20150610-Log-ZHPDiag-daoud25.txt

Document joint : EFkuNnDAdeK_20150610-Log-ZHPDiag-daoud25.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþ~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Launched by RCZ (09/06/2015 21:32:53)
~ Facebook : https://www.facebook...nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Deactivate by user
~ Elevation of privilege : OK
~ User Account Control : Activate by user

---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17801
GCIE: Google Chrome v43.0.2357.81
OPIE: Opera vMail 1.0
OPIE: Opera Stable v28.0.1750.40

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows® 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ System protection software
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Deactivate)

---\\ System optimization software
CCleaner v3.24

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 17 PPAPI
Adobe Reader XI
Java 7 Update 9 (64-bit)

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (1%) free of 122 GB

---\\ Connection to the system mode
~ Computer Name: DAOUD-PC
~ User Name: RCZ
~ All Users Names: UpdatusUser, RCZ, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\RCZ\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\RCZ\AppData\Roaming\
~ %Desktop% : C:\Users\RCZ\Desktop\
~ %Favorites% : C:\Users\RCZ\Favorites\
~ %LocalAppData% : C:\Users\RCZ\AppData\Local\
~ %StartMenu% : C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 122 Go)
D: Hard drive, Flash drive, Thumb drive (Free 4 Go of 172 Go)
E: Hard drive, Flash drive, Thumb drive (Free 48 Go of 172 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Scanned in 00mn 00s

---\\ Search Generic System Files
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/12774
~ Mes musiques (My Musics) : 1/1276
~ Mes Videos (My Videos) : 1/197
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/644
~ Mon Bureau (My Desktop) : 1/417
~ Menu demarrer (Programs) : 1/58
~ Hidden Files: Scanned in 00mn 20s

---\\ Process running
[MD5.4606A6E8383DC80242A13BF197619E46] - (.GregLand - No Comment.) -- C:\Program Files (x86)\Emoticon\Emoticon.exe [1494016] [PID.2680]
[MD5.BA6435C78C4A91877AE8AA4DCC0927D3] - (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe [572416] [PID.3144]
[MD5.716F5828497A7739B1BCCEE4D0E8A80F] - (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe [833240] [PID.3452]
[MD5.AA1489AA08AF959A8E1B725B6DFE66EE] - (.DreamStudio - Email Client.) -- D:\DreamMail4\DM2005.exe [1898496] [PID.3848]
[MD5.C53D46F346668248C15F3159526A4303] - (...) -- C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe [385536] [PID.3948]
[MD5.C09341AD133729F72B2A3238BB8A1A0E] - (. Green Horse Tickerbar - 1.0.0.1.) -- C:\Program Files (x86)\Tickerbar\theTickerBar.exe [57344] [PID.3960]
[MD5.FF708EC69A2B14230344199DFB3737EF] - (.No owner - ExtraBarre.) -- C:\agia3d\Extrakdo\barre.exe [110592] [PID.3944]
[MD5.896D9A92E8504BA2254E729895B1EC20] - (.Legend Edition - deadsurfv1.0.) -- C:\Users\RCZ\AppData\Local\Apps\2.0\PHYLAXJ4.Z4W\R5KE1QMJ.6KC\dead..tion_0000000000000000_0001.0002_058d90b7aa34d6de\deadsurfv1.2.exe [210944] [PID.5140]
[MD5.0027DF21415E1A0BD420BFDAB766620A] - (.Legend Edition - soulcodev1.2.) -- C:\Users\RCZ\AppData\Local\Apps\2.0\PHYLAXJ4.Z4W\R5KE1QMJ.6KC\soul..tion_0000000000000000_0001.0002_41d9d682e7b47003\soulcodev1.2.exe [465920] [PID.5192]
[MD5.DE671E75767C4B98B47433FCA26307A5] - (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe [1083280] [PID.2052]
[MD5.EC5645B6DBF1E17F216E7BE5073B1157] - (.BPMconcept - PackBarre.) -- C:\Program Files (x86)\PackBarre\PackBarre.exe [378368] [PID.448] =>Adware.ADON
[MD5.4ADFE62F23A0CF1D2234B0CC865544F1] - (.KADRIMEX S.A.R.L - AW-Manager-V6.) -- C:\Users\RCZ\Downloads\AW-Manager-V6.3.exe [1414144] [PID.4200]
[MD5.EC75F14CC85659C780A0DC575F7B1242] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815304] [PID.5784]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.5104]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.744]
[MD5.2870CE9BFD6BA66FB0FFC6D11C9E41A7] - (.Arcai.com - Arp Intelligent Protection Service.) -- C:\Program Files (x86)\netcut\services\AIPS.exe [262144] [PID.1184]
[MD5.87EE9D133646B4CEDB7D9A240D7BBD73] - (.Windows SysTool - Windows SysTool.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112] [PID.1460] =>PUP.Fuyu
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1644]
[MD5.6E93D6D8C9B096F83DE1E9AC0C75C0BC] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\XTab\ProtectService.exe [157824] [PID.1768]
[MD5.590DE2C0FF4E367050239BD1DDC912C1] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568] [PID.1880]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\afodfkabigfjjeidfkkkhllcbdjeegko [RieGhttOFferApp]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [__MSG_appName__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppefdlohekfhjenppnpjekkjjgndhdf [New XCommander]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [Chrome Hotword Shared Module]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb [ClixSense.com]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__]
~ Google Lines Browser: 18 Scanned in 00mn 00s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\3uoy8h9g.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\3uoy8h9g.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\g1n3hvfd.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\g1n3hvfd.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\oex4j5rw.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\oex4j5rw.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\x00vjp98.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\x00vjp98.default\user.js
M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\mystartsearch.xml =>PUP.StartSearch
M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\VenteeRo.xml =>Trojan.Vonteera
M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [RCZ - 3uoy8h9g.default] http://websearch.goodforsearch.info
M0 - MFSP: prefs.js [RCZ - 5rnsyl0i.default] http://www.google.com
M0 - MFSP: prefs.js [RCZ - g1n3hvfd.default] http://websearch.goodforsearch.info
M0 - MFSP: prefs.js [RCZ - oex4j5rw.default] http://websearch.goodforsearch.info
M0 - MFSP: prefs.js [RCZ - x00vjp98.default] http://websearch.goodforsearch.info
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] 89@AC.com
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] staged
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: prefs.js [RCZ - 5rnsyl0i.default\89@AC.com] [] SaleuPPLuus v1.2 (..) =>PUP.SalePlus
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] 89@AC.com
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] staged
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] 89@AC.com
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] staged
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] 89@AC.com
M2 - MFEP: Extension [RCZ - oex4j5rw.default] staged
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: Extension [RCZ - x00vjp98.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - x00vjp98.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - x00vjp98.default] 89@AC.com
M2 - MFEP: Extension [RCZ - x00vjp98.default] staged
M2 - MFEP: Extension [RCZ - x00vjp98.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - x00vjp98.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - x00vjp98.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - x00vjp98.default] {70df8d13-bdd3-448e-944c-efde21b77161}
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.9.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java"! Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.9.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.9.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.40416.0.) -- C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=3] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\1.3.25.219\npCatalinaUpdate3.dll
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=9] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\1.3.25.219\npCatalinaUpdate3.dll
~ Firefox Browser: 91 Scanned in 00mn 01s

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (11.00.9600.17631 (winblue_r7.150111-1500)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: (no name) [64Bits] - {b1bcea4a-6c4e-43be-a618-69cb8a66d8b8} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R3 - URLSearchHook: ClixSense.com Toolbar [64Bits] - {70df8d13-bdd3-448e-944c-efde21b77161} . (.Conduit Ltd. - Conduit Toolbar.) (6.17.2.8) -- C:\Program Files (x86)\ClixSense.com\prxtbCli2.dll =>Toolbar.Conduit
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 22 Scanned in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (63)
~ Hosts File: Scanned in 00mn 46s

---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{70DF8D13-BDD3-448E-944C-EFDE21B77161} Orphan key
~ Toolbar: Scanned in 00mn 00s

---\\ Other User Links (O4)
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [RCZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [RCZ]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [RCZ]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [RCZ]: Facebook.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.facebook.com
O4 - GS\TaskBar [RCZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\TaskBar [RCZ]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\Program [RCZ]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\SystemTools [RCZ]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\Desktop [RCZ]: Chrome Web Store.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://chrome.google.com
O4 - GS\Desktop [RCZ]: Facebook.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.facebook.com
O4 - GS\Desktop [RCZ]: YouTube.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.youtube.com
~ Global Startup: 12 Scanned in 00mn 26s

---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\RCZ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon
O4 - HKCU\..\Run: [CatalinaGroup Update] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
O4 - HKCU\..\Run: [AutoShutdown] . (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.)
O4 - HKCU\..\Run: [FlashGet 3] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe
O4 - HKLM\..\Wow6432Node\Run: [GreenHorseTickerBar] . (.Green Horse Corporation - Green Horse Tickerbar.) -- C:\Program Files (x86)\Tickerbar\tickerbar.dll
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\RCZ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [CatalinaGroup Update] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [AutoShutdown] . (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.)
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [FlashGet 3] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe
~ Application: Scanned in 00mn 00s

---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000009\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
~ Winsock: 9 Scanned in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) . (.Arcai.com - Arp Intelligent Protection Service.) - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Windows SysTool - Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 11 Scanned in 00mn 04s

---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s

---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s

---\\ Task Planned Automatically (039)
[MD5.00CC35F515079F5F94FABC3AC5C7D363] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464]
[MD5.C53D46F346668248C15F3159526A4303] [APT] [Bidaily Synchronize Task] (...) -- C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe [385536] =>PUP.BidailySync
[MD5.6BB7B3CB99C8E695C482BF99427FF1B0] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core] (.Catalina Group Ltd..) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130416]
[MD5.6BB7B3CB99C8E695C482BF99427FF1B0] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA] (.Catalina Group Ltd..) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130416]
[MD5.A5062EA164067050F2DFA9DCA98CA63A] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3157856]
[MD5.4606A6E8383DC80242A13BF197619E46] [APT] [emoticon] (.GregLand.) -- C:\Program Files (x86)\Emoticon\Emoticon.exe [1494016]
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core] (.Facebook Inc..) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA] (.Facebook Inc..) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.7E62782AA49FAE6939FE604B93300C1B] [APT] [LibrarySystem] (...) -- c:\programdata\{4b259ba2-b120-af84-4b25-59ba2b126e8a}\5972653202229919220b.exe [2584576]
[MD5.16F026EC9F269CDCDA7B568994F38347] [APT] [Opera scheduled Autoupdate 1420212510] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [889976]
[MD5.EABE8AD92F8313ED11C4CD9D56C31A4B] [APT] [RealDownloaderDownloaderScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [369752]
[MD5.FB1FCD597FAC91CD4C0901A198C11714] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [147016]
[MD5.FB1FCD597FAC91CD4C0901A198C11714] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [147016]
[MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2634143D-9191-44FD-BBFC-A5986952026A}] (...) -- H:\skystar2\Install\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{459C62C6-F8D1-4E4B-A277-000C75DC7609}] (...) -- C:\Users\RCZ\Downloads\ ©ëºê¤ ºé¨ºë ºé¥º«J I§ï êë ¦Jèê ïJë«.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4D01623E-ED82-4F12-A8A2-727FEA15EC77}] (...) -- C:\Users\RCZ\Desktop\2234.Football365.Toolbar.17.01.2007.rc_FTB001_1_0_0_0.exe (.not file.) [0]
[MD5.FD93F8C8BC70CED3F2F2599D522E5197] [APT] [{4E896B93-CF98-4AF5-AA53-45AAFA1D09F6}] (.NCH Software.) -- C:\Program Files (x86)\NCH Software\MailBase\uninst.exe [471044]
[MD5.00000000000000000000000000000000] [APT] [{7452F5F5-E9F0-4D46-90EC-CF2773D8B7BC}] (...) -- C:\Users\RCZ\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.Istart
[MD5.3469ED6FF6382044611321C26A879E2C] [APT] [{A0B0FB8B-3129-4097-8E5F-E8EA0ADDA0AB}] (...) -- C:\Users\RCZ\Downloads\mbsetup.exe [268448]
[MD5.23E22BD7FBB0D11397EC33BF2EA64CD2] [APT] [{A8F1BAE4-DF27-4044-BBB3-D073CD97B0F8}] (...) -- C:\Users\RCZ\Downloads\MuslimBag-Setup.exe [11326355]
[MD5.00000000000000000000000000000000] [APT] [{AD77D1C0-2437-417C-ACA6-647B7143F642}] (...) -- F:\Install\setup.exe (.not file.) [0]
[MD5.78D0C1825E50CB3D58AA3CE9770FDB96] [APT] [{D42E0F16-61EF-4378-B3E3-8ED50C344542}] (.Adobe Systems Inc..) -- C:\Users\RCZ\Downloads\Shockwave_Installer_Slim (1).exe [5006144]
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [1002]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: Bidaily Synchronize Task - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task.job [382] =>PUP.BidailySync
O39 - APT: Bidaily Synchronize Task - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task [382] =>PUP.BidailySync
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core.job [1048]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core [1048]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA.job [1100]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA [1100]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core.job [898]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core [898]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA.job [920]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA [920]
O39 - APT: LibrarySystem - (...) -- C:\Windows\Tasks\LibrarySystem.job [350]
O39 - APT: LibrarySystem - (...) -- C:\Windows\System32\Tasks\LibrarySystem [350]
~ Scheduled Task: 37 Scanned in 00mn 15s

---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Disable SSL3 [64Bits] - {7D715857-A67C-4C2F-A929-038448584D63} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 11 Scanned in 00mn 00s

---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver: ({4f8c067a-e55a-4229-81e6-7be1491578a2}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys =>PUP.LinkiDoo
O41 - Driver: ({bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({ed7eb956-75ed-460d-8f69-29a93b07afd1}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys =>PUP.LinkiDoo
~ Drivers: 72 Scanned in 00mn 00s

