitGuide_b7] [HKLM\Software\Wow6432Node\WinPj] O43 - CFD: 15-Oct-14 - 10:46:31 AM - [] ----D C:\Program Files (x86)\BD Accuri O43 - CFD: 07-Oct-14 - 3:14:03 PM - [] ----D C:\Program Files (x86)\EUROIMMUN O43 - CFD: 16-Nov-14 - 12:26:13 AM - [] ----D C:\Program Files (x86)\MyTransitGuide_b7 O43 - CFD: 16-Nov-14 - 12:44:23 AM - [] ----D C:\Program Files (x86)\Common Files\Config O43 - CFD: 10-May-14 - 1:22:36 AM - [] ----D C:\ProgramData\TCE O43 - CFD: 16-Nov-14 - 12:44:39 AM - [] ----D C:\Users\c4\AppData\Roaming\Fixs O43 - CFD: 21-Nov-14 - 6:47:07 PM - [] ----D C:\Users\c4\AppData\Roaming\miaul O43 - CFD: 24-Aug-14 - 2:07:22 PM - [0] ----D C:\Users\c4\AppData\Roaming\rmi O43 - CFD: 16-Nov-14 - 12:44:42 AM - [] ----D C:\Users\c4\AppData\Roaming\SPK O43 - CFD: 08-Sep-14 - 2:11:50 PM - [] ----D C:\Users\c4\AppData\Local\EKF-Diagnostics O43 - CFD: 29-Oct-14 - 8:05:29 PM - [] ----D C:\Users\c4\AppData\Local\Installer O43 - CFD: 16-Nov-14 - 12:27:38 AM - [] ----D C:\Users\c4\AppData\Local\MyTransitGuide_b7 O43 - CFD: 15-Oct-14 - 10:46:39 AM - [0] ----D C:\Users\c4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BD Accuri [MD5.21754903D528C68329D6BECA9B671E4F] [SPRF][03-Nov-09] (...) -- C:\Users\c4\Desktop\layout.bin [422] [MD5.A6D19C2381AD7AF78B13E6160F69C375] [SPRF][15-Apr-12] (...) -- C:\Users\c4\Desktop\u1201.exe [1435240] [MD5.2752F141ABF5DA8C3E97267B1EF0CC68] [SPRF][20-Jul-14] (...) -- C:\Users\c4\Desktop\ultravpn-install.exe [1443785] SS - | Demand 11-Jul-58 0 | (MyTransitGuide_b7Service) . (...) - C:\Program Files (x86)\MYTRAN~2\bar\1.bin\b7barsvc.exe [HKCU\Software\Popajar] [HKLM\Software\Wow6432Node\Client] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application M3 - MFPP: Plugins - [c4] -- C:\Users\c4\AppData\Roaming\Mozilla\Firefox\Profiles\h2w6n8h2.default-1416041767838\searchplugins\VenteeRo.xml =>Trojan.Vonteera M0 - MFSP: prefs.js [c4 - h2w6n8h2.default-1416041767838] http://www.arabyonline.com M0 - MFSP: user.js [c4 - h2w6n8h2.default-1416041767838] http://www.arabyonline.com O2 - BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 [64Bits] - {11111111-1111-1111-1111-110611321185} Orphan key O2 - BHO: FoxPro [64Bits] - {598AC71E-BE58-3981-B78A-5C138F423AD6} . (...) -- C:\Users\c4\AppData\Roaming\VolIE\FoxPro_32.dll =>Trojan.Vonteera [MD5.70516B1AF02E441076D114B513B248FB] [APT] [4CEFD9B73D6C-1CRMOI2] (...) -- C:\Users\c4\AppData\Roaming\ARHome\Updater.exe [187464] =>Trojan.Vonteera [MD5.70516B1AF02E441076D114B513B248FB] [APT] [9A5A8340-6B15] (...) -- C:\Users\c4\AppData\Roaming\ARHome\Updater.exe [187464] =>Trojan.Vonteera [MD5.00000000000000000000000000000000] [APT] [{245897B4-F052-4B0A-993C-53CE24767440}] (...) -- C:\Users\c4\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches [HKCU\Software\ARHome] =>Trojan.Vonteera [HKCU\Software\NoVooITSet] =>Trojan.Vonteera [HKCU\Software\NoVooIT] [HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera [HKLM\Software\Wow6432Node\YourFileDownloader] [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager O43 - CFD: 15-Nov-14 - 7:49:59 PM - [] ----D C:\Program Files (x86)\Universal Updater O43 - CFD: 21-Nov-14 - 6:47:03 PM - [] ----D C:\Users\c4\AppData\Roaming\ARHome =>Trojan.Vonteera O43 - CFD: 21-Nov-14 - 6:47:07 PM - [] ----D C:\Users\c4\AppData\Roaming\VolIE =>Trojan.Vonteera [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}] =>Trojan.Vonteera^ [HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611321185}] =>PUP.CrossRider C:\Users\c4\AppData\Roaming\ARHome =>Trojan.Vonteera^ C:\Users\c4\AppData\Roaming\VolIE =>Trojan.Vonteera^ C:\Users\c4\AppData\Local\Installer =>Adware.InstallPedia [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^ C:\Users\c4\AppData\Roaming\ARHome\Updater.exe =>Trojan.Vonteera^ [HKCU\Software\ARHome] =>Trojan.Vonteera^ [HKCU\Software\NoVooITSet] =>Trojan.Vonteera^ [HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ C:\Users\c4\AppData\Roaming\Mozilla\Firefox\Profiles\qrr4wk6e.default-1415993032286\prefs.js (.not file.) O4 - HKLM\..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (.not file.) O41 - Driver: (BAPIDRV) . (. - .) - C:\Windows\System32\DRIVERS\BAPIDRV64.sys (.not file.) O51 - MPSK:{00d04816-a309-11e3-8252-806e6f6e6963}\AutoRun\command. (...) -- D:\CD_Start.exe (.not file.) [MD5.B690184CD2C5D9FFAF2873EDCF306BA1] [SPRF][21-Nov-14] (...) -- C:\ProgramData\1416515000.bdinstall.bin [267641] O51 - MPSK:{519119f3-3258-11e4-82b1-28e347ba10c1}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O2 - BHO: btorbit.com [64Bits] - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O4 - GS\QuickLaunch [c4]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\c4\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe O87 - FAEL: "{1918787B-0FDA-4972-A9DD-37988F134C48}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\c4\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{281EAC31-2321-4FF6-9A9D-528FCBB0E224}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\c4\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent [HKCU\Software\Softonic] [HKCU\Software\Softonic] [MD5.AB0C872B1FFE283D20C91C8E575E2F67] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\c4\AppData\Roaming\Dropbox\bin\Dropbox.exe [35419192] [PID.6872] [HKCU\Software\AdsFix] [HKCU\Software\Baidu Security] [HKCU\Software\Baidu] HKLM\Software\AdsFix] [HKLM\Software\Baidu Security] [HKLM\Software\Wow6432Node\AdsFix] [HKLM\Software\Wow6432Node\Baidu Security] [HKLM\Software\Wow6432Node\Baidu] [HKLM\Software\Wow6432Node\Baidu_Drp_pos] O44 - LFC:[MD5.F2B7BA3BBC2E7DB9BFCC732458CBD1B7] - 21-Nov-14 - 2:14:14 AM ---A- . (...) -- C:\AdsFix_21_11_2014_02_14_16.txt [49901] O43 - CFD: 29-Oct-14 - 8:50:42 AM - [] ----D C:\ProgramData\Baidu Security O43 - CFD: 16-Nov-14 - 12:27:54 AM - [] ----D C:\Users\c4\AppData\Roaming\Baidu O43 - CFD: 29-Oct-14 - 8:50:33 AM - [0] ----D C:\Users\c4\AppData\Roaming\Baidu Security C:\Users\c4\Desktop\wrar52b2.MaZiKa2daY.CoM\wrar52b2\winrar.KEYGEN-FFF.zip =>.Crack,Keygen C:\Users\c4\Dropbox\New folder\MyEgY.CoM_DLL-FiLe. Fixer_3.1.81.2877_By.MaHeR\DLL-FiLes Fixer 3.1.81.2877\Keygen\Activation.reg =>.Crack,Keygen C:\Users\c4\Dropbox\New folder\MyEgY.CoM_DLL-FiLe. Fixer_3.1.81.2877_By.MaHeR\DLL-FiLes Fixer 3.1.81.2877\Keygen\Serials.txt =>.Crack,Keygen C:\Users\c4\Desktop\wrar52b2.MaZiKa2daY.CoM\wrar52b2\winrar.KEYGEN-FFF.zip =>.Crack,Keygen C:\Users\c4\Dropbox\New folder\MyEgY.CoM_DLL-FiLe. Fixer_3.1.81.2877_By.MaHeR\DLL-FiLes Fixer 3.1.81.2877\Keygen\Activation.reg =>.Crack,Keygen C:\Users\c4\Dropbox\New folder\MyEgY.CoM_DLL-FiLe. Fixer_3.1.81.2877_By.MaHeR\DLL-FiLes Fixer 3.1.81.2877\Keygen\Serials.txt =>.Crack,Keygen [MD5.2CDC3E88DD7117FFCE898B9B10BD7B19] [SPRF][21-Nov-14] (.No owner - AdsFix.) -- C:\Users\c4\Desktop\AdsFix.exe [2413056] ShortcutFix FirewallRaz EmptyTemp EmptyFlash Proxyfix Sysrestore