~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015) ~ Launched by RCZ (09/06/2015 21:32:53) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : Updated version. ~ White List : Deactivate by user ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.17801 GCIE: Google Chrome v43.0.2357.81 OPIE: Opera vMail 1.0 OPIE: Opera Stable v28.0.1750.40 ---\\ Windows product information ~ Langage: Anglais Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : HYRR2 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ System protection software Microsoft Security Client v4.8.0204.0 Windows Defender W7 (Deactivate) ---\\ System optimization software CCleaner v3.24 ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 17 PPAPI Adobe Reader XI Java 7 Update 9 (64-bit) ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4094 MB (41% free) System Restore: Activé (Enable) System drive C: has 1 GB (1%) free of 122 GB ---\\ Connection to the system mode ~ Computer Name: DAOUD-PC ~ User Name: RCZ ~ All Users Names: UpdatusUser, RCZ, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\RCZ\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\RCZ\AppData\Roaming\ ~ %Desktop% : C:\Users\RCZ\Desktop\ ~ %Favorites% : C:\Users\RCZ\Favorites\ ~ %LocalAppData% : C:\Users\RCZ\AppData\Local\ ~ %StartMenu% : C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 122 Go) D: Hard drive, Flash drive, Thumb drive (Free 4 Go of 172 Go) E: Hard drive, Flash drive, Thumb drive (Free 48 Go of 172 Go) F: CD-ROM drive (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 49 Scanned in 00mn 00s ---\\ Search Generic System Files [MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128] [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/12774 ~ Mes musiques (My Musics) : 1/1276 ~ Mes Videos (My Videos) : 1/197 ~ Mes Favoris (My Favorites) : 1/24 ~ Mes Documents (My Documents) : 2/644 ~ Mon Bureau (My Desktop) : 1/417 ~ Menu demarrer (Programs) : 1/58 ~ Hidden Files: Scanned in 00mn 20s ---\\ Process running [MD5.4606A6E8383DC80242A13BF197619E46] - (.GregLand - No Comment.) -- C:\Program Files (x86)\Emoticon\Emoticon.exe [1494016] [PID.2680] [MD5.BA6435C78C4A91877AE8AA4DCC0927D3] - (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe [572416] [PID.3144] [MD5.716F5828497A7739B1BCCEE4D0E8A80F] - (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe [833240] [PID.3452] [MD5.AA1489AA08AF959A8E1B725B6DFE66EE] - (.DreamStudio - Email Client.) -- D:\DreamMail4\DM2005.exe [1898496] [PID.3848] [MD5.C53D46F346668248C15F3159526A4303] - (...) -- C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe [385536] [PID.3948] [MD5.C09341AD133729F72B2A3238BB8A1A0E] - (. Green Horse Tickerbar - 1.0.0.1.) -- C:\Program Files (x86)\Tickerbar\theTickerBar.exe [57344] [PID.3960] [MD5.FF708EC69A2B14230344199DFB3737EF] - (.No owner - ExtraBarre.) -- C:\agia3d\Extrakdo\barre.exe [110592] [PID.3944] [MD5.896D9A92E8504BA2254E729895B1EC20] - (.Legend Edition - deadsurfv1.0.) -- C:\Users\RCZ\AppData\Local\Apps\2.0\PHYLAXJ4.Z4W\R5KE1QMJ.6KC\dead..tion_0000000000000000_0001.0002_058d90b7aa34d6de\deadsurfv1.2.exe [210944] [PID.5140] [MD5.0027DF21415E1A0BD420BFDAB766620A] - (.Legend Edition - soulcodev1.2.) -- C:\Users\RCZ\AppData\Local\Apps\2.0\PHYLAXJ4.Z4W\R5KE1QMJ.6KC\soul..tion_0000000000000000_0001.0002_41d9d682e7b47003\soulcodev1.2.exe [465920] [PID.5192] [MD5.DE671E75767C4B98B47433FCA26307A5] - (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe [1083280] [PID.2052] [MD5.EC5645B6DBF1E17F216E7BE5073B1157] - (.BPMconcept - PackBarre.) -- C:\Program Files (x86)\PackBarre\PackBarre.exe [378368] [PID.448] =>Adware.ADON [MD5.4ADFE62F23A0CF1D2234B0CC865544F1] - (.KADRIMEX S.A.R.L - AW-Manager-V6.) -- C:\Users\RCZ\Downloads\AW-Manager-V6.3.exe [1414144] [PID.4200] [MD5.EC75F14CC85659C780A0DC575F7B1242] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815304] [PID.5784] [MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.5104] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.744] [MD5.2870CE9BFD6BA66FB0FFC6D11C9E41A7] - (.Arcai.com - Arp Intelligent Protection Service.) -- C:\Program Files (x86)\netcut\services\AIPS.exe [262144] [PID.1184] [MD5.87EE9D133646B4CEDB7D9A240D7BBD73] - (.Windows SysTool - Windows SysTool.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112] [PID.1460] =>PUP.Fuyu [MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1644] [MD5.6E93D6D8C9B096F83DE1E9AC0C75C0BC] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\XTab\ProtectService.exe [157824] [PID.1768] [MD5.590DE2C0FF4E367050239BD1DDC912C1] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568] [PID.1880] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome Extension Folder G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\afodfkabigfjjeidfkkkhllcbdjeegko [RieGhttOFferApp] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [__MSG_appName__] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppefdlohekfhjenppnpjekkjjgndhdf [New XCommander] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [Chrome Hotword Shared Module] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb [ClixSense.com] G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__] ~ Google Lines Browser: 18 Scanned in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\3uoy8h9g.default\prefs.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\3uoy8h9g.default\user.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\prefs.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\user.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\g1n3hvfd.default\prefs.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\g1n3hvfd.default\user.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\oex4j5rw.default\prefs.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\oex4j5rw.default\user.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\x00vjp98.default\prefs.js C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\x00vjp98.default\user.js M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\mystartsearch.xml =>PUP.StartSearch M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\VenteeRo.xml =>Trojan.Vonteera M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\WebSearch.xml M0 - MFSP: prefs.js [RCZ - 3uoy8h9g.default] http://websearch.goodforsearch.info M0 - MFSP: prefs.js [RCZ - 5rnsyl0i.default] http://www.google.com M0 - MFSP: prefs.js [RCZ - g1n3hvfd.default] http://websearch.goodforsearch.info M0 - MFSP: prefs.js [RCZ - oex4j5rw.default] http://websearch.goodforsearch.info M0 - MFSP: prefs.js [RCZ - x00vjp98.default] http://websearch.goodforsearch.info M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] jid1-vW9nopuIAJiRHw@jetpack.xpi M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {1018e4d6-728f-4b20-ad56-37578a4de76b} M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] 89@AC.com M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] staged M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c} M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6} M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4} M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {70df8d13-bdd3-448e-944c-efde21b77161} M2 - MFEP: prefs.js [RCZ - 5rnsyl0i.default\89@AC.com] [] SaleuPPLuus v1.2 (..) =>PUP.SalePlus M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] jid1-vW9nopuIAJiRHw@jetpack.xpi M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {1018e4d6-728f-4b20-ad56-37578a4de76b} M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] 89@AC.com M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] staged M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c} M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6} M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4} M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {70df8d13-bdd3-448e-944c-efde21b77161} M2 - MFEP: Extension [RCZ - g1n3hvfd.default] jid1-vW9nopuIAJiRHw@jetpack.xpi M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {1018e4d6-728f-4b20-ad56-37578a4de76b} M2 - MFEP: Extension [RCZ - g1n3hvfd.default] 89@AC.com M2 - MFEP: Extension [RCZ - g1n3hvfd.default] staged M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c} M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6} M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4} M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {70df8d13-bdd3-448e-944c-efde21b77161} M2 - MFEP: Extension [RCZ - oex4j5rw.default] jid1-vW9nopuIAJiRHw@jetpack.xpi M2 - MFEP: Extension [RCZ - oex4j5rw.default] {1018e4d6-728f-4b20-ad56-37578a4de76b} M2 - MFEP: Extension [RCZ - oex4j5rw.default] 89@AC.com M2 - MFEP: Extension [RCZ - oex4j5rw.default] staged M2 - MFEP: Extension [RCZ - oex4j5rw.