---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI
O42 - Logiciel: Adobe Flash Player 17 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI
O42 - Logiciel: Adobe Reader XI (11.0.11) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Adobe Shockwave Player 12.1 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player
O42 - Logiciel: Apple Application Support (32 bits) - (.Apple Inc..) [HKLM][64Bits] -- {AFA1153A-F547-409B-B837-3A0D6C5A3FEC}
O42 - Logiciel: Apple Application Support (64 bits) - (.Apple Inc..) [HKLM][64Bits] -- {D7B824DE-DA32-4772-9E5E-39C5158136A7}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {C4123106-B685-48E6-B9BD-E4F911841EB4}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
O42 - Logiciel: AppsHat Mobile Apps - (.Somoto Ltd..) [HKCU][64Bits] -- AppsHat Mobile Apps =>PUP.CrossRider
O42 - Logiciel: Athan Basic 3.8 - (...) [HKLM][64Bits] -- Athan
O42 - Logiciel: Barre v0.1 bêta - (.Agia3D.) [HKLM][64Bits] -- {3BDBA6BF-06E0-4372-91AB-996BEC377A72}_is1
O42 - Logiciel: Batch Image Resizer 2.87 - (.JKLNSoft, Inc..) [HKLM][64Bits] -- Batch Image Resizer_is1
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM][64Bits] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: CVitaeV4 - (...) [HKCU][64Bits] -- CVitaeV4
O42 - Logiciel: Citrio - (.© Epom Ltd..) [HKCU][64Bits] -- Citrio
O42 - Logiciel: ClixSense.com Toolbar - (.ClixSense.com.) [HKLM][64Bits] -- ClixSense.com Toolbar
O42 - Logiciel: Coloriage 2 - (...) [HKLM][64Bits] -- Coloriage 2
O42 - Logiciel: CoreAVC Professional Edition (remove only) - (...) [HKLM][64Bits] -- CoreAVC Professional Edition
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DVB Dream version 2.5 Ahmad & Takki R1 - (.www.dvbsapplicationrepack.blogspot.com.) [HKLM][64Bits] -- {8579ED9E-1F6F-4B75-8752-A13C38BB146B}_is1
O42 - Logiciel: DVB Dream version 2.6A Ahmad & Takki - (.www.dvbsapplicationrepack.blogspot.com.) [HKLM][64Bits] -- {10A280E5-EEC2-44A7-BEB3-657F838D4E86}_is1
O42 - Logiciel: DVBViewer TE2 - (.CM&V.) [HKLM][64Bits] -- DVBViewer TE2_is1
O42 - Logiciel: Dead Surf - 1 - (.Legend Edition.) [HKCU][64Bits] -- ca5afe92da7ae5fe
O42 - Logiciel: DreamMail 4.6 - (.DreamStudio.) [HKLM][64Bits] -- DreamMail 4.6
O42 - Logiciel: Euro-Happy M-B-v2.12e Bêta - (.Agia3D.) [HKLM][64Bits] -- {0558D976-2CD9-4056-BB6D-6609578F6FB9}_is1
O42 - Logiciel: ExtraBarre M-B-v2.15e - (.Agia3D.) [HKLM][64Bits] -- {27A6EC92-1F16-4A47-BDDC-64537DD2630A}_is1
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM][64Bits] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: FileZilla Client 3.10.3 - (.Tim Kosse.) [HKLM][64Bits] -- FileZilla Client
O42 - Logiciel: FlashGet3.7 - (.http://www.FlashGet.com.) [HKLM][64Bits] -- FlashGet3.7
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM][64Bits] -- {FE8DFDD0-A543-4A83-B7A9-C411138194D5}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Java 7 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF}
O42 - Logiciel: Java 7 Update 9 (64-bit) - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86417009FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}
O42 - Logiciel: K-Lite Codec Pack 7.9.0 (Full) - (...) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: LaBoitaKados M-B-v1.1 - (.Agia3D.) [HKLM][64Bits] -- {0B19DC32-C613-4B1C-8116-98A808261AE9}_is1
O42 - Logiciel: Logiciel d'archivage WinRAR - (...) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {F842F8B0-6942-4930-821F-543E976B2C66}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Photo Editor 6.8 - (.Photo Editor Software, Inc..) [HKLM][64Bits] -- Magic Photo Editor_is1
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- SkyDriveSetup.exe =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visionneuse de rapports 2005 redistribuable - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Report Viewer Redistributable 2005
O42 - Logiciel: Mises à jour NVIDIA 1.11.3 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update
O42 - Logiciel: Muslim Bag - (.Soft4ISlam.) [HKLM][64Bits] -- Muslim Bag1.5
O42 - Logiciel: MyCurriculum 2011 - (...) [HKLM][64Bits] -- MyCurriculum 2011
O42 - Logiciel: NVIDIA Pilote 3D Vision 311.06 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
O42 - Logiciel: NVIDIA Pilote graphique 311.06 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo
O42 - Logiciel: Nero 9 Lite - (.Nero AG.) [HKLM][64Bits] -- {6f555276-7852-4cae-9eda-d69c5802e3e4}
O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM][64Bits] -- {E8A80433-302B-4FF1-815D-FCC8EAC482FF}
O42 - Logiciel: Nero Online Upgrade - (.Nero AG.) [HKLM][64Bits] -- {C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
O42 - Logiciel: Nero StartSmart - (.Nero AG.) [HKLM][64Bits] -- {7748AC8C-18E3-43BB-959B-088FAEA16FB2}
O42 - Logiciel: NetCut 2.1.4 - (.arcai.com.) [HKLM][64Bits] -- NetCut_is1
O42 - Logiciel: New XCommander - (...) [HKLM][64Bits] -- {60EACF28-3304-CDE7-8F98-5992F85D389C}
O42 - Logiciel: Opera Mail 1.0 - (.Opera Software ASA.) [HKLM][64Bits] -- Opera 1.0.1040
O42 - Logiciel: Opera Stable 28.0.1750.40 - (.Opera Software ASA.) [HKLM][64Bits] -- Opera 28.0.1750.40
O42 - Logiciel: PackBarre - (.BPMconcept.) [HKLM][64Bits] -- {CDD9453E-67C2-40EC-B15B-137A9C8AD3C0} =>Adware.ADON
O42 - Logiciel: Photo Frame Studio - (.MOJOSOFT.) [HKLM][64Bits] -- Photo Frame Studio_is1
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
O42 - Logiciel: SNT - (.SNT.) [HKLM][64Bits] -- {C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
O42 - Logiciel: SkypEmoticons - (...) [HKLM][64Bits] -- SkypEmoticons_is1
O42 - Logiciel: Skype"! 6.14 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
O42 - Logiciel: Snagit 11 - (.TechSmith Corporation.) [HKLM][64Bits] -- {44BD21C2-9132-48DB-B65B-23817E4C6F4B}
O42 - Logiciel: Soul-Code - (.Legend Edition.) [HKCU][64Bits] -- b04e6fc329b9f61e
O42 - Logiciel: TechniSat DVB-PC TV Star - (.TechniSat.) [HKLM][64Bits] -- {D032A7F0-8B5C-4603-8B46-235025D5F9C1}
O42 - Logiciel: Thread Manager 2.4.0.0 - (.Digital Generation.) [HKLM][64Bits] -- {78F4E027-355C-45C0-90DC-F89DFC618761}_is1
O42 - Logiciel: Tickerbar 2.106 - (...) [HKLM][64Bits] -- Tickerbar
O42 - Logiciel: Tirocado M-B-v1.1 - (.Agia3D.) [HKLM][64Bits] -- {D49EAEA6-4B6A-47CA-858B-CCDD7E237D05}_is1
O42 - Logiciel: VLC media player 2.0.8 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM][64Bits] -- WinPcapInst
O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.YouTubeAdBlock
O42 - Logiciel: Zoner Photo Studio 16 - (.ZONER software.) [HKLM][64Bits] -- ZonerPhotoStudio16_EN_is1
O42 - Logiciel: dreamboxEDIT -- The one and only settings editor for your Dreambox - (...) [HKLM][64Bits] -- dreamboxEDIT
O42 - Logiciel: iExplorer 2.2.1.3 - (.Macroplant, LLC.) [HKLM][64Bits] -- {7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {93F2A022-6C37-48B8-B241-FFABD9F60C30}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: v1.1 - (.Agia3D.) [HKLM][64Bits] -- {271CDF83-32A7-46FE-BBEB-D39968298083}_is1
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
O42 - Logiciel: ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ - (...) [HKLM][64Bits] -- ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ
~ Logic: 78 Scanned in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]
[HKCU\Software\4shared]
[HKCU\Software\5a6dfdde568e844] =>Hijacker.Eazel
[HKCU\Software\ARHome] =>Trojan.Vonteera
[HKCU\Software\Absolute Futurity]
[HKCU\Software\Ada99]
[HKCU\Software\Adobe]
[HKCU\Software\App Lid-nv-ie] =>PUP.CrossRider
[HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\BackgroundContainer] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\ClixSense.com]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\RealNetworks]
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\toolbar]
[HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] =>Adware.Graftor
[HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}]
[HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[HKCU\Software\AppDataLow]
[HKCU\Software\AppLid]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Applications WinDev]
[HKCU\Software\Arcai.com]
[HKCU\Software\AutoShutdown]
[HKCU\Software\BI]
[HKCU\Software\BPMconcept]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
[HKCU\Software\Canneverbe Limited]
[HKCU\Software\CatalinaGroup]
[HKCU\Software\CeQuadrat]
[HKCU\Software\Chromium]
[HKCU\Software\Classes]
[HKCU\Software\Clem.Org]
[HKCU\Software\Clients]
[HKCU\Software\Commercial Research]
[HKCU\Software\ConduitOmaha]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Digital Photo Software]
[HKCU\Software\DreamMail2005]
[HKCU\Software\ESET]
[HKCU\Software\Elecard]
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\Facebook]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\FlashGet Network]
[HKCU\Software\Freemake]
[HKCU\Software\FullBarre]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GoforFiles] =>P2P.GoforFiles
[HKCU\Software\Goobzo] =>PUP.Goobzo
[HKCU\Software\Google]
[HKCU\Software\Grandsoft]
[HKCU\Software\Haali]
[HKCU\Software\IGagnant]
[HKCU\Software\IM Providers]
[HKCU\Software\Imobie]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\JKLNSoft]
[HKCU\Software\JavaSoft]
[HKCU\Software\LAV]
[HKCU\Software\Licenses]
[HKCU\Software\LlamaWare]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MCAFEE]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\MediaInfo]
[HKCU\Software\Mediachance]
[HKCU\Software\Michael Herf]
[HKCU\Software\Mixesoft]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera
[HKCU\Software\NoVooIT]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\Optimizer Pro] =>PUP.OptimizerPro
[HKCU\Software\Orange]
[HKCU\Software\PC SOFT]
[HKCU\Software\PHM-SYSTEM DEVELOPMENT]
[HKCU\Software\PHP Desktop]
[HKCU\Software\PerformerSoft LLC] =>PUP.PerformerSoft
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Popajar] =>Toolbar.Conduit
[HKCU\Software\RealNetworks]
[HKCU\Software\RegisteredApplicationsEx] =>PUP.SfKpCouponApp
[HKCU\Software\Salfeld]
[HKCU\Software\SensePlus-nv-ie] =>PUP.CrossRider
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SourceForge]
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider
[HKCU\Software\Tasksgr] =>Trojan.Tasksgr
[HKCU\Software\TechSmith]
[HKCU\Software\Trolltech]
[HKCU\Software\U]
[HKCU\Software\UpToDown] =>PUP.UpToDown
[HKCU\Software\V9]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera
[HKCU\Software\WebApp]
[HKCU\Software\WebPlayer]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\Xilisoft]
[HKCU\Software\Yahoo]
[HKCU\Software\ZONER]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\ched]
[HKCU\Software\dreamboxEDIT]
[HKCU\Software\drpsu]
[HKCU\Software\ecokey]
[HKCU\Software\globalUpdate] =>PUP.GlobalUpdate
[HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider
[HKCU\Software\mIRC]
[HKCU\Software\madFlac]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\AuthenificateWin32]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreCodec]
[HKLM\Software\DVB Support]
[HKLM\Software\FileZilla 3]
[HKLM\Software\GEAR Software]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Sonic]
[HKLM\Software\Stardvb]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node\"echo_installer"/n]
[HKLM\Software\Wow6432Node\64e0632d-912f-07ba-47ea-698ae24cbe93] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Absolute Futurity]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Apple Computer, Inc.]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Arcai]
[HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\CDDB]
[HKLM\Software\Wow6432Node\Canneverbe Limited]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\ClixSense.com]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\CoreCodec]
[HKLM\Software\Wow6432Node\Cygnus Solutions]
[HKLM\Software\Wow6432Node\DVBDream]
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Debug]
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\FileZilla 3]
[HKLM\Software\Wow6432Node\FlashGet Network]
[HKLM\Software\Wow6432Node\Freemake]
[HKLM\Software\Wow6432Node\GHC]
[HKLM\Software\Wow6432Node\GNU]
[HKLM\Software\Wow6432Node\Gabest]
[HKLM\Software\Wow6432Node\GoforFiles] =>P2P.GoforFiles
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\HaaliMkx]
[HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\IO3O]
[HKLM\Software\Wow6432Node\IObit]
[HKLM\Software\Wow6432Node\InstallShield]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\InterVideo]
[HKLM\Software\Wow6432Node\Internet Download Manager]
[HKLM\Software\Wow6432Node\JGsoft]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\KLCodecPack]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\LAV]
[HKLM\Software\Wow6432Node\LIRC]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\Ludosoft]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MainConcept]
[HKLM\Software\Wow6432Node\Mindscape]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\NetDragon]
[HKLM\Software\Wow6432Node\Netscape]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Opera Software]
[HKLM\Software\Wow6432Node\PicexaSvc]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\RealNetworks]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\RichFX]
[HKLM\Software\Wow6432Node\SNC]
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Senfer]
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Stardvb]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\TDS]
[HKLM\Software\Wow6432Node\TechSmith]
[HKLM\Software\Wow6432Node\TechniSat]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\Voice]
[HKLM\Software\Wow6432Node\WinPcap]
[HKLM\Software\Wow6432Node\Windows]
[HKLM\Software\Wow6432Node\Wondershare]
[HKLM\Software\Wow6432Node\Xing Technology Corp.]
[HKLM\Software\Wow6432Node\Yahoo]
[HKLM\Software\Wow6432Node\ZONER]
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Hijacker.DeltaHomes
[HKLM\Software\Wow6432Node\diamondata] =>Hijacker.Diamondata
[HKLM\Software\Wow6432Node\hdcode]
[HKLM\Software\Wow6432Node\istartsurfSoftware] =>PUP.Istart
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu
[HKLM\Software\Wow6432Node\tcpip32]
[HKLM\Software\Wow6432Node\tueagles]
[HKLM\Software\Wow6432Node\vPlug]
[HKLM\Software\Wow6432Node\winzipersvc] =>Adware.D365
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZONER]
~ Key Software: 434 Scanned in 00mn 00s

