script ZHPFix G1 - GCS: Preference [User Data\Default] http://www.arabyonline.com G0 - GCSP: Preference [User Data\Default][HomePage] http://www.arabyonline.com G2 - GCE: Preference [User Data\Default] [hahpjplbmicfkmoccokbjejahjjpnena] Improved Search v.1.2 (Activé) =>Hijacker.SearchB1org G2 - GCE: Preference [User Data\Default] [jfhbklndhffnahdploecdffbedhgjnce] Vonteera Safe ads v.1.7.1 (Activé) =>Trojan.Trojan.Vonteera G2 - GCE: Preference [User Data\Default] [kglpndcdbghjihcfnoflfcndkpoffpag] Luvgag - funniest stuff online v.1.3.2 (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] GoogleA Wallet v.0.0.6.1 (Activé) M3 - MFPP: Plugins - [Client] -- C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\71x8hwhj.default\searchplugins\improvedsearch.xml M3 - MFPP: Plugins - [Client] -- C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\71x8hwhj.default\searchplugins\VenteeRo.xml M0 - MFSP: prefs.js [Client - 71x8hwhj.default] http://www.arabyonline.com M2 - MFEP: prefs.js [Client - 71x8hwhj.default\addon@Vonteera.com] [] Vonteera Safe ads v (..) =>Trojan.Trojan.Vonteera P2 - FPN: [HKLM] [@GamingWonderland.com/Plugin] - (...) -- C:\Program Files\GamingWonderland\bar\2.bin\NPgtStub.dll (.not file.) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com O2 - BHO: AdSafe - {598AC71E-BE58-3981-B78A-5C138F423AD6} . (...) -- C:\Users\Client\AppData\Roaming\VolIE\Adsafe_32.dll O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -- Clé orpheline O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico [MD5.3CB03C134F7307866B3C52735CDFAE76] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [734208] =>Trojan.Trojan.Keygen [MD5.9EC72B7CE86BCFD675DF4FEBAD15DBCA] [APT] [Volaro Update] (.Volaro.) -- C:\Program Files\Volaro\Updater\Updater.exe [280400] =>Trojan.Trojan.Vonteera O42 - Logiciel: Volaro Updater - (.Volaro.) [HKLM] -- Volaro Updater =>Trojan.Trojan.Vonteera O42 - Logiciel: Vonteera - (.Vonteera.) [HKLM] -- Vonteera =>Trojan.Trojan.Vonteera O42 - Logiciel: Vonteera Safe ads - (.NoVooIT.) [HKCU] -- Vonteera Safe ads =>Trojan.Trojan.Vonteera [HKCU\Software\Volaro] =>Trojan.Trojan.Vonteera [HKCU\Software\Vonteera] =>Trojan.Trojan.Vonteera O43 - CFD: 10/09/2013 - 18:37:50 - [0,003] ----D C:\Program Files\BearShare =>PUP.BearShare O43 - CFD: 22/09/2013 - 20:05:45 - [0,333] ----D C:\Program Files\Volaro =>Trojan.Trojan.Vonteera O43 - CFD: 24/01/2014 - 17:45:45 - [0,130] ----D C:\Program Files\VonteeraAddon =>Trojan.Trojan.Vonteera O43 - CFD: 16/09/2013 - 20:55:53 - [3,164] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 01/03/2014 - 12:22:25 - [4,857] ----D C:\Users\Client\AppData\Roaming\OpenCandy =>Adware.OpenCandy O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Client\AppData\Local\CatalinaGroup\Citrio\Application\chrome.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Client\AppData\Local\Google\Chrome\Application\chrome.exe" http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://www.arabyonline.com [HKLM\Software\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena] =>Hijacker.SearchB1org^ [HKLM\Software\Google\Chrome\Extensions\jfhbklndhffnahdploecdffbedhgjnce] =>Trojan.Trojan.Vonteera^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Volaro Updater] =>Trojan.Trojan.Vonteera^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera] =>Trojan.Trojan.Vonteera^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera Safe ads] =>Trojan.Trojan.Vonteera^ [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\Software\Classes\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc}] =>Spyware.AdaEbook [HKLM\Software\Classes\AppID\VONTEERA.DLL] =>Trojan.Vonteera [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}] =>Adware.SaveShare [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ C:\Users\Client\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena =>Hijacker.SearchB1org^ C:\Users\Client\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce =>Trojan.Trojan.Vonteera^ C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\71x8hwhj.default\extensions\addon@Vonteera.com =>Trojan.Trojan.Vonteera^ C:\Program Files\BearShare =>PUP.BearShare^ C:\Program Files\Volaro =>Trojan.Trojan.Vonteera^ C:\Program Files\VonteeraAddon =>Trojan.Trojan.Vonteera^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\Users\Client\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools =>Toolbar.4shared C:\Users\Client\AppData\Local\B1E =>Toolbar.BrotherSoft C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Trojan.Keygen^ C:\Program Files\Volaro\Updater\Updater.exe =>Trojan.Trojan.Vonteera^ [HKCU\Software\Volaro] =>Trojan.Trojan.Vonteera^ [HKCU\Software\Vonteera] =>Trojan.Trojan.Vonteera^ C:\Users\Client\Desktop\utorrent.exe =>P2P.BitTorrent^ C:\Users\Client\AppData\Local\Temp\uninst1.exe =>PUP.Babylon C:\Windows\KMSEmulator.exe =>Hijacker.Windows EmptyFlash EmptyTemp EmptyClsid FirewallRaz Proxyfix SysRestore