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c} M2 - MFEP: Extension [RCZ - oex4j5rw.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6} M2 - MFEP: Extension [RCZ - oex4j5rw.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4} M2 - MFEP: Extension [RCZ - oex4j5rw.default] {70df8d13-bdd3-448e-944c-efde21b77161} M2 - MFEP: Extension [RCZ - x00vjp98.default] jid1-vW9nopuIAJiRHw@jetpack.xpi M2 - MFEP: Extension [RCZ - x00vjp98.default] {1018e4d6-728f-4b20-ad56-37578a4de76b} M2 - MFEP: Extension [RCZ - x00vjp98.default] 89@AC.com M2 - MFEP: Extension [RCZ - x00vjp98.default] staged M2 - MFEP: Extension [RCZ - x00vjp98.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c} M2 - MFEP: Extension [RCZ - x00vjp98.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6} M2 - MFEP: Extension [RCZ - x00vjp98.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4} M2 - MFEP: Extension [RCZ - x00vjp98.default] {70df8d13-bdd3-448e-944c-efde21b77161} P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.9.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.9.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.9.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.40416.0.) -- C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=3] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\1.3.25.219\npCatalinaUpdate3.dll P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=9] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\1.3.25.219\npCatalinaUpdate3.dll ~ Firefox Browser: 91 Scanned in 00mn 01s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (11.00.9600.17631 (winblue_r7.150111-1500)) -- C:\Windows\SysWOW64\ieframe.dll R3 - URLSearchHook: (no name) [64Bits] - {b1bcea4a-6c4e-43be-a618-69cb8a66d8b8} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) R3 - URLSearchHook: ClixSense.com Toolbar [64Bits] - {70df8d13-bdd3-448e-944c-efde21b77161} . (.Conduit Ltd. - Conduit Toolbar.) (6.17.2.8) -- C:\Program Files (x86)\ClixSense.com\prxtbCli2.dll =>Toolbar.Conduit R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ~ IE Browser: 22 Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (63) ~ Hosts File: Scanned in 00mn 46s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{70DF8D13-BDD3-448E-944C-EFDE21B77161} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\QuickLaunch [RCZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\QuickLaunch [RCZ]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\QuickLaunch [RCZ]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [RCZ]: Facebook.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.facebook.com O4 - GS\TaskBar [RCZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\TaskBar [RCZ]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\Program [RCZ]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\SystemTools [RCZ]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com =>Hijacker.DeltaHomes O4 - GS\Desktop [RCZ]: Chrome Web Store.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://chrome.google.com O4 - GS\Desktop [RCZ]: Facebook.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.facebook.com O4 - GS\Desktop [RCZ]: YouTube.lnk . (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.youtube.com ~ Global Startup: 12 Scanned in 00mn 26s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\RCZ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon O4 - HKCU\..\Run: [CatalinaGroup Update] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe O4 - HKCU\..\Run: [AutoShutdown] . (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.) O4 - HKCU\..\Run: [FlashGet 3] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe O4 - HKLM\..\Wow6432Node\Run: [GreenHorseTickerBar] . (.Green Horse Corporation - Green Horse Tickerbar.) -- C:\Program Files (x86)\Tickerbar\tickerbar.dll O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\RCZ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [CatalinaGroup Update] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [AutoShutdown] . (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.) O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [FlashGet 3] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe ~ Application: Scanned in 00mn 00s ---\\ IE Options icon not visible in Control Panel (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000009\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll ~ Winsock: 9 Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0 O17 - HKLM\System\CS1\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0 O17 - HKLM\System\CS2\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Arp Intelligent Protection Service (AIPS) . (.Arcai.com - Arp Intelligent Protection Service.) - C:\Program Files (x86)\netcut\services\AIPS.exe O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.) O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Windows SysTool - Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu ~ Services: 11 Scanned in 00mn 04s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Task Planned Automatically (039) [MD5.00CC35F515079F5F94FABC3AC5C7D363] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464] [MD5.C53D46F346668248C15F3159526A4303] [APT] [Bidaily Synchronize Task] (...) -- C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe [385536] =>PUP.BidailySync [MD5.6BB7B3CB99C8E695C482BF99427FF1B0] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core] (.Catalina Group Ltd..) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130416] [MD5.6BB7B3CB99C8E695C482BF99427FF1B0] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA] (.Catalina Group Ltd..) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130416] [MD5.A5062EA164067050F2DFA9DCA98CA63A] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3157856] [MD5.4606A6E8383DC80242A13BF197619E46] [APT] [emoticon] (.GregLand.) -- C:\Program Files (x86)\Emoticon\Emoticon.exe [1494016] [MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core] (.Facebook Inc..) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA] (.Facebook Inc..) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.7E62782AA49FAE6939FE604B93300C1B] [APT] [LibrarySystem] (...) -- c:\programdata\{4b259ba2-b120-af84-4b25-59ba2b126e8a}\5972653202229919220b.exe [2584576] [MD5.16F026EC9F269CDCDA7B568994F38347] [APT] [Opera scheduled Autoupdate 1420212510] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [889976] [MD5.EABE8AD92F8313ED11C4CD9D56C31A4B] [APT] [RealDownloaderDownloaderScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [369752] [MD5.FB1FCD597FAC91CD4C0901A198C11714] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [147016] [MD5.FB1FCD597FAC91CD4C0901A198C11714] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [147016] [MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{2634143D-9191-44FD-BBFC-A5986952026A}] (...) -- H:\skystar2\Install\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{459C62C6-F8D1-4E4B-A277-000C75DC7609}] (...) -- C:\Users\RCZ\Downloads\ ©ëںê¤ ںéڑ¨ںë ںé¥ں«ي  ى§ï، êë ڑ¦يèê ïيë«.