---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03/04/2015 - 12:52:56 - [0] ----D C:\Program Files (x86)\50CoouponS
O43 - CFD: 31/01/2015 - 19:26:50 - [0] ----D C:\Program Files (x86)\AAllCheApPricee =>PUP.AllCheapPrice
O43 - CFD: 10/10/2014 - 19:35:52 - [] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 28/11/2012 - 21:27:29 - [] ----D C:\Program Files (x86)\AF Uninstalls
O43 - CFD: 25/11/2012 - 23:37:48 - [] ----D C:\Program Files (x86)\AFins Email Notifier Demo
O43 - CFD: 28/03/2014 - 10:53:11 - [] ----D C:\Program Files (x86)\aljazeera news
O43 - CFD: 11/11/2013 - 23:15:27 - [] ----D C:\Program Files (x86)\Apple Software Update =>.Apple Inc
O43 - CFD: 29/06/2013 - 19:44:23 - [] ----D C:\Program Files (x86)\Athan
O43 - CFD: 08/08/2014 - 08:28:36 - [] ----D C:\Program Files (x86)\Batch Image Resizer
O43 - CFD: 09/08/2014 - 11:05:39 - [0] ----D C:\Program Files (x86)\BitSSAvver =>PUP.BitSaver
O43 - CFD: 11/11/2013 - 23:14:36 - [] ----D C:\Program Files (x86)\Bonjour
O43 - CFD: 03/01/2014 - 20:35:23 - [] ----D C:\Program Files (x86)\CDBurnerXP
O43 - CFD: 29/04/2015 - 12:43:36 - [] ----D C:\Program Files (x86)\CheaapMe =>PUP.CheapMe
O43 - CFD: 14/04/2014 - 22:23:21 - [0] ----D C:\Program Files (x86)\ChieAApMeE =>PUP.CheapMe
O43 - CFD: 14/11/2013 - 16:57:14 - [] ----D C:\Program Files (x86)\ClixSense.com
O43 - CFD: 23/05/2015 - 16:15:21 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 15/03/2013 - 21:15:12 - [] ----D C:\Program Files (x86)\CoreCodec
O43 - CFD: 27/04/2013 - 15:53:28 - [] ----D C:\Program Files (x86)\CVitaeV4
O43 - CFD: 08/04/2014 - 18:46:52 - [] ----D C:\Program Files (x86)\denouvel
O43 - CFD: 28/03/2014 - 10:57:08 - [0] ----D C:\Program Files (x86)\DiScooUnttExttensi =>PUP.DiscountExtens
O43 - CFD: 09/08/2014 - 11:06:05 - [0] ----D C:\Program Files (x86)\DowwnSSaive =>PUP.DownSave
O43 - CFD: 11/03/2014 - 22:00:22 - [] ----D C:\Program Files (x86)\dreamboxEDIT
O43 - CFD: 20/12/2013 - 18:26:06 - [] ----D C:\Program Files (x86)\DVBViewer TE2
O43 - CFD: 14/04/2014 - 22:23:34 - [0] ----D C:\Program Files (x86)\EENjoyCouponn =>PUP.EnjoyCoupon
O43 - CFD: 09/06/2015 - 10:04:55 - [] ----D C:\Program Files (x86)\Emoticon
O43 - CFD: 16/05/2015 - 11:24:14 - [] ----D C:\Program Files (x86)\FileZilla FTP Client
O43 - CFD: 16/07/2014 - 21:32:06 - [0] ----D C:\Program Files (x86)\FinDBoeesteDeal =>PUP.FindBestDeal
O43 - CFD: 14/11/2013 - 20:38:52 - [] ----D C:\Program Files (x86)\FlashGet Network
O43 - CFD: 23/05/2015 - 16:11:33 - [] ----D C:\Program Files (x86)\Freemake
O43 - CFD: 13/01/2015 - 17:23:26 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 28/03/2014 - 11:00:03 - [0] ----D C:\Program Files (x86)\GreattSave4U =>PUP.GreatSave4U
O43 - CFD: 06/04/2015 - 21:56:16 - [] ----D C:\Program Files (x86)\HTC Home 3
O43 - CFD: 14/09/2013 - 19:41:27 - [] ----D C:\Program Files (x86)\Idle Processor Utilization Services
O43 - CFD: 17/11/2013 - 22:32:41 - [] ----D C:\Program Files (x86)\iExplorer
O43 - CFD: 08/04/2014 - 18:44:46 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 23/07/2013 - 17:45:09 - [0] ----D C:\Program Files (x86)\Internet Download Manager
O43 - CFD: 14/05/2015 - 08:05:15 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 14/09/2013 - 20:03:14 - [] ----D C:\Program Files (x86)\IO3O LLC
O43 - CFD: 17/04/2015 - 14:51:04 - [] ----D C:\Program Files (x86)\IObit
O43 - CFD: 10/09/2013 - 11:03:25 - [0] ----D C:\Program Files (x86)\IslamicToolbar
O43 - CFD: 01/03/2015 - 23:41:10 - [] ----D C:\Program Files (x86)\iTunes
O43 - CFD: 21/06/2013 - 09:09:19 - [] ----D C:\Program Files (x86)\Java
O43 - CFD: 20/12/2013 - 17:34:04 - [] ----D C:\Program Files (x86)\JB ToolBox
O43 - CFD: 24/11/2012 - 16:51:47 - [] ----D C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 03/04/2015 - 13:12:06 - [] ----D C:\Program Files (x86)\LudoSoft
O43 - CFD: 09/11/2013 - 22:05:03 - [] ----D C:\Program Files (x86)\Magic Photo Editor
O43 - CFD: 16/07/2014 - 21:36:53 - [] ----D C:\Program Files (x86)\MainConcept
O43 - CFD: 24/11/2012 - 18:42:24 - [] ----D C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 24/11/2012 - 18:42:13 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 14/05/2015 - 07:46:04 - [] ----D C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 14/05/2015 - 08:06:42 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 26/11/2012 - 00:07:00 - [] ----D C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 26/11/2012 - 22:49:22 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 24/11/2012 - 18:43:27 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 26/11/2012 - 00:25:57 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 08/06/2013 - 23:42:40 - [] ----D C:\Program Files (x86)\MOJOSOFT
O43 - CFD: 24/11/2012 - 18:44:49 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 12/04/2015 - 03:01:59 - [0] ----D C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 29/06/2013 - 21:55:18 - [] ----D C:\Program Files (x86)\Muslim Bag
O43 - CFD: 29/11/2012 - 10:30:31 - [] ----D C:\Program Files (x86)\MyConnection PC Lite Edition
O43 - CFD: 27/04/2013 - 15:54:28 - [] ----D C:\Program Files (x86)\MyCurriculum 2011
O43 - CFD: 25/11/2012 - 23:28:01 - [] ----D C:\Program Files (x86)\NCH Software
O43 - CFD: 03/04/2015 - 13:05:57 - [] ----D C:\Program Files (x86)\Nero
O43 - CFD: 25/05/2013 - 12:44:09 - [] ----D C:\Program Files (x86)\netcut
O43 - CFD: 14/11/2013 - 21:30:26 - [] ----D C:\Program Files (x86)\NetDragon
O43 - CFD: 08/06/2015 - 07:00:37 - [] ----D C:\Program Files (x86)\New XCommander
O43 - CFD: 29/06/2013 - 22:03:43 - [] ----D C:\Program Files (x86)\Newcamd Mpcs Reader
O43 - CFD: 02/05/2015 - 09:29:13 - [0] ----D C:\Program Files (x86)\NExtCoupp =>PUP.NextCoup
O43 - CFD: 15/04/2013 - 06:35:55 - [] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 09/06/2015 - 10:09:35 - [] ----D C:\Program Files (x86)\Opera
O43 - CFD: 01/08/2014 - 14:05:59 - [] ----D C:\Program Files (x86)\Opera Mail
O43 - CFD: 09/06/2015 - 17:32:00 - [] ----D C:\Program Files (x86)\PackBarre =>Adware.ADON
O43 - CFD: 23/05/2015 - 16:14:10 - [] ----D C:\Program Files (x86)\Picon_Manager
O43 - CFD: 21/12/2014 - 10:26:09 - [] ----D C:\Program Files (x86)\priceChoep =>PUP.PriceChop
O43 - CFD: 09/08/2014 - 11:08:08 - [0] ----D C:\Program Files (x86)\pricechoPP =>PUP.PriceChop
O43 - CFD: 10/05/2013 - 11:41:52 - [] ----D C:\Program Files (x86)\ProgDVB
O43 - CFD: 26/10/2014 - 23:33:37 - [] ----D C:\Program Files (x86)\QuickTime
O43 - CFD: 23/05/2015 - 16:16:18 - [] ----D C:\Program Files (x86)\Real
O43 - CFD: 10/12/2014 - 07:31:47 - [] ----D C:\Program Files (x86)\RealNetworks
O43 - CFD: 14/07/2009 - 06:32:38 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 08/06/2015 - 07:00:14 - [] ----D C:\Program Files (x86)\RieGhttOFferApp
O43 - CFD: 28/03/2014 - 11:07:00 - [] ----D C:\Program Files (x86)\Ringtone Expressions
O43 - CFD: 17/07/2014 - 23:02:44 - [0] ----D C:\Program Files (x86)\RRoboSavEr =>PUP.RoboSaver
O43 - CFD: 17/07/2014 - 23:03:40 - [0] ----D C:\Program Files (x86)\saafieweb =>PUP.SafeWeb
O43 - CFD: 07/06/2015 - 19:42:27 - [] ----D C:\Program Files (x86)\SaleuPPLuus =>PUP.SalePlus
O43 - CFD: 25/11/2012 - 23:20:39 - [] ----D C:\Program Files (x86)\Scorpio Software
O43 - CFD: 28/03/2014 - 11:08:26 - [] ----D C:\Program Files (x86)\SimpleTV
O43 - CFD: 04/04/2014 - 13:11:20 - [] R---D C:\Program Files (x86)\Skype
O43 - CFD: 03/04/2015 - 19:24:12 - [0] ----D C:\Program Files (x86)\Swift Record =>PUP.SwiftRecord
O43 - CFD: 20/12/2013 - 18:26:28 - [] ----D C:\Program Files (x86)\TechniSat DVB
O43 - CFD: 29/05/2013 - 19:17:07 - [] ----D C:\Program Files (x86)\TechSmith
O43 - CFD: 08/06/2015 - 07:02:17 - [0] ----D C:\Program Files (x86)\TerminusSys =>Adware.TerminusSys
O43 - CFD: 28/07/2013 - 18:11:52 - [] ----D C:\Program Files (x86)\Thread Manager
O43 - CFD: 29/10/2013 - 06:37:05 - [] ----D C:\Program Files (x86)\Tickerbar
O43 - CFD: 14/07/2009 - 05:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 28/03/2014 - 11:09:19 - [] ----D C:\Program Files (x86)\UniverseBarre
O43 - CFD: 24/11/2012 - 16:53:03 - [] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 12/07/2013 - 03:23:30 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 26/11/2012 - 22:49:17 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 12/03/2015 - 08:35:48 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 06:32:38 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 22/06/2013 - 16:16:08 - [] ----D C:\Program Files (x86)\Wondershare
O43 - CFD: 20/05/2015 - 16:18:05 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 23/05/2015 - 16:19:16 - [] ----D C:\Program Files (x86)\Yahoo!
O43 - CFD: 14/03/2015 - 21:33:50 - [] ----D C:\Program Files (x86)\YoutubeAdblocker =>PUP.YouTubeAdBlock
O43 - CFD: 28/03/2014 - 11:21:43 - [0] ----D C:\Program Files (x86)\YTNoAds
O43 - CFD: 28/03/2014 - 11:21:49 - [] ----D C:\Program Files (x86)\Z-Barre.com
O43 - CFD: 09/06/2015 - 21:31:28 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 29/11/2012 - 10:30:04 - [] ----D C:\Program Files (x86)\Zilla Popup Killer
O43 - CFD: 10/10/2014 - 19:36:31 - [] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 08/05/2015 - 20:52:31 - [] ----D C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 14/12/2013 - 16:31:53 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 07/06/2013 - 20:28:18 - [] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 12/01/2013 - 00:44:01 - [] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 03/04/2015 - 13:06:52 - [] ----D C:\Program Files (x86)\Common Files\Nero
O43 - CFD: 14/11/2013 - 21:31:40 - [] ----D C:\Program Files (x86)\Common Files\NetDragon
O43 - CFD: 14/07/2009 - 04:20:08 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 04/04/2014 - 13:11:19 - [] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:20:08 - [] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 21/03/2013 - 07:00:55 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 06/07/2013 - 12:13:51 - [] --H-D C:\Program Files (x86)\Common Files\System Shared
O43 - CFD: 24/11/2012 - 16:54:34 - [] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 22/06/2013 - 16:16:41 - [] ----D C:\Program Files (x86)\Common Files\Wondershare
O43 - CFD: 08/06/2015 - 07:00:46 - [] ----D C:\ProgramData\15147331834758840655
O43 - CFD: 26/10/2014 - 23:24:48 - [] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 17/07/2014 - 12:05:25 - [0] ----D C:\ProgramData\50CoouponS
O43 - CFD: 27/05/2015 - 09:46:52 - [0] ----D C:\ProgramData\5c567128000070ca
O43 - CFD: 17/05/2015 - 07:06:48 - [0] ----D C:\ProgramData\8a07a392000050d8
O43 - CFD: 15/11/2013 - 09:50:16 - [] ----D C:\ProgramData\91 Harbor
O43 - CFD: 15/11/2013 - 21:52:04 - [] ----D C:\ProgramData\91 PC Suite
O43 - CFD: 17/07/2014 - 12:05:25 - [0] ----D C:\ProgramData\AAllCheApPricee =>PUP.AllCheapPrice
O43 - CFD: 10/10/2014 - 19:35:54 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 22/06/2014 - 19:05:49 - [] ----D C:\ProgramData\AnyAppSnow
O43 - CFD: 26/01/2014 - 22:03:40 - [] ----D C:\ProgramData\Apple
O43 - CFD: 11/11/2013 - 23:16:58 - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 07/05/2015 - 21:41:12 - [0] ----D C:\ProgramData\b2d24bfc0000562c
O43 - CFD: 10/01/2013 - 14:38:55 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 09/08/2014 - 11:09:51 - [0] ----D C:\ProgramData\BitSSAvver =>PUP.BitSaver
O43 - CFD: 07/05/2015 - 19:58:55 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 08/08/2014 - 00:04:03 - [] ----D C:\ProgramData\Browser AdBlocker =>PUP.Adblocker
O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Bureau
O43 - CFD: 03/01/2014 - 20:35:36 - [] ----D C:\ProgramData\Canneverbe Limited
O43 - CFD: 12/05/2013 - 17:54:05 - [] ----D C:\ProgramData\ccontiNuetooSave =>PUP.ContinueToSave
O43 - CFD: 31/01/2014 - 16:21:57 - [] ----D C:\ProgramData\cfenckmbabchighkkchpmcopgfaapkhc
O43 - CFD: 15/04/2014 - 09:11:07 - [0] ----D C:\ProgramData\ChieAApMeE =>PUP.CheapMe
O43 - CFD: 09/08/2013 - 17:12:09 - [] ----D C:\ProgramData\CHL Pack
O43 - CFD: 17/05/2013 - 15:37:38 - [] ----D C:\ProgramData\cioonteinuEitossave =>PUP.ContinueToSave
O43 - CFD: 27/04/2013 - 19:42:30 - [] ----D C:\ProgramData\CMUV
O43 - CFD: 23/03/2015 - 06:58:53 - [] ----D C:\ProgramData\coiNttinueetosavoe =>PUP.ContinueToSave
O43 - CFD: 10/09/2013 - 21:18:07 - [] ----D C:\ProgramData\continuuetosave =>PUP.ContinueToSave
O43 - CFD: 12/05/2013 - 17:54:04 - [] ----D C:\ProgramData\coonytiynnueotiosave =>PUP.ContinueToSave
O43 - CFD: 02/05/2015 - 09:29:14 - [] ----D C:\ProgramData\d236220cb9c4414f
O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\DiOwNaload keePer =>PUP.DownloadKeeper
O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\DiScooUnttExttensi =>PUP.DiscountExtens
O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 09/08/2014 - 11:09:51 - [0] ----D C:\ProgramData\DowwnSSaive =>PUP.DownSave
O43 - CFD: 12/04/2015 - 22:27:01 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 15/04/2014 - 09:11:07 - [0] ----D C:\ProgramData\EENjoyCouponn =>PUP.EnjoyCoupon
O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 21/04/2015 - 19:02:01 - [] ----D C:\ProgramData\fdhpfmbobmaggchffccdegacapdbefhd
O43 - CFD: 17/07/2014 - 12:05:26 - [0] ----D C:\ProgramData\FinDBoeesteDeal =>PUP.FindBestDeal
O43 - CFD: 23/05/2015 - 16:11:47 - [0] ----D C:\ProgramData\Freemake
O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\GreattSave4U =>PUP.GreatSave4U
O43 - CFD: 30/12/2013 - 08:14:01 - [] ----D C:\ProgramData\hpdalpgmekpafmfdnmjaabjffgnaocln
O43 - CFD: 08/08/2014 - 12:55:31 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 31/01/2015 - 14:50:39 - [] ----D C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
O43 - CFD: 22/06/2014 - 19:05:48 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 17/04/2015 - 14:52:59 - [] ----D C:\ProgramData\IObit
O43 - CFD: 03/01/2014 - 14:08:06 - [] ----D C:\ProgramData\Logs
O43 - CFD: 08/07/2013 - 10:00:58 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Menu Démarrer
O43 - CFD: 08/08/2013 - 17:57:30 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 14/05/2015 - 07:49:26 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 26/11/2012 - 00:06:32 - [] ----D C:\ProgramData\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Modèles
O43 - CFD: 25/11/2012 - 19:30:57 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 25/11/2012 - 23:27:47 - [] ----D C:\ProgramData\NCH Software
O43 - CFD: 03/04/2015 - 13:04:31 - [] ----D C:\ProgramData\Nero
O43 - CFD: 02/05/2015 - 09:31:26 - [0] ----D C:\ProgramData\NExtCoupp =>PUP.NextCoup
O43 - CFD: 02/02/2015 - 06:58:26 - [] ----D C:\ProgramData\Norton
O43 - CFD: 01/02/2015 - 20:02:58 - [] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 09/06/2015 - 10:04:12 - [] ----D C:\ProgramData\NVIDIA
O43 - CFD: 30/11/2012 - 10:57:26 - [] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 14/11/2013 - 22:15:53 - [0] ----D C:\ProgramData\PC SUITE
O43 - CFD: 08/08/2014 - 12:18:44 - [] ----D C:\ProgramData\priceChoep =>PUP.PriceChop
O43 - CFD: 09/08/2014 - 11:09:52 - [0] ----D C:\ProgramData\pricechoPP =>PUP.PriceChop
O43 - CFD: 02/05/2015 - 08:39:22 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 10/05/2013 - 11:41:54 - [] ----D C:\ProgramData\ProgDVB
O43 - CFD: 29/03/2014 - 12:37:11 - [] ----D C:\ProgramData\Puresafe
O43 - CFD: 24/05/2015 - 07:06:11 - [] ----D C:\ProgramData\Real
O43 - CFD: 24/05/2015 - 07:06:22 - [] ----D C:\ProgramData\RealNetworks
O43 - CFD: 17/07/2014 - 23:04:59 - [0] ----D C:\ProgramData\RRoboSavEr =>PUP.RoboSaver
O43 - CFD: 17/07/2014 - 23:04:59 - [0] ----D C:\ProgramData\saafieweb =>PUP.SafeWeb
O43 - CFD: 23/03/2015 - 06:58:53 - [] ----D C:\ProgramData\safe save =>Adware.SafeSave
O43 - CFD: 28/03/2014 - 10:53:40 - [0] ----D C:\ProgramData\Screentime
O43 - CFD: 03/10/2013 - 06:55:19 - [0] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
O43 - CFD: 04/04/2014 - 13:11:13 - [] ----D C:\ProgramData\Skype
O43 - CFD: 29/03/2014 - 12:22:27 - [] ----D C:\ProgramData\SNT
O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 02/10/2013 - 18:17:11 - [] ----D C:\ProgramData\SummerSoft
O43 - CFD: 24/11/2012 - 16:51:22 - [] ----D C:\ProgramData\Sun
O43 - CFD: 12/07/2013 - 11:20:12 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 24/11/2012 - 18:25:37 - [] ----D C:\ProgramData\Technisat
O43 - CFD: 29/05/2013 - 19:17:09 - [] ----D C:\ProgramData\TechSmith
O43 - CFD: 31/03/2015 - 23:04:03 - [] ---AD C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 20/12/2013 - 18:14:14 - [] ----D C:\ProgramData\Windows Genuine Advantage
O43 - CFD: 20/05/2015 - 16:16:50 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 15/11/2013 - 21:45:31 - [] ----D C:\ProgramData\WindSolutions
O43 - CFD: 22/06/2013 - 16:20:07 - [] ----D C:\ProgramData\Wondershare
O43 - CFD: 29/03/2014 - 12:20:14 - [] ----D C:\ProgramData\YoutubeAdblocker =>PUP.YouTubeAdBlock
O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\YTNoAds
O43 - CFD: 09/11/2013 - 18:45:18 - [] ----D C:\ProgramData\Zoner
O43 - CFD: 08/06/2015 - 12:57:02 - [] ----D C:\ProgramData\{4b259ba2-b120-af84-4b25-59ba2b126e8a}
O43 - CFD: 08/06/2015 - 06:57:44 - [] ----D C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}
O43 - CFD: 01/01/2008 - 03:02:10 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 21/03/2013 - 07:05:09 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 10/05/2013 - 13:08:09 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AltDVB Sat4all Edition
O43 - CFD: 25/05/2013 - 12:44:09 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
O43 - CFD: 29/06/2013 - 19:43:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan
O43 - CFD: 28/11/2012 - 22:47:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre_Big_PTP
O43 - CFD: 08/08/2014 - 08:28:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batch Image Resizer
O43 - CFD: 29/11/2012 - 11:51:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CashBarre
O43 - CFD: 25/11/2012 - 19:24:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 10/05/2013 - 13:11:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ccontiNuetooSave
O43 - CFD: 16/05/2013 - 20:27:31 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cioonteinuEitossave
O43 - CFD: 10/05/2013 - 12:20:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coonytiynnueotiosave
O43 - CFD: 15/03/2013 - 21:15:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec
O43 - CFD: 08/04/2014 - 18:47:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\denouvel
O43 - CFD: 28/11/2012 - 19:25:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamMail
O43 - CFD: 17/10/2014 - 16:55:47 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream
O43 - CFD: 09/08/2013 - 17:29:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream 2.4B AHMAD Edition R5
O43 - CFD: 16/05/2013 - 20:17:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream by DDv122 & ABDULLL & EnDi
O43 - CFD: 16/05/2013 - 21:52:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB DREAM STAR7ARAB EDITION
O43 - CFD: 05/04/2014 - 17:24:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream version 2.5 Ahmad & Takki R1
O43 - CFD: 20/12/2013 - 18:26:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2
O43 - CFD: 06/05/2013 - 19:51:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro-Happy
O43 - CFD: 05/01/2015 - 19:57:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtraBarre
O43 - CFD: 23/05/2015 - 12:30:56 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
O43 - CFD: 16/05/2015 - 11:24:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
O43 - CFD: 14/11/2013 - 20:39:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
O43 - CFD: 01/01/2008 - 03:02:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 07/06/2013 - 10:41:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 15/03/2013 - 21:15:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
O43 - CFD: 17/11/2013 - 22:32:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
O43 - CFD: 12/04/2015 - 22:27:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
O43 - CFD: 20/12/2013 - 17:34:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JB ToolBox
O43 - CFD: 24/11/2012 - 16:51:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
O43 - CFD: 29/09/2013 - 22:07:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\laboitakados
O43 - CFD: 09/11/2013 - 22:05:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Photo Editor
O43 - CFD: 14/07/2009 - 05:57:09 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 24/11/2012 - 18:45:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 14/05/2015 - 07:19:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 27/04/2013 - 15:54:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCurriculum 2011
O43 - CFD: 03/04/2015 - 13:06:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
O43 - CFD: 30/11/2012 - 11:28:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
O43 - CFD: 26/10/2014 - 23:33:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
O43 - CFD: 23/05/2015 - 16:16:29 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
O43 - CFD: 24/11/2012 - 18:45:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
O43 - CFD: 04/04/2014 - 13:11:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 29/03/2014 - 12:22:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
O43 - CFD: 28/11/2012 - 21:27:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedTestPro =>Adware.ScriptHost
O43 - CFD: 26/01/2015 - 20:06:05 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 14/07/2009 - 16:35:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 20/12/2013 - 18:26:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechniSat DVB
O43 - CFD: 29/05/2013 - 19:17:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
O43 - CFD: 28/07/2013 - 18:11:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thread Manager
O43 - CFD: 28/11/2012 - 22:51:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tickerbar
O43 - CFD: 14/01/2013 - 21:24:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tirocado
O43 - CFD: 22/08/2013 - 14:06:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 26/11/2012 - 22:49:43 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
O43 - CFD: 25/05/2013 - 12:44:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
O43 - CFD: 24/11/2012 - 16:46:59 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 09/06/2015 - 21:31:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 09/11/2013 - 18:45:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16
O43 - CFD: 26/11/2012 - 12:58:46 - [] ----D C:\Users\RCZ\AppData\Roaming\Adobe
O43 - CFD: 08/05/2015 - 20:52:32 - [] ----D C:\Users\RCZ\AppData\Roaming\Apple Computer
O43 - CFD: 20/05/2015 - 16:17:05 - [] ----D C:\Users\RCZ\AppData\Roaming\ARHome =>Trojan.Vonteera
O43 - CFD: 09/06/2015 - 17:28:39 - [] ----D C:\Users\RCZ\AppData\Roaming\BITS
O43 - CFD: 03/01/2014 - 20:35:36 - [] ----D C:\Users\RCZ\AppData\Roaming\Canneverbe Limited
O43 - CFD: 17/01/2015 - 09:58:39 - [] ----D C:\Users\RCZ\AppData\Roaming\CoinMiner
O43 - CFD: 15/08/2013 - 16:03:43 - [] ----D C:\Users\RCZ\AppData\Roaming\Cropper
O43 - CFD: 27/04/2013 - 19:36:00 - [] ----D C:\Users\RCZ\AppData\Roaming\CVitae
O43 - CFD: 07/07/2013 - 20:17:15 - [] ----D C:\Users\RCZ\AppData\Roaming\DG
O43 - CFD: 24/11/2012 - 20:06:24 - [0] ----D C:\Users\RCZ\AppData\Roaming\DMCache
O43 - CFD: 28/03/2014 - 10:57:27 - [0] ----D C:\Users\RCZ\AppData\Roaming\DRPSu
O43 - CFD: 02/10/2013 - 18:25:49 - [] ----D C:\Users\RCZ\AppData\Roaming\dvdcss
O43 - CFD: 22/06/2014 - 19:06:36 - [] ----D C:\Users\RCZ\AppData\Roaming\EZDownloader
O43 - CFD: 16/05/2015 - 11:27:38 - [] ----D C:\Users\RCZ\AppData\Roaming\FileZilla
O43 - CFD: 18/11/2013 - 22:20:48 - [] ----D C:\Users\RCZ\AppData\Roaming\FlashGet
O43 - CFD: 14/11/2013 - 20:38:58 - [] ----D C:\Users\RCZ\AppData\Roaming\FlashGetBHO
O43 - CFD: 14/11/2013 - 20:39:04 - [0] ----D C:\Users\RCZ\AppData\Roaming\FlashgetSetup
O43 - CFD: 24/11/2012 - 16:27:17 - [] ----D C:\Users\RCZ\AppData\Roaming\Identities
O43 - CFD: 14/09/2013 - 19:41:18 - [] ----D C:\Users\RCZ\AppData\Roaming\Idle Processor Utilization Services
O43 - CFD: 16/11/2013 - 13:33:01 - [] ----D C:\Users\RCZ\AppData\Roaming\iMobie
O43 - CFD: 17/04/2015 - 14:51:48 - [] ----D C:\Users\RCZ\AppData\Roaming\IObit
O43 - CFD: 14/09/2013 - 20:03:00 - [] ----D C:\Users\RCZ\AppData\Roaming\Java
O43 - CFD: 24/11/2012 - 18:16:43 - [] ----D C:\Users\RCZ\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 16:35:02 - [0] ----D C:\Users\RCZ\AppData\Roaming\Media Center Programs
O43 - CFD: 20/12/2013 - 18:38:01 - [0] ----D C:\Users\RCZ\AppData\Roaming\Media Player Classic
O43 - CFD: 02/05/2014 - 22:59:35 - [] -S--D C:\Users\RCZ\AppData\Roaming\Microsoft
O43 - CFD: 08/05/2013 - 19:20:50 - [] ----D C:\Users\RCZ\AppData\Roaming\Million
O43 - CFD: 02/06/2013 - 22:11:32 - [] ----D C:\Users\RCZ\AppData\Roaming\mIRC
O43 - CFD: 08/06/2013 - 23:42:40 - [] ----D C:\Users\RCZ\AppData\Roaming\mojosoft
O43 - CFD: 31/08/2013 - 17:35:46 - [] ----D C:\Users\RCZ\AppData\Roaming\Mozilla
O43 - CFD: 31/01/2015 - 18:18:34 - [] ----D C:\Users\RCZ\AppData\Roaming\mystartsearch =>PUP.StartSearch
O43 - CFD: 03/04/2015 - 13:07:59 - [] ----D C:\Users\RCZ\AppData\Roaming\Nero
O43 - CFD: 22/11/2013 - 18:44:25 - [] ----D C:\Users\RCZ\AppData\Roaming\NVIDIA
O43 - CFD: 01/08/2014 - 14:06:00 - [] ----D C:\Users\RCZ\AppData\Roaming\Opera Mail
O43 - CFD: 02/01/2015 - 16:29:36 - [] ----D C:\Users\RCZ\AppData\Roaming\Opera Software
O43 - CFD: 17/04/2015 - 14:53:04 - [] ----D C:\Users\RCZ\AppData\Roaming\ProductData
O43 - CFD: 23/05/2015 - 16:15:02 - [] ----D C:\Users\RCZ\AppData\Roaming\Real
O43 - CFD: 24/05/2015 - 07:06:11 - [] ----D C:\Users\RCZ\AppData\Roaming\RealNetworks
O43 - CFD: 28/03/2014 - 11:07:00 - [] ----D C:\Users\RCZ\AppData\Roaming\Ringtone Expressions
O43 - CFD: 05/07/2013 - 16:42:55 - [] ----D C:\Users\RCZ\AppData\Roaming\Salfeld
O43 - CFD: 15/09/2013 - 13:19:40 - [] ----D C:\Users\RCZ\AppData\Roaming\SimpleTV V03
O43 - CFD: 18/11/2014 - 22:40:59 - [] ----D C:\Users\RCZ\AppData\Roaming\Skype
O43 - CFD: 23/07/2013 - 17:48:14 - [] ----D C:\Users\RCZ\AppData\Roaming\SmileysWeLove =>Adware.SmileyBar
O43 - CFD: 09/08/2014 - 15:02:07 - [] ----D C:\Users\RCZ\AppData\Roaming\uTorrent =>P2P.µTorrent
O43 - CFD: 22/05/2015 - 13:34:23 - [] ----D C:\Users\RCZ\AppData\Roaming\vlc
O43 - CFD: 20/05/2015 - 16:17:07 - [] ----D C:\Users\RCZ\AppData\Roaming\VolIE =>Trojan.Vonteera
O43 - CFD: 30/08/2013 - 12:00:05 - [] ----D C:\Users\RCZ\AppData\Roaming\Windows Live Writer
O43 - CFD: 15/11/2013 - 21:48:32 - [] ----D C:\Users\RCZ\AppData\Roaming\WindSolutions
O43 - CFD: 24/11/2012 - 19:45:07 - [] ----D C:\Users\RCZ\AppData\Roaming\WinRAR
O43 - CFD: 31/01/2015 - 14:55:29 - [0] ----D C:\Users\RCZ\AppData\Roaming\WinZipper
O43 - CFD: 22/11/2013 - 18:44:15 - [] ----D C:\Users\RCZ\AppData\Roaming\Xilisoft
O43 - CFD: 09/06/2015 - 21:35:09 - [] ----D C:\Users\RCZ\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 09/11/2013 - 18:45:33 - [] ----D C:\Users\RCZ\AppData\Roaming\Zoner
O43 - CFD: 16/05/2015 - 10:10:05 - [] ----D C:\Users\RCZ\AppData\Local\Adobe
O43 - CFD: 14/01/2014 - 14:12:28 - [] ----D C:\Users\RCZ\AppData\Local\Apple
O43 - CFD: 10/01/2014 - 11:11:18 - [] ----D C:\Users\RCZ\AppData\Local\Apple Computer
O43 - CFD: 24/11/2012 - 16:27:05 - [] -SH-D C:\Users\RCZ\AppData\Local\Application Data
O43 - CFD: 09/11/2013 - 20:13:35 - [] ----D C:\Users\RCZ\AppData\Local\Apps
O43 - CFD: 31/03/2015 - 23:19:12 - [] ----D C:\Users\RCZ\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider
O43 - CFD: 29/05/2013 - 19:17:48 - [] ----D C:\Users\RCZ\AppData\Local\assembly
O43 - CFD: 14/01/2014 - 11:57:51 - [0] ----D C:\Users\RCZ\AppData\Local\Axialis
O43 - CFD: 16/04/2013 - 22:23:06 - [] ----D C:\Users\RCZ\AppData\Local\B1E
O43 - CFD: 29/11/2012 - 10:32:33 - [] ----D C:\Users\RCZ\AppData\Local\BPMconcept
O43 - CFD: 24/02/2013 - 06:14:48 - [0] ----D C:\Users\RCZ\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
O43 - CFD: 29/03/2014 - 12:46:42 - [] ----D C:\Users\RCZ\AppData\Local\by_ZebraDem
O43 - CFD: 22/08/2014 - 20:44:19 - [] ----D C:\Users\RCZ\AppData\Local\CatalinaGroup
O43 - CFD: 08/08/2014 - 12:18:24 - [] ----D C:\Users\RCZ\AppData\Local\Chromatic Browser =>PUP.Chromatic
O43 - CFD: 29/03/2014 - 12:19:47 - [] ----D C:\Users\RCZ\AppData\Local\Comodo
O43 - CFD: 08/08/2014 - 13:30:03 - [] ----D C:\Users\RCZ\AppData\Local\Conduit
O43 - CFD: 09/06/2015 - 20:27:34 - [] ----D C:\Users\RCZ\AppData\Local\CrashDumps
O43 - CFD: 31/01/2015 - 14:48:36 - [] ----D C:\Users\RCZ\AppData\Local\CrashRpt
O43 - CFD: 29/11/2012 - 12:53:06 - [] ----D C:\Users\RCZ\AppData\Local\CRE
O43 - CFD: 09/06/2015 - 17:28:48 - [0] ----D C:\Users\RCZ\AppData\Local\Deployment
O43 - CFD: 26/12/2012 - 15:58:49 - [0] ----D C:\Users\RCZ\AppData\Local\Diagnostics
O43 - CFD: 03/05/2015 - 12:59:09 - [0] ----D C:\Users\RCZ\AppData\Local\ElevatedDiagnostics
O43 - CFD: 18/11/2014 - 20:07:04 - [] -SH-D C:\Users\RCZ\AppData\Local\EmieBrowserModeList
O43 - CFD: 25/04/2014 - 19:49:33 - [] -SH-D C:\Users\RCZ\AppData\Local\EmieSiteList
O43 - CFD: 25/04/2014 - 19:49:33 - [] -SH-D C:\Users\RCZ\AppData\Local\EmieUserList
O43 - CFD: 08/12/2013 - 19:09:02 - [] ----D C:\Users\RCZ\AppData\Local\Facebook
O43 - CFD: 07/08/2014 - 21:26:02 - [] ----D C:\Users\RCZ\AppData\Local\globalUpdate =>PUP.GlobalUpdate
O43 - CFD: 29/03/2014 - 12:19:47 - [] ----D C:\Users\RCZ\AppData\Local\Google
O43 - CFD: 24/04/2015 - 16:55:52 - [] ----D C:\Users\RCZ\AppData\Local\Grandsoft
O43 - CFD: 24/11/2012 - 16:27:05 - [] -SH-D C:\Users\RCZ\AppData\Local\Historique
O43 - CFD: 16/11/2013 - 13:32:56 - [] ----D C:\Users\RCZ\AppData\Local\iMobie_Inc
O43 - CFD: 31/03/2015 - 22:57:31 - [] ----D C:\Users\RCZ\AppData\Local\Installer
O43 - CFD: 14/01/2014 - 00:09:01 - [] ----D C:\Users\RCZ\AppData\Local\iSpirit
O43 - CFD: 25/11/2012 - 19:22:22 - [] ----D C:\Users\RCZ\AppData\Local\Macromedia
O43 - CFD: 02/05/2014 - 22:59:11 - [] ----D C:\Users\RCZ\AppData\Local\Microsoft
O43 - CFD: 22/02/2015 - 13:52:03 - [] ----D C:\Users\RCZ\AppData\Local\Microsoft Games
O43 - CFD: 24/11/2012 - 16:41:13 - [0] ----D C:\Users\RCZ\AppData\Local\Microsoft Help
O43 - CFD: 01/10/2013 - 07:20:14 - [] ----D C:\Users\RCZ\AppData\Local\Mozilla
O43 - CFD: 14/01/2014 - 13:01:35 - [] ----D C:\Users\RCZ\AppData\Local\Nero
O43 - CFD: 09/11/2013 - 20:20:45 - [] ----D C:\Users\RCZ\AppData\Local\Nero_AG
O43 - CFD: 14/11/2013 - 22:18:04 - [] ----D C:\Users\RCZ\AppData\Local\NetDragon
O43 - CFD: 01/08/2014 - 14:06:01 - [] ----D C:\Users\RCZ\AppData\Local\Opera Mail
O43 - CFD: 02/01/2015 - 16:29:38 - [] ----D C:\Users\RCZ\AppData\Local\Opera Software
O43 - CFD: 31/01/2014 - 16:22:11 - [] ----D C:\Users\RCZ\AppData\Local\Packages
O43 - CFD: 01/01/2015 - 10:52:05 - [0] ----D C:\Users\RCZ\AppData\Local\pangu
O43 - CFD: 16/05/2013 - 19:58:13 - [] ----D C:\Users\RCZ\AppData\Local\Programs
O43 - CFD: 24/08/2013 - 07:28:09 - [] ----D C:\Users\RCZ\AppData\Local\Rapider
O43 - CFD: 14/01/2014 - 12:07:11 - [] ----D C:\Users\RCZ\AppData\Local\Screentime
O43 - CFD: 04/04/2014 - 13:11:36 - [] ----D C:\Users\RCZ\AppData\Local\Skype
O43 - CFD: 07/11/2014 - 11:50:38 - [] ----D C:\Users\RCZ\AppData\Local\TB
O43 - CFD: 29/05/2013 - 19:17:07 - [] ----D C:\Users\RCZ\AppData\Local\TechSmith
O43 - CFD: 09/06/2015 - 21:34:58 - [] ----D C:\Users\RCZ\AppData\Local\Temp
O43 - CFD: 24/11/2012 - 16:27:05 - [] -SH-D C:\Users\RCZ\AppData\Local\Temporary Internet Files
O43 - CFD: 29/11/2012 - 12:02:28 - [] ----D C:\Users\RCZ\AppData\Local\TenDollars2Surf.com
O43 - CFD: 26/09/2014 - 19:34:36 - [] ----D C:\Users\RCZ\AppData\Local\Thinstall
O43 - CFD: 29/03/2014 - 12:19:47 - [] ----D C:\Users\RCZ\AppData\Local\Torch =>PUP.Torch
O43 - CFD: 25/11/2012 - 23:21:32 - [] ----D C:\Users\RCZ\AppData\Local\VirtualStore
O43 - CFD: 31/03/2015 - 23:19:09 - [] ----D C:\Users\RCZ\AppData\Local\WebPlayer
O43 - CFD: 15/09/2014 - 12:41:21 - [] ----D C:\Users\RCZ\AppData\Local\Windows Live
O43 - CFD: 26/11/2012 - 23:08:13 - [] ----D C:\Users\RCZ\AppData\Local\Windows Live Writer
O43 - CFD: 15/09/2013 - 10:41:39 - [] ----D C:\Users\RCZ\AppData\Local\Windows_Development_Inc
O43 - CFD: 16/02/2014 - 20:27:25 - [] ----D C:\Users\RCZ\AppData\Local\Wiwild
O43 - CFD: 22/06/2013 - 16:16:43 - [] ----D C:\Users\RCZ\AppData\Local\Wondershare
O43 - CFD: 09/11/2013 - 18:45:49 - [] ----D C:\Users\RCZ\AppData\Local\Zoner
O43 - CFD: 14/07/2009 - 05:54:32 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 12/03/2015 - 08:41:18 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 31/03/2015 - 23:19:12 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider
O43 - CFD: 08/08/2014 - 15:12:08 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio
O43 - CFD: 27/04/2013 - 15:53:33 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CVitaeV4
O43 - CFD: 11/03/2014 - 22:00:23 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT
O43 - CFD: 07/10/2013 - 18:59:42 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emoticon
O43 - CFD: 14/11/2013 - 20:39:04 - [0] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
O43 - CFD: 25/03/2014 - 14:15:55 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
O43 - CFD: 14/12/2013 - 16:31:36 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 21/12/2012 - 18:41:30 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaBoitaKadosBarre (www.laboitakados.com)
O43 - CFD: 28/03/2014 - 10:55:25 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legend Edition
O43 - CFD: 14/07/2009 - 05:49:38 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 29/06/2013 - 21:55:19 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muslim Bag
O43 - CFD: 09/06/2015 - 17:32:01 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre =>Adware.ADON
O43 - CFD: 08/06/2013 - 23:43:19 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Frame Studio
O43 - CFD: 21/04/2015 - 18:58:58 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 28/11/2012 - 22:51:24 - [0] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tickerbar
O43 - CFD: 24/11/2012 - 16:46:59 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 08/06/2013 - 21:36:28 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ
~ 1 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 420 Scanned in 00mn 03s