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4D01623E-ED82-4F12-A8A2-727FEA15EC77}] (...) -- C:\Users\RCZ\Desktop\2234.Football365.Toolbar.17.01.2007.rc_FTB001_1_0_0_0.exe (.not file.) [0] [MD5.FD93F8C8BC70CED3F2F2599D522E5197] [APT] [{4E896B93-CF98-4AF5-AA53-45AAFA1D09F6}] (.NCH Software.) -- C:\Program Files (x86)\NCH Software\MailBase\uninst.exe [471044] [MD5.00000000000000000000000000000000] [APT] [{7452F5F5-E9F0-4D46-90EC-CF2773D8B7BC}] (...) -- C:\Users\RCZ\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.Istart [MD5.3469ED6FF6382044611321C26A879E2C] [APT] [{A0B0FB8B-3129-4097-8E5F-E8EA0ADDA0AB}] (...) -- C:\Users\RCZ\Downloads\mbsetup.exe [268448] [MD5.23E22BD7FBB0D11397EC33BF2EA64CD2] [APT] [{A8F1BAE4-DF27-4044-BBB3-D073CD97B0F8}] (...) -- C:\Users\RCZ\Downloads\MuslimBag-Setup.exe [11326355] [MD5.00000000000000000000000000000000] [APT] [{AD77D1C0-2437-417C-ACA6-647B7143F642}] (...) -- F:\Install\setup.exe (.not file.) [0] [MD5.78D0C1825E50CB3D58AA3CE9770FDB96] [APT] [{D42E0F16-61EF-4378-B3E3-8ED50C344542}] (.Adobe Systems Inc..) -- C:\Users\RCZ\Downloads\Shockwave_Installer_Slim (1).exe [5006144] [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [1002] O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: Bidaily Synchronize Task - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task.job [382] =>PUP.BidailySync O39 - APT: Bidaily Synchronize Task - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task [382] =>PUP.BidailySync O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core.job [1048] O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core [1048] O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA.job [1100] O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA [1100] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core.job [898] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core [898] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA.job [920] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA [920] O39 - APT: LibrarySystem - (...) -- C:\Windows\Tasks\LibrarySystem.job [350] O39 - APT: LibrarySystem - (...) -- C:\Windows\System32\Tasks\LibrarySystem [350] ~ Scheduled Task: 37 Scanned in 00mn 15s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Disable SSL3 [64Bits] - {7D715857-A67C-4C2F-A929-038448584D63} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll ~ Active Setup: 11 Scanned in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys O41 - Driver: ({4f8c067a-e55a-4229-81e6-7be1491578a2}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys =>PUP.LinkiDoo O41 - Driver: ({bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys =>PUP.LinkiDoo O41 - Driver: ({ed7eb956-75ed-460d-8f69-29a93b07afd1}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys =>PUP.LinkiDoo ~ Drivers: 72 Scanned in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI O42 - Logiciel: Adobe Flash Player 17 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI O42 - Logiciel: Adobe Reader XI (11.0.11) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001} O42 - Logiciel: Adobe Shockwave Player 12.1 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player O42 - Logiciel: Apple Application Support (32 bits) - (.Apple Inc..) [HKLM][64Bits] -- {AFA1153A-F547-409B-B837-3A0D6C5A3FEC} O42 - Logiciel: Apple Application Support (64 bits) - (.Apple Inc..) [HKLM][64Bits] -- {D7B824DE-DA32-4772-9E5E-39C5158136A7} O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {C4123106-B685-48E6-B9BD-E4F911841EB4} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc O42 - Logiciel: AppsHat Mobile Apps - (.Somoto Ltd..) [HKCU][64Bits] -- AppsHat Mobile Apps =>PUP.CrossRider O42 - Logiciel: Athan Basic 3.8 - (...) [HKLM][64Bits] -- Athan O42 - Logiciel: Barre v0.1 bêta - (.Agia3D.) [HKLM][64Bits] -- {3BDBA6BF-06E0-4372-91AB-996BEC377A72}_is1 O42 - Logiciel: Batch Image Resizer 2.87 - (.JKLNSoft, Inc..) [HKLM][64Bits] -- Batch Image Resizer_is1 O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM][64Bits] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1 O42 - Logiciel: CVitaeV4 - (...) [HKCU][64Bits] -- CVitaeV4 O42 - Logiciel: Citrio - (.© Epom Ltd..) [HKCU][64Bits] -- Citrio O42 - Logiciel: ClixSense.com Toolbar - (.ClixSense.com.) [HKLM][64Bits] -- ClixSense.com Toolbar O42 - Logiciel: Coloriage 2 - (...) [HKLM][64Bits] -- Coloriage 2 O42 - Logiciel: CoreAVC Professional Edition (remove only) - (...) [HKLM][64Bits] -- CoreAVC Professional Edition O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: DVB Dream version 2.5 Ahmad & Takki R1 - (.www.dvbsapplicationrepack.blogspot.com.) [HKLM][64Bits] -- {8579ED9E-1F6F-4B75-8752-A13C38BB146B}_is1 O42 - Logiciel: DVB Dream version 2.6A Ahmad & Takki - (.www.dvbsapplicationrepack.blogspot.com.) [HKLM][64Bits] -- {10A280E5-EEC2-44A7-BEB3-657F838D4E86}_is1 O42 - Logiciel: DVBViewer TE2 - (.CM&V.) [HKLM][64Bits] -- DVBViewer TE2_is1 O42 - Logiciel: Dead Surf - 1 - (.Legend Edition.) [HKCU][64Bits] -- ca5afe92da7ae5fe O42 - Logiciel: DreamMail 4.6 - (.DreamStudio.) [HKLM][64Bits] -- DreamMail 4.6 O42 - Logiciel: Euro-Happy M-B-v2.12e Bêta - (.Agia3D.) [HKLM][64Bits] -- {0558D976-2CD9-4056-BB6D-6609578F6FB9}_is1 O42 - Logiciel: ExtraBarre M-B-v2.15e - (.Agia3D.) [HKLM][64Bits] -- {27A6EC92-1F16-4A47-BDDC-64537DD2630A}_is1 O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM][64Bits] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7} O42 - Logiciel: FileZilla Client 3.10.3 - (.Tim Kosse.) [HKLM][64Bits] -- FileZilla Client O42 - Logiciel: FlashGet3.7 - (.http://www.FlashGet.com.) [HKLM][64Bits] -- FlashGet3.7 O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM][64Bits] -- {FE8DFDD0-A543-4A83-B7A9-C411138194D5} O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Java 7 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF} O42 - Logiciel: Java 7 Update 9 (64-bit) - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86417009FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {FECB76C1-1C1D-4A84-8D47-5754C74B5A5E} O42 - Logiciel: K-Lite Codec Pack 7.9.0 (Full) - (...) [HKLM][64Bits] -- KLiteCodecPack_is1 O42 - Logiciel: LaBoitaKados M-B-v1.1 - (.Agia3D.) [HKLM][64Bits] -- {0B19DC32-C613-4B1C-8116-98A808261AE9}_is1 O42 - Logiciel: Logiciel d'archivage WinRAR - (...) [HKLM][64Bits] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {F842F8B0-6942-4930-821F-543E976B2C66} O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Magic Photo Editor 6.8 - (.Photo Editor Software, Inc..) [HKLM][64Bits] -- Magic Photo Editor_is1 O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- SkyDriveSetup.exe =>.Microsoft Corporation O42 - Logiciel: Microsoft Visionneuse de rapports 2005 redistribuable - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Report Viewer Redistributable 2005 O42 - Logiciel: Mises à jour NVIDIA 1.11.3 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update O42 - Logiciel: Muslim Bag - (.Soft4ISlam.) [HKLM][64Bits] -- Muslim Bag1.5 O42 - Logiciel: MyCurriculum 2011 - (...) [HKLM][64Bits] -- MyCurriculum 2011 O42 - Logiciel: NVIDIA Pilote 3D Vision 311.06 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision O42 - Logiciel: NVIDIA Pilote graphique 311.06 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo O42 - Logiciel: Nero 9 Lite - (.Nero AG.) [HKLM][64Bits] -- {6f555276-7852-4cae-9eda-d69c5802e3e4} O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM][64Bits] -- {E8A80433-302B-4FF1-815D-FCC8EAC482FF} O42 - Logiciel: Nero Online Upgrade - (.Nero AG.) [HKLM][64Bits] -- {C81A2FE0-3574-00A9-CED4-BDAA334CBE8E} O42 - Logiciel: Nero StartSmart - (.Nero AG.) [HKLM][64Bits] -- {7748AC8C-18E3-43BB-959B-088FAEA16FB2} O42 - Logiciel: NetCut 2.1.4 - (.arcai.com.) [HKLM][64Bits] -- NetCut_is1 O42 - Logiciel: New XCommander - (...) [HKLM][64Bits] -- {60EACF28-3304-CDE7-8F98-5992F85D389C} O42 - Logiciel: Opera Mail 1.0 - (.Opera Software ASA.) [HKLM][64Bits] -- Opera 1.0.1040 O42 - Logiciel: Opera Stable 28.0.1750.40 - (.Opera Software ASA.) [HKLM][64Bits] -- Opera 28.0.1750.40 O42 - Logiciel: PackBarre - (.BPMconcept.) [HKLM][64Bits] -- {CDD9453E-67C2-40EC-B15B-137A9C8AD3C0} =>Adware.ADON O42 - Logiciel: Photo Frame Studio - (.MOJOSOFT.) [HKLM][64Bits] -- Photo Frame Studio_is1 O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} O42 - Logiciel: SNT - (.SNT.) [HKLM][64Bits] -- {C670DCAE-E392-AA32-6F42-143C7FC4BDFD} O42 - Logiciel: SkypEmoticons - (...) [HKLM][64Bits] -- SkypEmoticons_is1 O42 - Logiciel: Skype™ 6.14 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7} O42 - Logiciel: Snagit 11 - (.TechSmith Corporation.) [HKLM][64Bits] -- {44BD21C2-9132-48DB-B65B-23817E4C6F4B} O42 - Logiciel: Soul-Code - (.Legend Edition.) [HKCU][64Bits] -- b04e6fc329b9f61e O42 - Logiciel: TechniSat DVB-PC TV Star - (.TechniSat.) [HKLM][64Bits] -- {D032A7F0-8B5C-4603-8B46-235025D5F9C1} O42 - Logiciel: Thread Manager 2.4.0.0 - (.Digital Generation.) [HKLM][64Bits] -- {78F4E027-355C-45C0-90DC-F89DFC618761}_is1 O42 - Logiciel: Tickerbar 2.106 - (...) [HKLM][64Bits] -- Tickerbar O42 - Logiciel: Tirocado M-B-v1.1 - (.Agia3D.) [HKLM][64Bits] -- {D49EAEA6-4B6A-47CA-858B-CCDD7E237D05}_is1 O42 - Logiciel: VLC media player 2.0.8 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM][64Bits] -- WinPcapInst O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.YouTubeAdBlock O42 - Logiciel: Zoner Photo Studio 16 - (.ZONER software.) [HKLM][64Bits] -- ZonerPhotoStudio16_EN_is1 O42 - Logiciel: dreamboxEDIT -- The one and only settings editor for your Dreambox - (...) [HKLM][64Bits] -- dreamboxEDIT O42 - Logiciel: iExplorer 2.2.1.3 - (.Macroplant, LLC.) [HKLM][64Bits] -- {7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {93F2A022-6C37-48B8-B241-FFABD9F60C30} O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} O42 - Logiciel: v1.1 - (.Agia3D.) [HKLM][64Bits] -- {271CDF83-32A7-46FE-BBEB-D39968298083}_is1 O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent O42 - Logiciel: ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ - (...) [HKLM][64Bits] -- ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ ~ Logic: 78 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1ClickDownload] [HKCU\Software\4shared] [HKCU\Software\5a6dfdde568e844] =>Hijacker.Eazel [HKCU\Software\ARHome] =>Trojan.Vonteera [HKCU\Software\Absolute Futurity] [HKCU\Software\Ada99] [HKCU\Software\Adobe] [HKCU\Software\App Lid-nv-ie] =>PUP.CrossRider [HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\BackgroundContainer] =>PUP.Babylon [HKCU\Software\AppDataLow\Software\ClixSense.com] [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] [HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\AppDataLow\Software\JavaSoft] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\RealNetworks] [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\AppDataLow\Software\toolbar] [HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] =>Adware.Graftor [HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}] [HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}] [HKCU\Software\AppDataLow] [HKCU\Software\AppLid] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Applications WinDev] [HKCU\Software\Arcai.com] [HKCU\Software\AutoShutdown] [HKCU\Software\BI] [HKCU\Software\BPMconcept] [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\BitTorrent] =>P2P.BitTorrent [HKCU\Software\Canneverbe Limited] [HKCU\Software\CatalinaGroup] [HKCU\Software\CeQuadrat] [HKCU\Software\Chromium] [HKCU\Software\Classes] [HKCU\Software\Clem.Org] [HKCU\Software\Clients] [HKCU\Software\Commercial Research] [HKCU\Software\ConduitOmaha] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Cygnus Solutions] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\Digital Photo Software] [HKCU\Software\DreamMail2005] [HKCU\Software\ESET] [HKCU\Software\Elecard] [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKCU\Software\Facebook] [HKCU\Software\FileScout] =>PUP.FileScout [HKCU\Software\FlashGet Network] [HKCU\Software\Freemake] [HKCU\Software\FullBarre] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\GoforFiles] =>P2P.GoforFiles [HKCU\Software\Goobzo] =>PUP.Goobzo [HKCU\Software\Google] [HKCU\Software\Grandsoft] [HKCU\Software\Haali] [HKCU\Software\IGagnant] [HKCU\Software\IM Providers] [HKCU\Software\Imobie] [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\JKLNSoft] [HKCU\Software\JavaSoft] [HKCU\Software\LAV] [HKCU\Software\Licenses] [HKCU\Software\LlamaWare] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\MCAFEE] [HKCU\Software\Macromedia] [HKCU\Software\MainConcept] [HKCU\Software\MediaInfo] [HKCU\Software\Mediachance] [HKCU\Software\Michael Herf] [HKCU\Software\Mixesoft] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\NoVooITSet] =>Trojan.Vonteera [HKCU\Software\NoVooIT] [HKCU\Software\ODBC] [HKCU\Software\Opera Software] [HKCU\Software\Optimizer Pro] =>PUP.OptimizerPro [HKCU\Software\Orange] [HKCU\Software\PC SOFT] [HKCU\Software\PHM-SYSTEM DEVELOPMENT] [HKCU\Software\PHP Desktop] [HKCU\Software\PerformerSoft LLC] =>PUP.PerformerSoft [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\Popajar] =>Toolbar.Conduit [HKCU\Software\RealNetworks] [HKCU\Software\RegisteredApplicationsEx] =>PUP.SfKpCouponApp [HKCU\Software\Salfeld] [HKCU\Software\SensePlus-nv-ie] =>PUP.CrossRider [HKCU\Software\SkypeRS] [HKCU\Software\Skype] [HKCU\Software\SmileysWeLove] =>Adware.SmileyBar [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SourceForge] [HKCU\Software\SupHpUISoft] =>PUP.CrossRider [HKCU\Software\Tasksgr] =>Trojan.Tasksgr [HKCU\Software\TechSmith] [HKCU\Software\Trolltech] [HKCU\Software\U] [HKCU\Software\UpToDown] =>PUP.UpToDown [HKCU\Software\V9] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera [HKCU\Software\WebApp] [HKCU\Software\WebPlayer] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\Xilisoft] [HKCU\Software\Yahoo] [HKCU\Software\ZONER] [HKCU\Software\ZebHelpProcess Helper] [HKCU\Software\ched] [HKCU\Software\dreamboxEDIT] [HKCU\Software\drpsu] [HKCU\Software\ecokey] [HKCU\Software\globalUpdate] =>PUP.GlobalUpdate [HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider [HKCU\Software\mIRC] [HKCU\Software\madFlac] [HKLM\Software\ATI Technologies] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\AuthenificateWin32] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CoreCodec] [HKLM\Software\DVB Support] [HKLM\Software\FileZilla 3] [HKLM\Software\GEAR Software] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\ShopperPro] =>PUP.ShopperPro [HKLM\Software\Sonic] [HKLM\Software\Stardvb] [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node\"echo_installer"/n] [HKLM\Software\Wow6432Node\64e0632d-912f-07ba-47ea-698ae24cbe93] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Absolute Futurity] [HKLM\Software\Wow6432Node\Adobe] [HKLM\Software\Wow6432Node\AppDataLow] [HKLM\Software\Wow6432Node\Apple Computer, Inc.] [HKLM\Software\Wow6432Node\Apple Inc.] [HKLM\Software\Wow6432Node\Arcai] [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\CDDB] [HKLM\Software\Wow6432Node\Canneverbe Limited] [HKLM\Software\Wow6432Node\Classes] [HKLM\Software\Wow6432Node\Clients] [HKLM\Software\Wow6432Node\ClixSense.com] [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\CoreCodec] [HKLM\Software\Wow6432Node\Cygnus Solutions] [HKLM\Software\Wow6432Node\DVBDream] [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\Debug] [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Wow6432Node\FileZilla 3] [HKLM\Software\Wow6432Node\FlashGet Network] [HKLM\Software\Wow6432Node\Freemake] [HKLM\Software\Wow6432Node\GHC] [HKLM\Software\Wow6432Node\GNU] [HKLM\Software\Wow6432Node\Gabest] [HKLM\Software\Wow6432Node\GoforFiles] =>P2P.GoforFiles [HKLM\Software\Wow6432Node\Google] [HKLM\Software\Wow6432Node\HaaliMkx] [HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR [HKLM\Software\Wow6432Node\IM Providers] [HKLM\Software\Wow6432Node\IO3O] [HKLM\Software\Wow6432Node\IObit] [HKLM\Software\Wow6432Node\InstallShield] [HKLM\Software\Wow6432Node\Intel] [HKLM\Software\Wow6432Node\InterVideo] [HKLM\Software\Wow6432Node\Internet Download Manager] [HKLM\Software\Wow6432Node\JGsoft] [HKLM\Software\Wow6432Node\JavaSoft] [HKLM\Software\Wow6432Node\JreMetrics] [HKLM\Software\Wow6432Node\KLCodecPack] [HKLM\Software\Wow6432Node\Khronos] [HKLM\Software\Wow6432Node\LAV] [HKLM\Software\Wow6432Node\LIRC] [HKLM\Software\Wow6432Node\Licenses] [HKLM\Software\Wow6432Node\Ludosoft] [HKLM\Software\Wow6432Node\Macromedia] [HKLM\Software\Wow6432Node\MainConcept] [HKLM\Software\Wow6432Node\Mindscape] [HKLM\Software\Wow6432Node\MozillaPlugins] [HKLM\Software\Wow6432Node\Mozilla] [HKLM\Software\Wow6432Node\NVIDIA Corporation] [HKLM\Software\Wow6432Node\Nero] [HKLM\Software\Wow6432Node\NetDragon] [HKLM\Software\Wow6432Node\Netscape] [HKLM\Software\Wow6432Node\ODBC] [HKLM\Software\Wow6432Node\Opera Software] [HKLM\Software\Wow6432Node\PicexaSvc] [HKLM\Software\Wow6432Node\Policies] [HKLM\Software\Wow6432Node\RealNetworks] [HKLM\Software\Wow6432Node\RegisteredApplications] [HKLM\Software\Wow6432Node\RichFX] [HKLM\Software\Wow6432Node\SNC] [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix [HKLM\Software\Wow6432Node\Senfer] [HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport [HKLM\Software\Wow6432Node\SiteSee] [HKLM\Software\Wow6432Node\Skype] [HKLM\Software\Wow6432Node\Stardvb] [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab [HKLM\Software\Wow6432Node\Symantec] [HKLM\Software\Wow6432Node\TDS] [HKLM\Software\Wow6432Node\TechSmith] [HKLM\Software\Wow6432Node\TechniSat] [HKLM\Software\Wow6432Node\VideoLAN] [HKLM\Software\Wow6432Node\Voice] [HKLM\Software\Wow6432Node\WinPcap] [HKLM\Software\Wow6432Node\Windows] [HKLM\Software\Wow6432Node\Wondershare] [HKLM\Software\Wow6432Node\Xing Technology Corp.] [HKLM\Software\Wow6432Node\Yahoo] [HKLM\Software\Wow6432Node\ZONER] [HKLM\Software\Wow6432Node\delta-homesSoftware] =>Hijacker.DeltaHomes [HKLM\Software\Wow6432Node\diamondata] =>Hijacker.Diamondata [HKLM\Software\Wow6432Node\hdcode] [HKLM\Software\Wow6432Node\istartsurfSoftware] =>PUP.Istart [HKLM\Software\Wow6432Node\mozilla.org] [HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager [HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu [HKLM\Software\Wow6432Node\tcpip32] [HKLM\Software\Wow6432Node\tueagles] [HKLM\Software\Wow6432Node\vPlug] [HKLM\Software\Wow6432Node\winzipersvc] =>Adware.D365 [HKLM\Software\Wow6432Node] [HKLM\Software\ZONER] ~ Key Software: 434 Scanned in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 03/04/2015 - 12:52:56 - [0] ----D C:\Program Files (x86)\50CoouponS O43 - CFD: 31/01/2015 - 19:26:50 - [0] ----D C:\Program Files (x86)\AAllCheApPricee =>PUP.AllCheapPrice O43 - CFD: 10/10/2014 - 19:35:52 - [] ----D C:\Program Files (x86)\Adobe O43 - CFD: 28/11/2012 - 21:27:29 - [] ----D C:\Program Files (x86)\AF Uninstalls O43 - CFD: 25/11/2012 - 23:37:48 - [] ----D C:\Program Files (x86)\AFins Email Notifier Demo O43 - CFD: 28/03/2014 - 10:53:11 - [] ----D C:\Program Files (x86)\aljazeera news O43 - CFD: 11/11/2013 - 23:15:27 - [] ----D C:\Program Files (x86)\Apple Software Update =>.Apple Inc O43 - CFD: 29/06/2013 - 19:44:23 - [] ----D C:\Program Files (x86)\Athan O43 - CFD: 08/08/2014 - 08:28:36 - [] ----D C:\Program Files (x86)\Batch Image Resizer O43 - CFD: 09/08/2014 - 11:05:39 - [0] ----D C:\Program Files (x86)\BitSSAvver =>PUP.BitSaver O43 - CFD: 11/11/2013 - 23:14:36 - [] ----D C:\Program Files (x86)\Bonjour O43 - CFD: 03/01/2014 - 20:35:23 - [] ----D C:\Program Files (x86)\CDBurnerXP O43 - CFD: 29/04/2015 - 12:43:36 - [] ----D C:\Program Files (x86)\CheaapMe =>PUP.CheapMe O43 - CFD: 14/04/2014 - 22:23:21 - [0] ----D C:\Program Files (x86)\ChieAApMeE =>PUP.CheapMe O43 - CFD: 14/11/2013 - 16:57:14 - [] ----D C:\Program Files (x86)\ClixSense.com O43 - CFD: 23/05/2015 - 16:15:21 - [] ----D C:\Program Files (x86)\Common Files O43 - CFD: 15/03/2013 - 21:15:12 - [] ----D C:\Program Files (x86)\CoreCodec O43 - CFD: 27/04/2013 - 15:53:28 - [] ----D C:\Program Files (x86)\CVitaeV4 O43 - CFD: 08/04/2014 - 18:46:52 - [] ----D C:\Program Files (x86)\denouvel O43 - CFD: 28/03/2014 - 10:57:08 - [0] ----D C:\Program Files (x86)\DiScooUnttExttensi =>PUP.DiscountExtens O43 - CFD: 09/08/2014 - 11:06:05 - [0] ----D C:\Program Files (x86)\DowwnSSaive =>PUP.DownSave O43 - CFD: 11/03/2014 - 22:00:22 - [] ----D C:\Program Files (x86)\dreamboxEDIT O43 - CFD: 20/12/2013 - 18:26:06 - [] ----D C:\Program Files (x86)\DVBViewer TE2 O43 - CFD: 14/04/2014 - 22:23:34 - [0] ----D C:\Program Files (x86)\EENjoyCouponn =>PUP.EnjoyCoupon O43 - CFD: 09/06/2015 - 10:04:55 - [] ----D C:\Program Files (x86)\Emoticon O43 - CFD: 16/05/2015 - 11:24:14 - [] ----D C:\Program Files (x86)\FileZilla FTP Client O43 - CFD: 16/07/2014 - 21:32:06 - [0] ----D C:\Program Files (x86)\FinDBoeesteDeal =>PUP.FindBestDeal O43 - CFD: 14/11/2013 - 20:38:52 - [] ----D C:\Program Files (x86)\FlashGet Network O43 - CFD: 23/05/2015 - 16:11:33 - [] ----D C:\Program Files (x86)\Freemake O43 - CFD: 13/01/2015 - 17:23:26 - [] ----D C:\Program Files (x86)\Google O43 - CFD: 28/03/2014 - 11:00:03 - [0] ----D C:\Program Files (x86)\GreattSave4U =>PUP.GreatSave4U O43 - CFD: 06/04/2015 - 21:56:16 - [] ----D C:\Program Files (x86)\HTC Home 3 O43 - CFD: 14/09/2013 - 19:41:27 - [] ----D C:\Program Files (x86)\Idle Processor Utilization Services O43 - CFD: 17/11/2013 - 22:32:41 - [] ----D C:\Program Files (x86)\iExplorer O43 - CFD: 08/04/2014 - 18:44:46 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 23/07/2013 - 17:45:09 - [0] ----D C:\Program Files (x86)\Internet Download Manager O43 - CFD: 14/05/2015 - 08:05:15 - [] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 14/09/2013 - 20:03:14 - [] ----D C:\Program Files (x86)\IO3O LLC O43 - CFD: 17/04/2015 - 14:51:04 - [] ----D C:\Program Files (x86)\IObit O43 - CFD: 10/09/2013 - 11:03:25 - [0] ----D C:\Program Files (x86)\IslamicToolbar O43 - CFD: 01/03/2015 - 23:41:10 - [] ----D C:\Program Files (x86)\iTunes O43 - CFD: 21/06/2013 - 09:09:19 - [] ----D C:\Program Files (x86)\Java O43 - CFD: 20/12/2013 - 17:34:04 - [] ----D C:\Program Files (x86)\JB ToolBox O43 - CFD: 24/11/2012 - 16:51:47 - [] ----D C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 03/04/2015 - 13:12:06 - [] ----D C:\Program Files (x86)\LudoSoft O43 - CFD: 09/11/2013 - 22:05:03 - [] ----D C:\Program Files (x86)\Magic Photo Editor O43 - CFD: 16/07/2014 - 21:36:53 - [] ----D C:\Program Files (x86)\MainConcept O43 - CFD: 24/11/2012 - 18:42:24 - [] ----D C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 24/11/2012 - 18:42:13 - [] ----D C:\Program Files (x86)\Microsoft Office O43 - CFD: 14/05/2015 - 07:46:04 - [] ----D C:\Program Files (x86)\Microsoft Security Client O43 - CFD: 14/05/2015 - 08:06:42 - [] ----D C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 26/11/2012 - 00:07:00 - [] ----D C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation O43 - CFD: 26/11/2012 - 22:49:22 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition O43 - CFD: 24/11/2012 - 18:43:27 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD: 26/11/2012 - 00:25:57 - [] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 08/06/2013 - 23:42:40 - [] ----D C:\Program Files (x86)\MOJOSOFT O43 - CFD: 24/11/2012 - 18:44:49 - [] ----D C:\Program Files (x86)\MSBuild O43 - CFD: 12/04/2015 - 03:01:59 - [0] ----D C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 29/06/2013 - 21:55:18 - [] ----D C:\Program Files (x86)\Muslim Bag O43 - CFD: 29/11/2012 - 10:30:31 - [] ----D C:\Program Files (x86)\MyConnection PC Lite Edition O43 - CFD: 27/04/2013 - 15:54:28 - [] ----D C:\Program Files (x86)\MyCurriculum 2011 O43 - CFD: 25/11/2012 - 23:28:01 - [] ----D C:\Program Files (x86)\NCH Software O43 - CFD: 03/04/2015 - 13:05:57 - [] ----D C:\Program Files (x86)\Nero O43 - CFD: 25/05/2013 - 12:44:09 - [] ----D C:\Program Files (x86)\netcut O43 - CFD: 14/11/2013 - 21:30:26 - [] ----D C:\Program Files (x86)\NetDragon O43 - CFD: 08/06/2015 - 07:00:37 - [] ----D C:\Program Files (x86)\New XCommander O43 - CFD: 29/06/2013 - 22:03:43 - [] ----D C:\Program Files (x86)\Newcamd Mpcs Reader O43 - CFD: 02/05/2015 - 09:29:13 - [0] ----D C:\Program Files (x86)\NExtCoupp =>PUP.NextCoup O43 - CFD: 15/04/2013 - 06:35:55 - [] ----D C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 09/06/2015 - 10:09:35 - [] ----D C:\Program Files (x86)\Opera O43 - CFD: 01/08/2014 - 14:05:59 - [] ----D C:\Program Files (x86)\Opera Mail O43 - CFD: 09/06/2015 - 17:32:00 - [] ----D C:\Program Files (x86)\PackBarre =>Adware.ADON O43 - CFD: 23/05/2015 - 16:14:10 - [] ----D C:\Program Files (x86)\Picon_Manager O43 - CFD: 21/12/2014 - 10:26:09 - [] ----D C:\Program Files (x86)\priceChoep =>PUP.PriceChop O43 - CFD: 09/08/2014 - 11:08:08 - [0] ----D C:\Program Files (x86)\pricechoPP =>PUP.PriceChop O43 - CFD: 10/05/2013 - 11:41:52 - [] ----D C:\Program Files (x86)\ProgDVB O43 - CFD: 26/10/2014 - 23:33:37 - [] ----D C:\Program Files (x86)\QuickTime O43 - CFD: 23/05/2015 - 16:16:18 - [] ----D C:\Program Files (x86)\Real O43 - CFD: 10/12/2014 - 07:31:47 - [] ----D C:\Program Files (x86)\RealNetworks O43 - CFD: 14/07/2009 - 06:32:38 - [] ----D C:\Program Files (x86)\Reference Assemblies O43 - CFD: 08/06/2015 - 07:00:14 - [] ----D C:\Program Files (x86)\RieGhttOFferApp O43 - CFD: 28/03/2014 - 11:07:00 - [] ----D C:\Program Files (x86)\Ringtone Expressions O43 - CFD: 17/07/2014 - 23:02:44 - [0] ----D C:\Program Files (x86)\RRoboSavEr =>PUP.RoboSaver O43 - CFD: 17/07/2014 - 23:03:40 - [0] ----D C:\Program Files (x86)\saafieweb =>PUP.SafeWeb O43 - CFD: 07/06/2015 - 19:42:27 - [] ----D C:\Program Files (x86)\SaleuPPLuus =>PUP.SalePlus O43 - CFD: 25/11/2012 - 23:20:39 - [] ----D C:\Program Files (x86)\Scorpio Software O43 - CFD: 28/03/2014 - 11:08:26 - [] ----D C:\Program Files (x86)\SimpleTV O43 - CFD: 04/04/2014 - 13:11:20 - [] R---D C:\Program Files (x86)\Skype O43 - CFD: 03/04/2015 - 19:24:12 - [0] ----D C:\Program Files (x86)\Swift Record =>PUP.SwiftRecord O43 - CFD: 20/12/2013 - 18:26:28 - [] ----D C:\Program Files (x86)\TechniSat DVB O43 - CFD: 29/05/2013 - 19:17:07 - [] ----D C:\Program Files (x86)\TechSmith O43 - CFD: 08/06/2015 - 07:02:17 - [0] ----D C:\Program Files (x86)\TerminusSys =>Adware.TerminusSys O43 - CFD: 28/07/2013 - 18:11:52 - [] ----D C:\Program Files (x86)\Thread Manager O43 - CFD: 29/10/2013 - 06:37:05 - [] ----D C:\Program Files (x86)\Tickerbar O43 - CFD: 14/07/2009 - 05:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information O43 - CFD: 28/03/2014 - 11:09:19 - [] ----D C:\Program Files (x86)\UniverseBarre O43 - CFD: 24/11/2012 - 16:53:03 - [] ----D C:\Program Files (x86)\VideoLAN O43 - CFD: 12/07/2013 - 03:23:30 - [] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 26/11/2012 - 22:49:17 - [] ----D C:\Program Files (x86)\Windows Live O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation O43 - CFD: 12/03/2015 - 08:35:48 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation O43 - CFD: 14/07/2009 - 06:32:38 - [] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 22/06/2013 - 16:16:08 - [] ----D C:\Program Files (x86)\Wondershare O43 - CFD: 20/05/2015 - 16:18:05 - [] ----D C:\Program Files (x86)\XTab O43 - CFD: 23/05/2015 - 16:19:16 - [] ----D C:\Program Files (x86)\Yahoo! O43 - CFD: 14/03/2015 - 21:33:50 - [] ----D C:\Program Files (x86)\YoutubeAdblocker =>PUP.YouTubeAdBlock O43 - CFD: 28/03/2014 - 11:21:43 - [0] ----D C:\Program Files (x86)\YTNoAds O43 - CFD: 28/03/2014 - 11:21:49 - [] ----D C:\Program Files (x86)\Z-Barre.com O43 - CFD: 09/06/2015 - 21:31:28 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman O43 - CFD: 29/11/2012 - 10:30:04 - [] ----D C:\Program Files (x86)\Zilla Popup Killer O43 - CFD: 10/10/2014 - 19:36:31 - [] ----D C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 08/05/2015 - 20:52:31 - [] ----D C:\Program Files (x86)\Common Files\Apple O43 - CFD: 14/12/2013 - 16:31:53 - [] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 07/06/2013 - 20:28:18 - [] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 12/01/2013 - 00:44:01 - [] ----D C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 03/04/2015 - 13:06:52 - [] ----D C:\Program Files (x86)\Common Files\Nero O43 - CFD: 14/11/2013 - 21:31:40 - [] ----D C:\Program Files (x86)\Common Files\NetDragon O43 - CFD: 14/07/2009 - 04:20:08 - [] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 04/04/2014 - 13:11:19 - [] ----D C:\Program Files (x86)\Common Files\Skype O43 - CFD: 14/07/2009 - 04:20:08 - [] ----D C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 21/03/2013 - 07:00:55 - [] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 06/07/2013 - 12:13:51 - [] --H-D C:\Program Files (x86)\Common Files\System Shared O43 - CFD: 24/11/2012 - 16:54:34 - [] ----D C:\Program Files (x86)\Common Files\Windows Live O43 - CFD: 22/06/2013 - 16:16:41 - [] ----D C:\Program Files (x86)\Common Files\Wondershare O43 - CFD: 08/06/2015 - 07:00:46 - [] ----D C:\ProgramData\15147331834758840655 O43 - CFD: 26/10/2014 - 23:24:48 - [] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 O43 - CFD: 17/07/2014 - 12:05:25 - [0] ----D C:\ProgramData\50CoouponS O43 - CFD: 27/05/2015 - 09:46:52 - [0] ----D C:\ProgramData\5c567128000070ca O43 - CFD: 17/05/2015 - 07:06:48 - [0] ----D C:\ProgramData\8a07a392000050d8 O43 - CFD: 15/11/2013 - 09:50:16 - [] ----D C:\ProgramData\91 Harbor O43 - CFD: 15/11/2013 - 21:52:04 - [] ----D C:\ProgramData\91 PC Suite O43 - CFD: 17/07/2014 - 12:05:25 - [0] ----D C:\ProgramData\AAllCheApPricee =>PUP.AllCheapPrice O43 - CFD: 10/10/2014 - 19:35:54 - [] ----D C:\ProgramData\Adobe O43 - CFD: 22/06/2014 - 19:05:49 - [] ----D C:\ProgramData\AnyAppSnow O43 - CFD: 26/01/2014 - 22:03:40 - [] ----D C:\ProgramData\Apple O43 - CFD: 11/11/2013 - 23:16:58 - [] ----D C:\ProgramData\Apple Computer O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Application Data O43 - CFD: 07/05/2015 - 21:41:12 - [0] ----D C:\ProgramData\b2d24bfc0000562c O43 - CFD: 10/01/2013 - 14:38:55 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 09/08/2014 - 11:09:51 - [0] ----D C:\ProgramData\BitSSAvver =>PUP.BitSaver O43 - CFD: 07/05/2015 - 19:58:55 - [] ----D C:\ProgramData\boost_interprocess O43 - CFD: 08/08/2014 - 00:04:03 - [] ----D C:\ProgramData\Browser AdBlocker =>PUP.Adblocker O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Bureau O43 - CFD: 03/01/2014 - 20:35:36 - [] ----D C:\ProgramData\Canneverbe Limited O43 - CFD: 12/05/2013 - 17:54:05 - [] ----D C:\ProgramData\ccontiNuetooSave =>PUP.ContinueToSave O43 - CFD: 31/01/2014 - 16:21:57 - [] ----D C:\ProgramData\cfenckmbabchighkkchpmcopgfaapkhc O43 - CFD: 15/04/2014 - 09:11:07 - [0] ----D C:\ProgramData\ChieAApMeE =>PUP.CheapMe O43 - CFD: 09/08/2013 - 17:12:09 - [] ----D C:\ProgramData\CHL Pack O43 - CFD: 17/05/2013 - 15:37:38 - [] ----D C:\ProgramData\cioonteinuEitossave =>PUP.ContinueToSave O43 - CFD: 27/04/2013 - 19:42:30 - [] ----D C:\ProgramData\CMUV O43 - CFD: 23/03/2015 - 06:58:53 - [] ----D C:\ProgramData\coiNttinueetosavoe =>PUP.ContinueToSave O43 - CFD: 10/09/2013 - 21:18:07 - [] ----D C:\ProgramData\continuuetosave =>PUP.ContinueToSave O43 - CFD: 12/05/2013 - 17:54:04 - [] ----D C:\ProgramData\coonytiynnueotiosave =>PUP.ContinueToSave O43 - CFD: 02/05/2015 - 09:29:14 - [] ----D C:\ProgramData\d236220cb9c4414f O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Desktop O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\DiOwNaload keePer =>PUP.DownloadKeeper O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\DiScooUnttExttensi =>PUP.DiscountExtens O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Documents O43 - CFD: 09/08/2014 - 11:09:51 - [0] ----D C:\ProgramData\DowwnSSaive =>PUP.DownSave O43 - CFD: 12/04/2015 - 22:27:01 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 O43 - CFD: 15/04/2014 - 09:11:07 - [0] ----D C:\ProgramData\EENjoyCouponn =>PUP.EnjoyCoupon O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Favorites O43 - CFD: 21/04/2015 - 19:02:01 - [] ----D C:\ProgramData\fdhpfmbobmaggchffccdegacapdbefhd O43 - CFD: 17/07/2014 - 12:05:26 - [0] ----D C:\ProgramData\FinDBoeesteDeal =>PUP.FindBestDeal O43 - CFD: 23/05/2015 - 16:11:47 - [0] ----D C:\ProgramData\Freemake O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\GreattSave4U =>PUP.GreatSave4U O43 - CFD: 30/12/2013 - 08:14:01 - [] ----D C:\ProgramData\hpdalpgmekpafmfdnmjaabjffgnaocln O43 - CFD: 08/08/2014 - 12:55:31 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService O43 - CFD: 31/01/2015 - 14:50:39 - [] ----D C:\ProgramData\IHProtectUpDate =>Adware.AgentODR O43 - CFD: 22/06/2014 - 19:05:48 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 17/04/2015 - 14:52:59 - [] ----D C:\ProgramData\IObit O43 - CFD: 03/01/2014 - 14:08:06 - [] ----D C:\ProgramData\Logs O43 - CFD: 08/07/2013 - 10:00:58 - [] ----D C:\ProgramData\McAfee O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Menu Démarrer O43 - CFD: 08/08/2013 - 17:57:30 - [] -S--D C:\ProgramData\Microsoft O43 - CFD: 14/05/2015 - 07:49:26 - [] ----D C:\ProgramData\Microsoft Help O43 - CFD: 26/11/2012 - 00:06:32 - [] ----D C:\ProgramData\Microsoft SkyDrive =>.Microsoft Corporation O43 - CFD: 24/11/2012 - 16:27:00 - [] -SH-D C:\ProgramData\Modèles O43 - CFD: 25/11/2012 - 19:30:57 - [] ----D C:\ProgramData\Mozilla O43 - CFD: 25/11/2012 - 23:27:47 - [] ----D C:\ProgramData\NCH Software O43 - CFD: 03/04/2015 - 13:04:31 - [] ----D C:\ProgramData\Nero O43 - CFD: 02/05/2015 - 09:31:26 - [0] ----D C:\ProgramData\NExtCoupp =>PUP.NextCoup O43 - CFD: 02/02/2015 - 06:58:26 - [] ----D C:\ProgramData\Norton O43 - CFD: 01/02/2015 - 20:02:58 - [] ----D C:\ProgramData\NortonInstaller O43 - CFD: 09/06/2015 - 10:04:12 - [] ----D C:\ProgramData\NVIDIA O43 - CFD: 30/11/2012 - 10:57:26 - [] ----D C:\ProgramData\NVIDIA Corporation O43 - CFD: 14/11/2013 - 22:15:53 - [0] ----D C:\ProgramData\PC SUITE O43 - CFD: 08/08/2014 - 12:18:44 - [] ----D C:\ProgramData\priceChoep =>PUP.PriceChop O43 - CFD: 09/08/2014 - 11:09:52 - [0] ----D C:\ProgramData\pricechoPP =>PUP.PriceChop O43 - CFD: 02/05/2015 - 08:39:22 - [] ----D C:\ProgramData\ProductData O43 - CFD: 10/05/2013 - 11:41:54 - [] ----D C:\ProgramData\ProgDVB O43 - CFD: 29/03/2014 - 12:37:11 - [] ----D C:\ProgramData\Puresafe O43 - CFD: 24/05/2015 - 07:06:11 - [] ----D C:\ProgramData\Real O43 - CFD: 24/05/2015 - 07:06:22 - [] ----D C:\ProgramData\RealNetworks O43 - CFD: 17/07/2014 - 23:04:59 - [0] ----D C:\ProgramData\RRoboSavEr =>PUP.RoboSaver O43 - CFD: 17/07/2014 - 23:04:59 - [0] ----D C:\ProgramData\saafieweb =>PUP.SafeWeb O43 - CFD: 23/03/2015 - 06:58:53 - [] ----D C:\ProgramData\safe save =>Adware.SafeSave O43 - CFD: 28/03/2014 - 10:53:40 - [0] ----D C:\ProgramData\Screentime O43 - CFD: 03/10/2013 - 06:55:19 - [0] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp O43 - CFD: 04/04/2014 - 13:11:13 - [] ----D C:\ProgramData\Skype O43 - CFD: 29/03/2014 - 12:22:27 - [] ----D C:\ProgramData\SNT O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Start Menu O43 - CFD: 