---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.B862256A8617108CD67ACE2D22AF6D2D] - 09/06/2015 - 10:04:15 ---A- . (...) -- C:\Windows\setupact.log [2338]
O44 - LFC:[MD5.D8260B5DA72FEC3142966E662F7A572D] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1672934]
O44 - LFC:[MD5.0A62036ACA2031015A449E0FB8F106F2] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfc009.dat [122274]
O44 - LFC:[MD5.D0A6E25EE5C97877839D5AB414B8709F] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [149434]
O44 - LFC:[MD5.D8FD8A13F082355A99F19EF8C7C3CAE8] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfh009.dat [655932]
O44 - LFC:[MD5.5BEE9401D0CF5CCAFF570266271DBEAD] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [738946]
O44 - LFC:[MD5.6685566C39D59426CFE11916E321858D] - 09/06/2015 - 17:24:24 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.D22E177E7B8F36B028A07BDB2DC5291A] - 09/06/2015 - 21:19:27 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1608663]
~ Files: 8 Scanned in 00mn 07s

---\\ Latest files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.5405E2B6EC056724D90B3CF9C248B1AC] - 09/06/2015 - 17:32:57 ---A- - C:\Windows\Prefetch\PACKBARRE.EXE-20ECD862.pf =>Adware.ADON
~ Prefetcher: 1 Scanned in 00mn 00s

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" [Enabled] .(.Trend Media Corporation Limited.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [Enabled] .(...) -- C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe (.not file.)
~ Keys Export: 2 Scanned in 00mn 00s