02/10/2013 - 18:17:11 - [] ----D C:\ProgramData\SummerSoft O43 - CFD: 24/11/2012 - 16:51:22 - [] ----D C:\ProgramData\Sun O43 - CFD: 12/07/2013 - 11:20:12 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 24/11/2012 - 18:25:37 - [] ----D C:\ProgramData\Technisat O43 - CFD: 29/05/2013 - 19:17:09 - [] ----D C:\ProgramData\TechSmith O43 - CFD: 31/03/2015 - 23:04:03 - [] ---AD C:\ProgramData\TEMP O43 - CFD: 14/07/2009 - 06:08:56 - [] -SH-D C:\ProgramData\Templates O43 - CFD: 20/12/2013 - 18:14:14 - [] ----D C:\ProgramData\Windows Genuine Advantage O43 - CFD: 20/05/2015 - 16:16:50 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu O43 - CFD: 15/11/2013 - 21:45:31 - [] ----D C:\ProgramData\WindSolutions O43 - CFD: 22/06/2013 - 16:20:07 - [] ----D C:\ProgramData\Wondershare O43 - CFD: 29/03/2014 - 12:20:14 - [] ----D C:\ProgramData\YoutubeAdblocker =>PUP.YouTubeAdBlock O43 - CFD: 29/03/2014 - 09:50:21 - [0] ----D C:\ProgramData\YTNoAds O43 - CFD: 09/11/2013 - 18:45:18 - [] ----D C:\ProgramData\Zoner O43 - CFD: 08/06/2015 - 12:57:02 - [] ----D C:\ProgramData\{4b259ba2-b120-af84-4b25-59ba2b126e8a} O43 - CFD: 08/06/2015 - 06:57:44 - [] ----D C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e} O43 - CFD: 01/01/2008 - 03:02:10 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 21/03/2013 - 07:05:09 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 10/05/2013 - 13:08:09 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AltDVB Sat4all Edition O43 - CFD: 25/05/2013 - 12:44:09 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com O43 - CFD: 29/06/2013 - 19:43:37 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan O43 - CFD: 28/11/2012 - 22:47:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre_Big_PTP O43 - CFD: 08/08/2014 - 08:28:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batch Image Resizer O43 - CFD: 29/11/2012 - 11:51:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CashBarre O43 - CFD: 25/11/2012 - 19:24:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 10/05/2013 - 13:11:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ccontiNuetooSave O43 - CFD: 16/05/2013 - 20:27:31 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cioonteinuEitossave O43 - CFD: 10/05/2013 - 12:20:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coonytiynnueotiosave O43 - CFD: 15/03/2013 - 21:15:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec O43 - CFD: 08/04/2014 - 18:47:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\denouvel O43 - CFD: 28/11/2012 - 19:25:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamMail O43 - CFD: 17/10/2014 - 16:55:47 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream O43 - CFD: 09/08/2013 - 17:29:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream 2.4B AHMAD Edition R5 O43 - CFD: 16/05/2013 - 20:17:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream by DDv122 & ABDULLL & EnDi O43 - CFD: 16/05/2013 - 21:52:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB DREAM STAR7ARAB EDITION O43 - CFD: 05/04/2014 - 17:24:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream version 2.5 Ahmad & Takki R1 O43 - CFD: 20/12/2013 - 18:26:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2 O43 - CFD: 06/05/2013 - 19:51:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro-Happy O43 - CFD: 05/01/2015 - 19:57:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtraBarre O43 - CFD: 23/05/2015 - 12:30:56 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader O43 - CFD: 16/05/2015 - 11:24:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client O43 - CFD: 14/11/2013 - 20:39:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 O43 - CFD: 01/01/2008 - 03:02:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 07/06/2013 - 10:41:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 15/03/2013 - 21:15:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter O43 - CFD: 17/11/2013 - 22:32:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer O43 - CFD: 12/04/2015 - 22:27:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes O43 - CFD: 20/12/2013 - 17:34:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JB ToolBox O43 - CFD: 24/11/2012 - 16:51:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack O43 - CFD: 29/09/2013 - 22:07:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\laboitakados O43 - CFD: 09/11/2013 - 22:05:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Photo Editor O43 - CFD: 14/07/2009 - 05:57:09 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 24/11/2012 - 18:45:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 14/05/2015 - 07:19:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight O43 - CFD: 27/04/2013 - 15:54:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCurriculum 2011 O43 - CFD: 03/04/2015 - 13:06:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero O43 - CFD: 30/11/2012 - 11:28:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation O43 - CFD: 26/10/2014 - 23:33:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime O43 - CFD: 23/05/2015 - 16:16:29 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks O43 - CFD: 24/11/2012 - 18:45:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint O43 - CFD: 04/04/2014 - 13:11:20 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 29/03/2014 - 12:22:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons O43 - CFD: 28/11/2012 - 21:27:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedTestPro =>Adware.ScriptHost O43 - CFD: 26/01/2015 - 20:06:05 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 14/07/2009 - 16:35:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 20/12/2013 - 18:26:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechniSat DVB O43 - CFD: 29/05/2013 - 19:17:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith O43 - CFD: 28/07/2013 - 18:11:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thread Manager O43 - CFD: 28/11/2012 - 22:51:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tickerbar O43 - CFD: 14/01/2013 - 21:24:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tirocado O43 - CFD: 22/08/2013 - 14:06:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 26/11/2012 - 22:49:43 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live O43 - CFD: 25/05/2013 - 12:44:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap O43 - CFD: 24/11/2012 - 16:46:59 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 09/06/2015 - 21:31:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman O43 - CFD: 09/11/2013 - 18:45:07 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16 O43 - CFD: 26/11/2012 - 12:58:46 - [] ----D C:\Users\RCZ\AppData\Roaming\Adobe O43 - CFD: 08/05/2015 - 20:52:32 - [] ----D C:\Users\RCZ\AppData\Roaming\Apple Computer O43 - CFD: 20/05/2015 - 16:17:05 - [] ----D C:\Users\RCZ\AppData\Roaming\ARHome =>Trojan.Vonteera O43 - CFD: 09/06/2015 - 17:28:39 - [] ----D C:\Users\RCZ\AppData\Roaming\BITS O43 - CFD: 03/01/2014 - 20:35:36 - [] ----D C:\Users\RCZ\AppData\Roaming\Canneverbe Limited O43 - CFD: 17/01/2015 - 09:58:39 - [] ----D C:\Users\RCZ\AppData\Roaming\CoinMiner O43 - CFD: 15/08/2013 - 16:03:43 - [] ----D C:\Users\RCZ\AppData\Roaming\Cropper O43 - CFD: 27/04/2013 - 19:36:00 - [] ----D C:\Users\RCZ\AppData\Roaming\CVitae O43 - CFD: 07/07/2013 - 20:17:15 - [] ----D C:\Users\RCZ\AppData\Roaming\DG O43 - CFD: 24/11/2012 - 20:06:24 - [0] ----D C:\Users\RCZ\AppData\Roaming\DMCache O43 - CFD: 28/03/2014 - 10:57:27 - [0] ----D C:\Users\RCZ\AppData\Roaming\DRPSu O43 - CFD: 02/10/2013 - 18:25:49 - [] ----D C:\Users\RCZ\AppData\Roaming\dvdcss O43 - CFD: 22/06/2014 - 19:06:36 - [] ----D C:\Users\RCZ\AppData\Roaming\EZDownloader O43 - CFD: 16/05/2015 - 11:27:38 - [] ----D C:\Users\RCZ\AppData\Roaming\FileZilla O43 - CFD: 18/11/2013 - 22:20:48 - [] ----D C:\Users\RCZ\AppData\Roaming\FlashGet O43 - CFD: 14/11/2013 - 20:38:58 - [] ----D C:\Users\RCZ\AppData\Roaming\FlashGetBHO O43 - CFD: 14/11/2013 - 20:39:04 - [0] ----D C:\Users\RCZ\AppData\Roaming\FlashgetSetup O43 - CFD: 24/11/2012 - 16:27:17 - [] ----D C:\Users\RCZ\AppData\Roaming\Identities O43 - CFD: 14/09/2013 - 19:41:18 - [] ----D C:\Users\RCZ\AppData\Roaming\Idle Processor Utilization Services O43 - CFD: 16/11/2013 - 13:33:01 - [] ----D C:\Users\RCZ\AppData\Roaming\iMobie O43 - CFD: 17/04/2015 - 14:51:48 - [] ----D C:\Users\RCZ\AppData\Roaming\IObit O43 - CFD: 14/09/2013 - 20:03:00 - [] ----D C:\Users\RCZ\AppData\Roaming\Java