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s

---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{10521325-b80d-11dc-a9ae-806e6f6e6963}\AutoRun\command. (...) -- F:\start.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\CatalinaGroup Update [Key] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
O53 - SMSR:HKLM\...\startupreg\ccleaner [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O53 - SMSR:HKLM\...\startupreg\Clock Widget (HTC Home) [Key] . (.No owner - Clock widget for HTC Home 3.) -- C:\Program Files (x86)\HTC Home 3\Clock.exe
O53 - SMSR:HKLM\...\startupreg\Coin Miner [Key] . (...) -- C:\Program Files (x86)\CoinMiner\coinminer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Facebook Update [Key] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe
O53 - SMSR:HKLM\...\startupreg\facemoods [Key] . (...) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (.not file.) =>Adware.Facemoods
O53 - SMSR:HKLM\...\startupreg\FlashGet 3 [Key] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
O53 - SMSR:HKLM\...\startupreg\iCloudServices [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O53 - SMSR:HKLM\...\startupreg\RealDownloader [Key] . (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\se [Key] . (...) -- C:\Users\RCZ\AppData\Roaming\SkypEmoticons\SE.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Weather Widget (HTC Home) [Key] . (.No owner - Weather widget for HTC Home 3.) -- C:\Users\RCZ\Downloads\HTC_Home_Apis\Weather.exe
O53 - SMSR:HKLM\...\startupreg\Zoner Photo Studio Autoupdate [Key] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe
O53 - SMSR:HKLM\...\startupreg\Zoner Photo Studio Service 16 [Key] . (...) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.exeC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe (.not file.)
~ SMSR Keys: 17 Scanned in 00mn 00s

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableLockWorkstation"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableClock"=0
O55 - MWPS:[HKCU\...\Policies\System] - "LogonHoursAction"=2
O55 - MWPS:[HKCU\...\Policies\System] - "DontDisplayLogonHoursWarnings"=1
~ MWPS: 22 Scanned in 00mn 00s

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFind"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ MWPE Keys: 8 Scanned in 00mn 00s

---\\ Search Drivers Rootkit (SDR) (O57)
O57 - SDR:Search Drivers Rootkit - ( - .) --
~ Keys: Scanned in 00mn 01s

---\\ System Drivers List (SDL) (O58)
O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [339536]
O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [182864]
O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [15440]
O58 - SDL:20/11/2010 - 14:32:46 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [107904]
O58 - SDL:14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [194128]
O58 - SDL:20/11/2010 - 14:32:47 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [27008]
O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [87632]
O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [97856]
O58 - SDL:10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60a.sys [270848]
O58 - SDL:10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [18432]
O58 - SDL:10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [8704]
O58 - SDL:14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [286720]
O58 - SDL:10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [47104]
O58 - SDL:10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976]
O58 - SDL:10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720]
O58 - SDL:10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [468480]
O58 - SDL:14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [17488]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3286016]
O58 - SDL:21/08/2012 - 13:01:20 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:20/11/2010 - 14:33:35 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [78720]
O58 - SDL:20/11/2010 - 14:33:38 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [410496]
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [44112]
O58 - SDL:17/04/2015 - 03:43:55 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [114752]
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [106560]
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [65600]
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [115776]
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\System32\Drivers\megasas.sys [35392]
O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [284736]
O58 - SDL:14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [51264]
O58 - SDL:11/02/2011 - 22:23:34 ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [35344]
O58 - SDL:26/02/2013 - 00:32:32 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 311.06.) -- C:\Windows\System32\Drivers\nvlddmkm.sys [11036448]
O58 - SDL:20/11/2010 - 14:33:48 ---A- . (.NVIDIA Corporation - NVIDIA® nForce"! RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [148352]
O58 - SDL:20/11/2010 - 14:33:48 ---A- . (.NVIDIA Corporation - NVIDIA® nForce"! Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [166272]
O58 - SDL:14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1524816]
O58 - SDL:14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [128592]
O58 - SDL:10/06/2009 - 21:35:42 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\System32\Drivers\Rt64win7.sys [187392]
O58 - SDL:10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [43584]
O58 - SDL:14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [80464]
O58 - SDL:11/09/2009 - 06:47:24 ---A- . (.TechniSat Digital, S.A. - NDIS 5.0 driver.) -- C:\Windows\System32\Drivers\SkyNET_AMD64.sys [615440]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [206080]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:15/08/2014 - 23:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [17488]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [161872]
O58 - SDL:31/01/2015 - 01:49:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:31/03/2015 - 09:32:50 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:06/08/2014 - 09:43:26 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys [61632] =>PUP.LinkiDoo
O58 - SDL:04/02/2005 - 17:12:50 ---A- . (.Padus, Inc. - Padus® ASPI Shell.) -- C:\Windows\SysWOW64\drivers\pfc.sys [10368]
~ Drivers: 55 Scanned in 00mn 06s

---\\ Last modified or created user files (O61)
O61 - LFC: 08/06/2015 - 21:40:15 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\3770\temp\5972653202229919220b.exe [2584576]
O61 - LFC: 08/06/2015 - 21:40:24 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\3770\temp\BondedSplitter.xyz.exe [2792960]
O61 - LFC: 08/06/2015 - 21:40:25 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\5972653202229919220b.exe [2584576]
O61 - LFC: 08/06/2015 - 21:40:27 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\ntwdblib.dll [4096]
O61 - LFC: 09/06/2015 - 21:35:58 ---A- . (...) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 09/06/2015 - 21:36:19 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 09/06/2015 - 21:40:27 ---A- . (.Client Connect LTD.) -- C:\Users\RCZ\AppData\Local\Temp\Runner.exe [236352]
O61 - LFC: 09/06/2015 - 21:40:35 ---A- . (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr25.bin [24]
O61 - LFC: 09/06/2015 - 21:41:09 R--A- . (.BPMconcept.) -- C:\Users\RCZ\AppData\Roaming\Microsoft\Installer\{CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}\DesktopIcon.exe [378368] =>Adware.ADON
O61 - LFC: 09/06/2015 - 21:41:09 R--A- . (.BPMconcept.) -- C:\Users\RCZ\AppData\Roaming\Microsoft\Installer\{CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}\StartMenuIcon.exe [378368]
O61 - LFC: 09/06/2015 - 21:51:56 ---A- . (.Nicolas Coolman.) -- C:\Users\RCZ\Downloads\ZHPDiag2.exe [6880102] =>.Nicolas Coolman
~ 105 Fichiers temporaires (Temporary files)
~ 3016 Fichiers cookies (Cookies files)
~ Files: 11 Scanned in 16mn 35s

---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 11/02/2011 - C:\Windows\System32\drivers\npf.sys (npf) .(.CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) - LEGACY_NPF
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 31/01/2015 - C:\Windows\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys ({4f8c067a-e55a-4229-81e6-7be1491578a2}w64) .(.StdLib - StdLib.) - LEGACY_{4F8C067A-E55A-4229-81E6-7BE1491578A2}W64 =>PUP.LinkiDoo
O64 - Services: CurCS - 31/03/2015 - C:\Windows\System32\drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys ({bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64) .(.StdLib - StdLib.) - LEGACY_{BDF235AD-4365-4D0E-84D9-2132BDB9D67C}GW64 =>PUP.LinkiDoo
O64 - Services: CurCS - 06/08/2014 - C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys ({ed7eb956-75ed-460d-8f69-29a93b07afd1}w64) .(.StdLib - StdLib.) - LEGACY_{ED7EB956-75ED-460D-8F69-29A93B07AFD1}W64 =>PUP.LinkiDoo
~ Legacy: 77 Scanned in 00mn 00s

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <CitrioDOC.CLSGAAZEDURMJL76IPQGV4EXT4>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Scanned in 00mn 00s

---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Citrio.CLSGAAZEDURMJL76IPQGV4EXT4> <Citrio>[HKLM\..\Shell\open\Command] (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- c:\program files\internet explorer\iexplore.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: <OperaMail> <Opera Mail>[HKLM\..\Shell\open\Command] (...) -- c:\program files (x86)\opera mail\operamail.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: <OperaStable> <Opera Stable>[HKLM\..\Shell\open\Command] (...) -- c:\program files (x86)\opera\launcher.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000082.isPlayDisplay", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000082.state", "{\"state\":\"stopped\",\"text\":\"Today's T...\",\"description\":\"Today's Top Country Hits\[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_TMP_city", "ALGIERS");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_TMP_country", "DZ");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_country", "ALGERIA");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_locId", "AGXX0001");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_location", "Algiers, 42, Algeria");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_region", "OT");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_temp_dis", "c");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_wind_dis", "kmh");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_DaysActivity.enc", "MTQxOTY3MTI0NDc4NA==");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_firstTimeNotification_129883112190108518.enc", "bm8=");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_lang.enc", "RU4=");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_welcome_popup_text.enc", "Q2xpY2sgdG8gc3RhcnQgcnVubmluZyB5b3VyIHNjaGVkdWxlLCBldmVudHMsIGJpcnRoZGF5cy[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_welcome_popup_title.enc", "V2VsY29tZSB0byBDYWxlbmRhcis=");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.FF19Solved", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.FirstTime", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.FirstTimeFF3", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.RestartDialogFirstTime", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.RestartDialogShouldDisplay", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.UserID", "UN34466822152440020");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.appOptions", "{}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.countryCode", "DZ");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.defaultSearch", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.dum", "2");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.embeddedsData", "[{\"appId\":\"128802460738106541\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.enableAlerts", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.enableSearchFromAddressBar", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.fixPageNotFoundError", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.fullUserID", "UN34466822152440020.IN.20140726123001");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.https___calendar_tbccint_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhc[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installDate", "26/07/2014 12:30:16");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installId", "dm");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installSessionId", "a82ef9a4-7f1a-414f-a7d3-c1cdaf6050ea");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installSp", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installType", "clientconnectnsisintegration");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installerVersion", "1.11.0.11");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://www.trovi.com...92277&octid=CT2[...] =>Hijacker.TroviCom
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.lastVersion", "10.35.0.3");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"E[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.openThankYouPage", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.openUninstallPage", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.performedDomainChangesMigration", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.revertSettingsEnabled", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.search.searchAppId", "128802460738106541");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.search.searchCount", "0");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchInNewTabEnabledByUser", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchRevert", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchSuggestEnabledByUser", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchUninstallUserMode", "4");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchUserMode", "4");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2192277\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://ClixSens[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"ClixSense.com \[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_Configuration_lastUpdate", "1422257111750");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1422257114647");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_appsMetadata_lastUpdate", "1422257114011");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1422257114153");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1406374282787");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1406374284955");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408646211300");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411971236676");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.33.0.5_lastUpdate", "1406455990484");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415773286287");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.35.0.3_lastUpdate", "1422257118281");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.35.0.503_lastUpdate", "1419714318275");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1422257114552");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_searchAPI_lastUpdate", "1422257117609");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_serviceMap_lastUpdate", "1422257111344");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_toolbarContextMenu_lastUpdate", "1422257114034");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_toolbarSettings_lastUpdate", "1422257112151");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_translation_lastUpdate", "1422257117511");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.settingsINI", true);
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.showToolbarPermission", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.smartbar.CTID", "CT2192277"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.smartbar.toolbarName", "ClixSense.com "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.startPage", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.superCalendar_close_popup_129883112190108518.enc", "MC43MDAzNzgxNDY4Mzc4NDg2");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.super_Calendar_show_welcome_popup_129883112190108518.enc", "eWVz");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarBornServerTime", "26-7-2014");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarCurrentServerTime", "26-1-2015");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarInstallDate", "26-07-2014 12:30:04");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarLoginClientTime", "Sat Jul 26 2014 12:31:25 GMT+0100");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.versionFromInstaller", "10.35.0.3");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.xpeMode", "1");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1422257104784,\"isWithState\"[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.FF19Solved", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.UserID", "UN16168956731466736");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.fullUserID", "UN16168956731466736.IN.20131013193516");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installDate", "13/10/2013 19:35:21");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installSessionId", "1A7D7525-9FD3-47C1-86EF-1A3C498193E1");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installSp", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installUsage", "13/10/2013 20:27:25");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installUsageEarly", "13/10/2013 20:27:25");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installerVersion", "1.7.1.7");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.keyword", "true");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.originalSearchAddressUrl", "http://websearch.sea...643843791204[...]
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.searchRevert", "false");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.searchUserMode", "1");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.versionFromInstaller", "10.20.1.8");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.xpeMode", "0");
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("aol_toolbar.default.homepage.check", false);
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("aol_toolbar.default.search.check", false);
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>PUP.Babylon
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("extensions.crossrider.bic", "144e920847aba8436b4240fa46bbd3e0"); =>PUP.CrossRider
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.condui...ource=2&CUI=UN1[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.searchguard.enable", ""); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {301FE28C-F99D-4426-BB7E-01F110619AFF} - (Search The Web (eseeky)) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {CCC82E44-53EC-478C-956A-12818D53B22A} - (ClixSense.com Customized Web Search) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 08s

---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\localname.sol =>.Crack,Keygen
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\save.sol =>.Crack,Keygen
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\userData.sol =>.Crack,Keygen
C:\Users\RCZ\Downloads\Batch.Image.Resizer.v2.87.Incl.Keymaker-ARN\Keymaker\keygen.exe =>.Crack,Keygen
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\localname.sol =>.Crack,Keygen
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\save.sol =>.Crack,Keygen
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\userData.sol =>.Crack,Keygen
C:\Users\RCZ\Downloads\Batch.Image.Resizer.v2.87.Incl.Keymaker-ARN\Keymaker\keygen.exe =>.Crack,Keygen
~ Files: Scanned in 01mn 27s

---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d application.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [859648]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [680960]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d accès distant.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d accès distant.) -- C:\Windows\System32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d interface dynamique.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d événements système (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l application d assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows"!.) -- C:\Windows\System32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [683520]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [2553856]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d application.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d ordinateurs.) -- C:\Windows\System32\browser.dll [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [210432]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [100864]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [193536]
~ Services: 33 Scanned in 00mn 01s

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.D71D423685E4F189032790D891ADC5B4] [SPRF][14/01/2014] (...) -- C:\Users\RCZ\AppData\Roaming\4E92.exe [1462696]
[MD5.F2DD0DEDB2C260419ECE4A9E03B2E828] [SPRF][17/04/2015] (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr2.bin [4]
[MD5.B727AC151CEA8525CE069F9B78753E3D] [SPRF][09/06/2015] (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr25.bin [24]
[MD5.C7427D0D0877D4F30D709C3B4588A738] [SPRF][14/05/2015] (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr3.bin [20]
[MD5.0B8A80CA2CC6CE5A227AD84A13503E12] [SPRF][14/01/2014] (...) -- C:\Users\RCZ\AppData\Roaming\C972.exe [1445440]
[MD5.9DBDEE49DADD657065836572BE8CE383] [SPRF][05/03/2011] (...) -- C:\Users\RCZ\AppData\Roaming\Setup.exe [559424]
[MD5.B9AB4651ACB27EAB705155F5E27587B4] [SPRF][01/12/2008] (.PC SOFT - WD140ACTION.DLL (Action prédéfinies).) -- C:\Users\RCZ\Desktop\WD140Action.dll [180224]
[MD5.E601A3440380EEE2C0384BA3C14FA36D] [SPRF][10/07/2008] (.PC SOFT - PC SOFT - Gestion de l'agent.) -- C:\Users\RCZ\Desktop\WD140agt.dll [143360]
[MD5.FD1F78465951797A23A5E8F996AFE527] [SPRF][22/10/2008] (.PC SOFT - WD140BarC.dll (Générateur de codes barres).) -- C:\Users\RCZ\Desktop\WD140barc.dll [131072]
[MD5.330BE1FDCE8A30E97F6834DFEEE171F0] [SPRF][17/07/2008] (.PC SOFT - WD140CE.DLL (Fonctions d'accès aux terminaux mobiles).) -- C:\Users\RCZ\Desktop\WD140CE.dll [134656]
[MD5.5493E60046FDA10F70375BBE83EB3B07] [SPRF][12/12/2008] (.PC SOFT - WD140COD.DLL (Macro Code Utilisateur).) -- C:\Users\RCZ\Desktop\WD140cod.dll [1118208]
[MD5.1F9CBDC10E401ADD070531D2724F237D] [SPRF][09/12/2008] (.PC SOFT - WD140COM.DLL (Fonctions de communication).) -- C:\Users\RCZ\Desktop\WD140com.dll [925696]
[MD5.D2C69F4C6950104D645B55F442AA98EB] [SPRF][29/10/2008] (.PC SOFT - WD140DB.DLL (Driver Natif XBase).) -- C:\Users\RCZ\Desktop\WD140db.dll [602112]
[MD5.A2810B300613AA7239756CDBC8D197F2] [SPRF][01/12/2008] (.PC SOFT - WD140ETAT.DLL (Impression des états).) -- C:\Users\RCZ\Desktop\WD140ETAT.dll [385024]
[MD5.F7C93330F73585B546B1F849DCBDCBC9] [SPRF][17/12/2008] (.PC SOFT - WD140GGL.DLL (Services Google).) -- C:\Users\RCZ\Desktop\WD140GGL.dll [372736]
[MD5.BB213109F6C185A7BF092B3FAF97A512] [SPRF][01/12/2008] (.PC SOFT - WD140GPU.DLL (Fonctions groupware).) -- C:\Users\RCZ\Desktop\WD140gpu.dll [458752]
[MD5.3C8A846E9858C87FF334D15243A89B52] [SPRF][09/12/2008] (.PC SOFT - WD140GRF.DLL (Gestion des graphes).) -- C:\Users\RCZ\Desktop\WD140GRF.dll [301568]
[MD5.1C49ABDE9428069D87CE21189C969174] [SPRF][11/07/2008] (.PC SOFT - WD140GRV.DLL (Fonctions de gravure).) -- C:\Users\RCZ\Desktop\WD140GRV.dll [122880]
[MD5.415E3448BE6E34C9F4FE21E72AB6BEF3] [SPRF][12/12/2008] (.PC SOFT - WD140HF.DLL (Moteur HyperFileSQL).) -- C:\Users\RCZ\Desktop\WD140HF.dll [2499584]
[MD5.23DF3497E73799206C4383CE02E33545] [SPRF][05/12/2008] (.PC SOFT - WD140HTML.DLL (Génération de page HTML).) -- C:\Users\RCZ\Desktop\WD140HTML.dll [622592]
[MD5.BFD7A4E6B91CB62725B08EB5DE180589] [SPRF][24/09/2008] (.PC SOFT - WD140MAT.DLL (Fonctions mathématiques).) -- C:\Users\RCZ\Desktop\WD140Mat.dll [114688]
[MD5.95FFC6E4645794DF2670D3DC72ED44FE] [SPRF][04/11/2008] (.PC SOFT - WD130MESS.DLL (Fonctions de messagerie).) -- C:\Users\RCZ\Desktop\WD140mess.dll [317440]
[MD5.ACF04FCAD327481F9EFEA41DBAF53516] [SPRF][11/09/2008] (.PC SOFT - WD140NET1.DLL (Accès à .Net 1.0).) -- C:\Users\RCZ\Desktop\wd140net1.dll [523776]
[MD5.C45CC46507364F90B7E5B946EA2DE5B4] [SPRF][11/09/2008] (.PC SOFT - WD140NET2.DLL (Accès à .Net 2.0).) -- C:\Users\RCZ\Desktop\wd140net2.dll [397312]
[MD5.E95B1F3823B1E3C2E0F77E21B9F34848] [SPRF][30/10/2008] (.PC SOFT - WD140NXML.DLL (Driver Natif XML).) -- C:\Users\RCZ\Desktop\WD140NXML.dll [360448]
[MD5.3068DAAEA1FDD96FBE73A7EC805DBB99] [SPRF][25/11/2008] (.PC SOFT - WD140OLDB.dll (Client OLE DB).) -- C:\Users\RCZ\Desktop\WD140OLDB.dll [606208]
[MD5.C1179460F2945AD09304D87F9052BECF] [SPRF][16/12/2008] (.PC SOFT - WD140PAGE.DLL (Gestion des pages dynamiques).) -- C:\Users\RCZ\Desktop\WD140Page.dll [977920]
[MD5.213EE39488D103F1FF1D8E418DE0A00C] [SPRF][13/11/2008] (.PC SOFT - WD140PCL.DLL (Génération de fichier PCL).) -- C:\Users\RCZ\Desktop\WD140PCL.dll [237568]
[MD5.7F1DAC55FA4B4A93F62A06A9C67D7FA4] [SPRF][26/11/2008] (.PC SOFT - WD140PDF.DLL (Génération de fichier PDF).) -- C:\Users\RCZ\Desktop\WD140pdf.dll [528384]
[MD5.E2FDEA2996EA868794085F310EBCBE5C] [SPRF][04/11/2008] (.PC SOFT - WD140PLM.DLL (DLL PalmPilot).) -- C:\Users\RCZ\Desktop\WD140plm.dll [208896]
[MD5.D7A4F8C933A2790C37B244BD0DB36BEC] [SPRF][15/12/2008] (.PC SOFT - WD140PRN.DLL (Fonctions d'impression).) -- C:\Users\RCZ\Desktop\WD140prn.dll [831488]
[MD5.3227B44494E1CB030201E1CBA8F16EB8] [SPRF][22/07/2008] (.PC SOFT - WD140RPL.DLL (Réplication HF).) -- C:\Users\RCZ\Desktop\WD140RPL.dll [311808]
[MD5.AE903B51F741095640530F0E923FE26B] [SPRF][13/11/2008] (.PC SOFT - WD140RTF.DLL (Génération de fichier RTF).) -- C:\Users\RCZ\Desktop\WD140RTF.dll [610304]
[MD5.BD8BEF72F45D350AD92D32112289D8BB] [SPRF][04/12/2008] (.PC SOFT - WD140SQL.DLL (SQL).) -- C:\Users\RCZ\Desktop\WD140sql.dll [569344]
[MD5.B70D88EF1304D28C1DF577F44E242AEA] [SPRF][03/12/2008] (.PC SOFT - WD140TEST.DLL (Passage de tests automatiques).) -- C:\Users\RCZ\Desktop\wd140test.dll [125440]
[MD5.609B8E8C53337E97AA79CB64472B701D] [SPRF][03/12/2008] (.PC SOFT - WD140TRS.DLL (Transactions HF).) -- C:\Users\RCZ\Desktop\WD140TRS.dll [95232]
[MD5.3AD57D737561510E5A3DE5DD6E32AE8F] [SPRF][26/09/2008] (.PC SOFT - WD140UNI.DLL (Unicode).) -- C:\Users\RCZ\Desktop\WD140UNI.dll [5991424]
[MD5.50A175E6AD599CC9962182E179937CBA] [SPRF][16/07/2008] (.PC SOFT - Support XAML.) -- C:\Users\RCZ\Desktop\WD140xaml.dll [43520]
[MD5.25A8B5ECCCDA081C43484494EF0AE260] [SPRF][16/12/2008] (.PC SOFT - WD140XLS.DLL (Gestion XLS).) -- C:\Users\RCZ\Desktop\WD140XLS.dll [507904]
[MD5.1FDF174945230AD318EB31893129D550] [SPRF][17/12/2008] (.PC SOFT - WD140XML.DLL (Génération de fichier XML).) -- C:\Users\RCZ\Desktop\WD140XML.dll [446464]
[MD5.29FB777108EF43D3D0D4B226DA95442F] [SPRF][03/12/2008] (.PC SOFT - PC SOFT - Fonctions de compression.) -- C:\Users\RCZ\Desktop\WD140zip.dll [430080]
~ Files: 41 Scanned in 00mn 05s

---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{5D158455-9BEE-42CD-AE54-6889708A60E4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{7D0AC9E0-CEE1-45E9-A2BE-8DE02CED480C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{CAFA8D27-EDB0-4BAD-BBF7-3970AC29953C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{664A77B5-9918-4522-8870-A9E1ADE4BBFE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Scanned in 00mn 03s

---\\ Random Export Key (REK) (O91)
[HKCU\Software\5a6dfdde568e844\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5a6dfdde568e844\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\5a6dfdde568e844] =>PUP.Babylon^
~ Export Key Software: Scanned in 00mn 00s

---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.BD76E28CE1859E6564C9D7EB9618B9DC] [WIS][09/06/2015] (.BPMconcept - PackBarre.) -- C:\Windows\Installer\199fce7.msi [1818624] =>Adware.ADON
~ WIS: 1 Scanned in 00mn 05s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\updatediamondata_RASAPI32 =>Hijacker.Diamondata
HKLM\SOFTWARE\Microsoft\Tracing\updatediamondata_RASMANCS =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\diamondata_Setup_RASAPI32 =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\diamondata_Setup_RASMANCS =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky4ie_RASAPI32 =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky4ie_RASMANCS =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_1_RASAPI32 =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_1_RASMANCS =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_RASAPI32 =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_RASMANCS =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_uninst_RASAPI32 =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_uninst_RASMANCS =>Hijacker.Eseeky
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoforFiles_RASAPI32 =>P2P.GoforFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoforFiles_RASMANCS =>P2P.GoforFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PackBarre_RASAPI32 =>Adware.ADON
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PackBarre_RASDLG =>Adware.ADON
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PackBarre_RASMANCS =>Adware.ADON
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASAPI32 =>PUP.PerformerSoft
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASMANCS =>PUP.PerformerSoft
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SEDownloader_RASAPI32 =>PUP.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SEDownloader_RASMANCS =>PUP.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup(1)_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup(1)_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmileysWeLove_SetupS_v1_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmileysWeLove_SetupS_v1_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_smileys-we-love_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_smileys-we-love_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_football365-toolbar_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_football365-toolbar_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_myconnection-pc_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_myconnection-pc_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedTestPro_RASAPI32 =>Adware.ScriptHost
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedTestPro_RASMANCS =>Adware.ScriptHost
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tasksgr_RASAPI32 =>Trojan.Tasksgr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tasksgr_RASMANCS =>Trojan.Tasksgr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TunesBarre_RASAPI32 =>Toolbar.TunesBarre
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TunesBarre_RASMANCS =>Toolbar.TunesBarre
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32 =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatediamondata_RASAPI32 =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatediamondata_RASMANCS =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSourceApp_RASAPI32 =>PUP.SourceApp
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSourceApp_RASMANCS =>PUP.SourceApp
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSwiftRecord_RASAPI32 =>PUP.SwiftRecord
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSwiftRecord_RASMANCS =>PUP.SwiftRecord
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utildiamondata_RASAPI32 =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utildiamondata_RASMANCS =>Hijacker.Diamondata
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSourceApp_RASAPI32 =>PUP.SourceApp
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSourceApp_RASMANCS =>PUP.SourceApp
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSwiftRecord_RASAPI32 =>PUP.SwiftRecord
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSwiftRecord_RASMANCS =>PUP.SwiftRecord
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSpades_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VideoPerformerSetup_RASAPI32 =>PUP.VideoPerformer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VideoPerformerSetup_RASMANCS =>PUP.VideoPerformer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS =>Adware.WebCake
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSpades_RASMANCS =>PUP.WebSpades
~ BTK: 616 Scanned in 00mn 01s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{0FB2D74C-6F45-3C83-8B86-631E02FA8086}] (YoutubeAdblocker) =>PUP.Multiplug
[HKCR\CLSID\{486AFD26-55CB-310A-8C13-BAAFC8C4A6F9}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar
[HKCR\CLSID\{4B3C4278-AB91-32DC-AEA4-606C6509DFB4}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar
[HKCR\CLSID\{77A0E495-9E74-3ECD-A4EB-788185AA6BAC}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar
[HKCR\CLSID\{7B19CC07-9D3A-33F0-9F37-CB3A56766E11}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar
[HKCR\CLSID\{801B480C-0052-3474-90B0-2B853494196E}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar
[HKCR\CLSID\{8097B661-105D-3B2D-BA8A-B2AA0C1A2CBA}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar
[HKCR\CLSID\{FC991D27-AB93-3043-B430-7FF0918E9623}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar
~ BCK: 5309 Scanned in 00mn 14s

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 26/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/05/2015 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28/07/2011 262144 | (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\AIPS.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 20/05/2015 157824 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Demand 07/04/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 26/10/2014 39568 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 20/05/2015 602112 | (WindowsMangerProtect) . (.Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s

---\\ Search Master Boot Record Infection (MBR)(O80)
Run by RCZ at 09/06/2015 21:54:33
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by RCZ at 09/06/2015 21:54:35
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 100
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 71
Fichiers trouvés (Files found) : 60

[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}] =>Adware.ADON^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.YouTubeAdBlock^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\facemoods] =>Adware.Facemoods^
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>PUP.Conduit
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}] =>Adware.Facemoods
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}] =>Adware.Facemoods
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>PUP.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\IGagnant] =>Toolbar.Agent
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>PUP.Conduit
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\Toolbar] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\BI] =>Adware.MegaSearch
[HKLM\Software\Classes\AppID\{2C254882-699A-464B-95F5-32F003F4F45C}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{2C254882-699A-464B-95F5-32F003F4F45C}] =>Adware.BDSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10245650-5917-4ff8-BED6-ABB91DD73E47}] =>Adware.BDSearch
[HKLM\Software\Classes\AppID\FlashgetHook.DLL] =>Adware.BDSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974c985-8151-4de5-b23c-b875f0a8522f}] =>Adware.BDSearch
[HKLM\Software\Classes\Interface\{A0939A48-0E2F-453F-899C-595F6648EE88}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{A0939A48-0E2F-453F-899C-595F6648EE88}] =>Adware.BDSearch
[HKLM\Software\Classes\Interface\{6DD9E779-2707-4BF0-8269-E4C6BD8B39B7}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{6DD9E779-2707-4BF0-8269-E4C6BD8B39B7}] =>Adware.BDSearch
[HKLM\Software\Classes\Interface\{810B845F-70F3-4B05-9625-3FB37B59A884}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{810B845F-70F3-4B05-9625-3FB37B59A884}] =>Adware.BDSearch
[HKLM\Software\Classes\TypeLib\{DF772EB8-4116-49AE-8FA4-B5B078AA4198}] =>Adware.BDSearch
[HKLM\Software\Classes\FG2CatchUrl.Netscape] =>Adware.BDSearch
[HKLM\Software\Classes\FG2CatchUrl.Netscape.1] =>Adware.BDSearch
[HKLM\Software\Classes\FlashGetHook.FG3DownMgr] =>Adware.BDSearch
[HKLM\Software\Classes\FlashGetHook.FG3DownMgr.1] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\odiaflgoglmdpognebeehehkabaclnpb] =>PUP.Conduit
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{70df8d13-bdd3-448e-944c-efde21b77161} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BackgroundContainer =>PUP.Babylon^
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\extensions\89@AC.com =>PUP.SalePlus^
C:\Program Files (x86)\AAllCheApPricee =>PUP.AllCheapPrice^
C:\Program Files (x86)\BitSSAvver =>PUP.BitSaver^
C:\Program Files (x86)\CheaapMe =>PUP.CheapMe^
C:\Program Files (x86)\ChieAApMeE =>PUP.CheapMe^
C:\Program Files (x86)\DiScooUnttExttensi =>PUP.DiscountExtens^
C:\Program Files (x86)\DowwnSSaive =>PUP.DownSave^
C:\Program Files (x86)\EENjoyCouponn =>PUP.EnjoyCoupon^
C:\Program Files (x86)\FinDBoeesteDeal =>PUP.FindBestDeal^
C:\Program Files (x86)\GreattSave4U =>PUP.GreatSave4U^
C:\Program Files (x86)\NExtCoupp =>PUP.NextCoup^
C:\Program Files (x86)\PackBarre =>Adware.ADON^
C:\Program Files (x86)\priceChoep =>PUP.PriceChop^
C:\Program Files (x86)\pricechoPP =>PUP.PriceChop^
C:\Program Files (x86)\RRoboSavEr =>PUP.RoboSaver^
C:\Program Files (x86)\saafieweb =>PUP.SafeWeb^
C:\Program Files (x86)\SaleuPPLuus =>PUP.SalePlus^
C:\Program Files (x86)\Swift Record =>PUP.SwiftRecord^
C:\Program Files (x86)\TerminusSys =>Adware.TerminusSys^
C:\Program Files (x86)\YoutubeAdblocker =>PUP.YouTubeAdBlock^
C:\ProgramData\AAllCheApPricee =>PUP.AllCheapPrice^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BitSSAvver =>PUP.BitSaver^
C:\ProgramData\Browser AdBlocker =>PUP.Adblocker^
C:\ProgramData\ccontiNuetooSave =>PUP.ContinueToSave^
C:\ProgramData\ChieAApMeE =>PUP.CheapMe^
C:\ProgramData\cioonteinuEitossave =>PUP.ContinueToSave^
C:\ProgramData\coiNttinueetosavoe =>PUP.ContinueToSave^
C:\ProgramData\continuuetosave =>PUP.ContinueToSave^
C:\ProgramData\coonytiynnueotiosave =>PUP.ContinueToSave^
C:\ProgramData\DiOwNaload keePer =>PUP.DownloadKeeper^
C:\ProgramData\DiScooUnttExttensi =>PUP.DiscountExtens^
C:\ProgramData\DowwnSSaive =>PUP.DownSave^
C:\ProgramData\EENjoyCouponn =>PUP.EnjoyCoupon^
C:\ProgramData\FinDBoeesteDeal =>PUP.FindBestDeal^
C:\ProgramData\GreattSave4U =>PUP.GreatSave4U^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\IHProtectUpDate =>Adware.AgentODR^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\NExtCoupp =>PUP.NextCoup^
C:\ProgramData\priceChoep =>PUP.PriceChop^
C:\ProgramData\pricechoPP =>PUP.PriceChop^
C:\ProgramData\RRoboSavEr =>PUP.RoboSaver^
C:\ProgramData\saafieweb =>PUP.SafeWeb^
C:\ProgramData\safe save =>Adware.SafeSave^
C:\ProgramData\SearchNewTab =>Adware.FastSaveApp^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\YoutubeAdblocker =>PUP.YouTubeAdBlock^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedTestPro =>Adware.ScriptHost^
C:\Users\RCZ\AppData\Roaming\ARHome =>Trojan.Vonteera^
C:\Users\RCZ\AppData\Roaming\mystartsearch =>PUP.StartSearch^
C:\Users\RCZ\AppData\Roaming\SmileysWeLove =>Adware.SmileyBar^
C:\Users\RCZ\AppData\Roaming\uTorrent =>P2P.µTorrent^
C:\Users\RCZ\AppData\Roaming\VolIE =>Trojan.Vonteera^
C:\Users\RCZ\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider^
C:\Users\RCZ\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch^
C:\Users\RCZ\AppData\Local\Chromatic Browser =>PUP.Chromatic^
C:\Users\RCZ\AppData\Local\globalUpdate =>PUP.GlobalUpdate^
C:\Users\RCZ\AppData\Local\Torch =>PUP.Torch^
C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider^
C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre =>Adware.ADON^
C:\Users\RCZ\AppData\Local\Conduit =>PUP.Conduit
C:\Users\RCZ\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\RCZ\AppData\Local\B1E =>Toolbar.BrotherSoft
C:\Users\RCZ\AppData\LocalLow\Conduit =>PUP.Conduit
C:\Users\RCZ\AppData\LocalLow\facemoods.com =>Adware.Facemoods
C:\Users\RCZ\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb =>PUP.Conduit
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\Smartbar =>Hijacker.SmartBar
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\Zwinky_5q =>Adware.MyClearSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\PackBarre\PackBarre.exe =>Adware.ADON^
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu^
C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe =>PUP.BidailySync^
C:\Windows\Tasks\Bidaily Synchronize Task.job =>PUP.BidailySync^
C:\Windows\System32\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
[HKCU\Software\ARHome] =>Trojan.Vonteera^
[HKCU\Software\App Lid-nv-ie] =>PUP.CrossRider^
[HKCU\Software\AppDataLow\Software\BackgroundContainer] =>PUP.Babylon^
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] =>Adware.Graftor^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\GoforFiles] =>P2P.GoforFiles^
[HKCU\Software\Goobzo] =>PUP.Goobzo^
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera^
[HKCU\Software\Optimizer Pro] =>PUP.OptimizerPro^
[HKCU\Software\PerformerSoft LLC] =>PUP.PerformerSoft^
[HKCU\Software\Popajar] =>Toolbar.Conduit^
[HKCU\Software\RegisteredApplicationsEx] =>PUP.SfKpCouponApp^
[HKCU\Software\SensePlus-nv-ie] =>PUP.CrossRider^
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider^
[HKCU\Software\Tasksgr] =>Trojan.Tasksgr^
[HKCU\Software\UpToDown] =>PUP.UpToDown^
[HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera^
[HKCU\Software\globalUpdate] =>PUP.GlobalUpdate^
[HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\64e0632d-912f-07ba-47ea-698ae24cbe93] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Wow6432Node\GoforFiles] =>P2P.GoforFiles^
[HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR^
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\diamondata] =>Hijacker.Diamondata^
[HKLM\Software\Wow6432Node\istartsurfSoftware] =>PUP.Istart^
[HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Wow6432Node\winzipersvc] =>Adware.D365^
[HKCU\Software\5a6dfdde568e844\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5a6dfdde568e844] =>PUP.Babylon^^
C:\Windows\Installer\199fce7.msi =>Adware.ADON^
[HKCR\CLSID\{0FB2D74C-6F45-3C83-8B86-631E02FA8086}] (YoutubeAdblocker) =>PUP.Multiplug^
[HKCR\CLSID\{486AFD26-55CB-310A-8C13-BAAFC8C4A6F9}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar^
[HKCR\CLSID\{4B3C4278-AB91-32DC-AEA4-606C6509DFB4}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar^
[HKCR\CLSID\{77A0E495-9E74-3ECD-A4EB-788185AA6BAC}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar^
[HKCR\CLSID\{7B19CC07-9D3A-33F0-9F37-CB3A56766E11}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar^
[HKCR\CLSID\{801B480C-0052-3474-90B0-2B853494196E}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar^
[HKCR\CLSID\{8097B661-105D-3B2D-BA8A-B2AA0C1A2CBA}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar^
[HKCR\CLSID\{FC991D27-AB93-3043-B430-7FF0918E9623}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar^
C:\Users\RCZ\AppData\Local\facemoods.bmp =>Adware.Facemoods
~ Additionnel Scan: 354972 Items scanned in 00mn 47s

---\\ Additional information about modules
~ http://nicolascoolma...ome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolma...anagement-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolma...lorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolma...ar-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolma...shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 5 Scanned in 00mn 00s

---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/adware-adon =>Adware.ADON
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolma...pup-startsearch =>PUP.StartSearch
http://nicolascoolma...trojan-vonteera =>Trojan.Vonteera
http://www.nicolascoolman.fr/blog/ =>PUP.SalePlus
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://nicolascoolma...toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync
http://nicolascoolma...re-expressfiles =>Adware.ExpressFiles
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolma.../pup-crossrider =>PUP.CrossRider
http://nicolascoolma...outubeadblocker- =>PUP.YouTubeAdBlock
http://nicolascoolma.../hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-mocaflix =>PUP.Mocaflix
http://nicolascoolma...dware-pricegong =>Adware.PriceGong
http://nicolascoolma...jacker-smartbar =>Hijacker.SmartBar
http://www.nicolascoolman.fr/blog/ =>Adware.Graftor
http://nicolascoolma...ker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://nicolascoolman.fr/pup-filescout =>PUP.FileScout
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://nicolascoolma...are-installcore =>Adware.InstallCore
http://nicolascoolma...up-optimizerpro =>PUP.OptimizerPro
http://www.nicolascoolman.fr/blog/ =>PUP.PerformerSoft
http://www.nicolascoolman.fr/blog/ =>PUP.SfKpCouponApp
http://nicolascoolma...dware-smileybar =>Adware.SmileyBar
http://nicolascoolma...-trojan-tasksgr =>Trojan.Tasksgr
http://www.nicolascoolman.fr/blog/ =>PUP.UpToDown
http://nicolascoolma...up-globalupdate =>PUP.GlobalUpdate
http://nicolascoolma.../pup-shopperpro =>PUP.ShopperPro
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolma...systemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolma...-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolma...cker-diamondata =>Hijacker.Diamondata
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://www.nicolascoolman.fr/blog/ =>PUP.AllCheapPrice
http://www.nicolascoolman.fr/blog/ =>PUP.BitSaver
http://www.nicolascoolman.fr/blog/ =>PUP.CheapMe
http://www.nicolascoolman.fr/blog/ =>PUP.DiscountExtens
http://nicolascoolman.fr/pup-downsave =>PUP.DownSave
http://www.nicolascoolman.fr/blog/ =>PUP.EnjoyCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.FindBestDeal
http://www.nicolascoolman.fr/blog/ =>PUP.GreatSave4U
http://www.nicolascoolman.fr/blog/ =>PUP.NextCoup
http://www.nicolascoolman.fr/blog/ =>PUP.PriceChop
http://nicolascoolma...1-pup-robosaver =>PUP.RoboSaver
http://nicolascoolman.fr/pup-safeweb =>PUP.SafeWeb
http://www.nicolascoolman.fr/blog/ =>PUP.SwiftRecord
http://www.nicolascoolman.fr/blog/ =>Adware.TerminusSys
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://www.nicolascoolman.fr/blog/ =>PUP.ContinueToSave
http://nicolascoolma...downloadkeepeor =>PUP.DownloadKeeper
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://nicolascoolma...adware-safesave =>Adware.SafeSave
http://nicolascoolma...are-fastsaveapp =>Adware.FastSaveApp
http://nicolascoolma...ware-scripthost =>Adware.ScriptHost
http://nicolascoolma...ware-megasearch =>Adware.MegaSearch
http://www.nicolascoolman.fr/blog/ =>PUP.Chromatic
http://www.nicolascoolman.fr/blog/ =>PUP.Torch
http://nicolascoolma...dware-facemoods =>Adware.Facemoods
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolma...jacker-trovicom =>Hijacker.TroviCom
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolma.../pup-dosearches =>PUP.DoSearches
http://nicolascoolma.../pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolma.../pup-browsemark =>PUP.BrowseMark
http://nicolascoolma...hijacker-eseeky =>Hijacker.Eseeky
http://nicolascoolma...dware-opencandy =>Adware.OpenCandy
http://nicolascoolma...-softwareengine =>PUP.SoftwareEngine
http://nicolascoolma...lbar-tunesbarre =>Toolbar.TunesBarre
http://www.nicolascoolman.fr/blog/ =>PUP.SourceApp
http://nicolascoolman.fr/pup-webspades =>PUP.WebSpades
http://nicolascoolma...-videoperformer =>PUP.VideoPerformer
http://nicolascoolma.../adware-webcake =>Adware.WebCake
http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug
http://nicolascoolman.fr/pup-minibar =>PUP.Minibar
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolma...are-socialskinz =>Adware.SocialSkinz
http://nicolascoolma...bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Adware.CDNHelper
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolma...pup-clarosearch =>PUP.ClaroSearch
http://nicolascoolma...clickdownloader =>PUP.1ClickDownloader
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
http://nicolascoolma...are-browse2save =>Adware.Browse2Save
http://nicolascoolma...bar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolma...adware-magnipic =>Adware.MagniPic
http://www.nicolascoolman.fr/blog/ =>Adware.BDSearch
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolma...re-installpedia =>Adware.InstallPedia
http://www.nicolascoolman.fr/blog/ =>Toolbar.BrotherSoft
http://nicolascoolma...e-myclearsearch =>Adware.MyClearSearch
~ MSI: 100 link(s) detected in 00mn 00s

End of the scan (2347 lines in 22mn 38s)(8.10)

Signaler le contenu de ce document