O43 - CFD: 24/11/2012 - 18:16:43 - [] ----D C:\Users\RCZ\AppData\Roaming\Macromedia O43 - CFD: 14/07/2009 - 16:35:02 - [0] ----D C:\Users\RCZ\AppData\Roaming\Media Center Programs O43 - CFD: 20/12/2013 - 18:38:01 - [0] ----D C:\Users\RCZ\AppData\Roaming\Media Player Classic O43 - CFD: 02/05/2014 - 22:59:35 - [] -S--D C:\Users\RCZ\AppData\Roaming\Microsoft O43 - CFD: 08/05/2013 - 19:20:50 - [] ----D C:\Users\RCZ\AppData\Roaming\Million O43 - CFD: 02/06/2013 - 22:11:32 - [] ----D C:\Users\RCZ\AppData\Roaming\mIRC O43 - CFD: 08/06/2013 - 23:42:40 - [] ----D C:\Users\RCZ\AppData\Roaming\mojosoft O43 - CFD: 31/08/2013 - 17:35:46 - [] ----D C:\Users\RCZ\AppData\Roaming\Mozilla O43 - CFD: 31/01/2015 - 18:18:34 - [] ----D C:\Users\RCZ\AppData\Roaming\mystartsearch =>PUP.StartSearch O43 - CFD: 03/04/2015 - 13:07:59 - [] ----D C:\Users\RCZ\AppData\Roaming\Nero O43 - CFD: 22/11/2013 - 18:44:25 - [] ----D C:\Users\RCZ\AppData\Roaming\NVIDIA O43 - CFD: 01/08/2014 - 14:06:00 - [] ----D C:\Users\RCZ\AppData\Roaming\Opera Mail O43 - CFD: 02/01/2015 - 16:29:36 - [] ----D C:\Users\RCZ\AppData\Roaming\Opera Software O43 - CFD: 17/04/2015 - 14:53:04 - [] ----D C:\Users\RCZ\AppData\Roaming\ProductData O43 - CFD: 23/05/2015 - 16:15:02 - [] ----D C:\Users\RCZ\AppData\Roaming\Real O43 - CFD: 24/05/2015 - 07:06:11 - [] ----D C:\Users\RCZ\AppData\Roaming\RealNetworks O43 - CFD: 28/03/2014 - 11:07:00 - [] ----D C:\Users\RCZ\AppData\Roaming\Ringtone Expressions O43 - CFD: 05/07/2013 - 16:42:55 - [] ----D C:\Users\RCZ\AppData\Roaming\Salfeld O43 - CFD: 15/09/2013 - 13:19:40 - [] ----D C:\Users\RCZ\AppData\Roaming\SimpleTV V03 O43 - CFD: 18/11/2014 - 22:40:59 - [] ----D C:\Users\RCZ\AppData\Roaming\Skype O43 - CFD: 23/07/2013 - 17:48:14 - [] ----D C:\Users\RCZ\AppData\Roaming\SmileysWeLove =>Adware.SmileyBar O43 - CFD: 09/08/2014 - 15:02:07 - [] ----D C:\Users\RCZ\AppData\Roaming\uTorrent =>P2P.µTorrent O43 - CFD: 22/05/2015 - 13:34:23 - [] ----D C:\Users\RCZ\AppData\Roaming\vlc O43 - CFD: 20/05/2015 - 16:17:07 - [] ----D C:\Users\RCZ\AppData\Roaming\VolIE =>Trojan.Vonteera O43 - CFD: 30/08/2013 - 12:00:05 - [] ----D C:\Users\RCZ\AppData\Roaming\Windows Live Writer O43 - CFD: 15/11/2013 - 21:48:32 - [] ----D C:\Users\RCZ\AppData\Roaming\WindSolutions O43 - CFD: 24/11/2012 - 19:45:07 - [] ----D C:\Users\RCZ\AppData\Roaming\WinRAR O43 - CFD: 31/01/2015 - 14:55:29 - [0] ----D C:\Users\RCZ\AppData\Roaming\WinZipper O43 - CFD: 22/11/2013 - 18:44:15 - [] ----D C:\Users\RCZ\AppData\Roaming\Xilisoft O43 - CFD: 09/06/2015 - 21:35:09 - [] ----D C:\Users\RCZ\AppData\Roaming\ZHP =>.Nicolas Coolman O43 - CFD: 09/11/2013 - 18:45:33 - [] ----D C:\Users\RCZ\AppData\Roaming\Zoner O43 - CFD: 16/05/2015 - 10:10:05 - [] ----D C:\Users\RCZ\AppData\Local\Adobe O43 - CFD: 14/01/2014 - 14:12:28 - [] ----D C:\Users\RCZ\AppData\Local\Apple O43 - CFD: 10/01/2014 - 11:11:18 - [] ----D C:\Users\RCZ\AppData\Local\Apple Computer O43 - CFD: 24/11/2012 - 16:27:05 - [] -SH-D C:\Users\RCZ\AppData\Local\Application Data O43 - CFD: 09/11/2013 - 20:13:35 - [] ----D C:\Users\RCZ\AppData\Local\Apps O43 - CFD: 31/03/2015 - 23:19:12 - [] ----D C:\Users\RCZ\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider O43 - CFD: 29/05/2013 - 19:17:48 - [] ----D C:\Users\RCZ\AppData\Local\assembly O43 - CFD: 14/01/2014 - 11:57:51 - [0] ----D C:\Users\RCZ\AppData\Local\Axialis O43 - CFD: 16/04/2013 - 22:23:06 - [] ----D C:\Users\RCZ\AppData\Local\B1E O43 - CFD: 29/11/2012 - 10:32:33 - [] ----D C:\Users\RCZ\AppData\Local\BPMconcept O43 - CFD: 24/02/2013 - 06:14:48 - [0] ----D C:\Users\RCZ\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch O43 - CFD: 29/03/2014 - 12:46:42 - [] ----D C:\Users\RCZ\AppData\Local\by_ZebraDem O43 - CFD: 22/08/2014 - 20:44:19 - [] ----D C:\Users\RCZ\AppData\Local\CatalinaGroup O43 - CFD: 08/08/2014 - 12:18:24 - [] ----D C:\Users\RCZ\AppData\Local\Chromatic Browser =>PUP.Chromatic O43 - CFD: 29/03/2014 - 12:19:47 - [] ----D C:\Users\RCZ\AppData\Local\Comodo O43 - CFD: 08/08/2014 - 13:30:03 - [] ----D C:\Users\RCZ\AppData\Local\Conduit O43 - CFD: 09/06/2015 - 20:27:34 - [] ----D C:\Users\RCZ\AppData\Local\CrashDumps O43 - CFD: 31/01/2015 - 14:48:36 - [] ----D C:\Users\RCZ\AppData\Local\CrashRpt O43 - CFD: 29/11/2012 - 12:53:06 - [] ----D C:\Users\RCZ\AppData\Local\CRE O43 - CFD: 09/06/2015 - 17:28:48 - [0] ----D C:\Users\RCZ\AppData\Local\Deployment O43 - CFD: 26/12/2012 - 15:58:49 - [0] ----D C:\Users\RCZ\AppData\Local\Diagnostics O43 - CFD: 03/05/2015 - 12:59:09 - [0] ----D C:\Users\RCZ\AppData\Local\ElevatedDiagnostics O43 - CFD: 18/11/2014 - 20:07:04 - [] -SH-D C:\Users\RCZ\AppData\Local\EmieBrowserModeList O43 - CFD: 25/04/2014 - 19:49:33 - [] -SH-D C:\Users\RCZ\AppData\Local\EmieSiteList O43 - CFD: 25/04/2014 - 19:49:33 - [] -SH-D C:\Users\RCZ\AppData\Local\EmieUserList O43 - CFD: 08/12/2013 - 19:09:02 - [] ----D C:\Users\RCZ\AppData\Local\Facebook O43 - CFD: 07/08/2014 - 21:26:02 - [] ----D C:\Users\RCZ\AppData\Local\globalUpdate =>PUP.GlobalUpdate O43 - CFD: 29/03/2014 - 12:19:47 - [] ----D C:\Users\RCZ\AppData\Local\Google O43 - CFD: 24/04/2015 - 16:55:52 - [] ----D C:\Users\RCZ\AppData\Local\Grandsoft O43 - CFD: 24/11/2012 - 16:27:05 - [] -SH-D C:\Users\RCZ\AppData\Local\Historique O43 - CFD: 16/11/2013 - 13:32:56 - [] ----D C:\Users\RCZ\AppData\Local\iMobie_Inc O43 - CFD: 31/03/2015 - 22:57:31 - [] ----D C:\Users\RCZ\AppData\Local\Installer O43 - CFD: 14/01/2014 - 00:09:01 - [] ----D C:\Users\RCZ\AppData\Local\iSpirit O43 - CFD: 25/11/2012 - 19:22:22 - [] ----D C:\Users\RCZ\AppData\Local\Macromedia O43 - CFD: 02/05/2014 - 22:59:11 - [] ----D C:\Users\RCZ\AppData\Local\Microsoft O43 - CFD: 22/02/2015 - 13:52:03 - [] ----D C:\Users\RCZ\AppData\Local\Microsoft Games O43 - CFD: 24/11/2012 - 16:41:13 - [0] ----D C:\Users\RCZ\AppData\Local\Microsoft Help O43 - CFD: 01/10/2013 - 07:20:14 - [] ----D C:\Users\RCZ\AppData\Local\Mozilla O43 - CFD: 14/01/2014 - 13:01:35 - [] ----D C:\Users\RCZ\AppData\Local\Nero O43 - CFD: 09/11/2013 - 20:20:45 - [] ----D C:\Users\RCZ\AppData\Local\Nero_AG O43 - CFD: 14/11/2013 - 22:18:04 - [] ----D C:\Users\RCZ\AppData\Local\NetDragon O43 - CFD: 01/08/2014 - 14:06:01 - [] ----D C:\Users\RCZ\AppData\Local\Opera Mail O43 - CFD: 02/01/2015 - 16:29:38 - [] ----D C:\Users\RCZ\AppData\Local\Opera Software O43 - CFD: 31/01/2014 - 16:22:11 - [] ----D C:\Users\RCZ\AppData\Local\Packages O43 - CFD: 01/01/2015 - 10:52:05 - [0] ----D C:\Users\RCZ\AppData\Local\pangu O43 - CFD: 16/05/2013 - 19:58:13 - [] ----D C:\Users\RCZ\AppData\Local\Programs O43 - CFD: 24/08/2013 - 07:28:09 - [] ----D C:\Users\RCZ\AppData\Local\Rapider O43 - CFD: 14/01/2014 - 12:07:11 - [] ----D C:\Users\RCZ\AppData\Local\Screentime O43 - CFD: 04/04/2014 - 13:11:36 - [] ----D C:\Users\RCZ\AppData\Local\Skype O43 - CFD: 07/11/2014 - 11:50:38 - [] ----D C:\Users\RCZ\AppData\Local\TB O43 - CFD: 29/05/2013 - 19:17:07 - [] ----D C:\Users\RCZ\AppData\Local\TechSmith O43 - CFD: 09/06/2015 - 21:34:58 - [] ----D C:\Users\RCZ\AppData\Local\Temp O43 - CFD: 24/11/2012 - 16:27:05 - [] -SH-D C:\Users\RCZ\AppData\Local\Temporary Internet Files O43 - CFD: 29/11/2012 - 12:02:28 - [] ----D C:\Users\RCZ\AppData\Local\TenDollars2Surf.com O43 - CFD: 26/09/2014 - 19:34:36 - [] ----D C:\Users\RCZ\AppData\Local\Thinstall O43 - CFD: 29/03/2014 - 12:19:47 - [] ----D C:\Users\RCZ\AppData\Local\Torch =>PUP.Torch O43 - CFD: 25/11/2012 - 23:21:32 - [] ----D C:\Users\RCZ\AppData\Local\VirtualStore O43 - CFD: 31/03/2015 - 23:19:09 - [] ----D C:\Users\RCZ\AppData\Local\WebPlayer O43 - CFD: 15/09/2014 - 12:41:21 - [] ----D C:\Users\RCZ\AppData\Local\Windows Live O43 - CFD: 26/11/2012 - 23:08:13 - [] ----D C:\Users\RCZ\AppData\Local\Windows Live Writer O43 - CFD: 15/09/2013 - 10:41:39 - [] ----D C:\Users\RCZ\AppData\Local\Windows_Development_Inc O43 - CFD: 16/02/2014 - 20:27:25 - [] ----D C:\Users\RCZ\AppData\Local\Wiwild O43 - CFD: 22/06/2013 - 16:16:43 - [] ----D C:\Users\RCZ\AppData\Local\Wondershare O43 - CFD: 09/11/2013 - 18:45:49 - [] ----D C:\Users\RCZ\AppData\Local\Zoner O43 - CFD: 14/07/2009 - 05:54:32 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 12/03/2015 - 08:41:18 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 31/03/2015 - 23:19:12 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider O43 - CFD: 08/08/2014 - 15:12:08 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio O43 - CFD: 27/04/2013 - 15:53:33 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CVitaeV4 O43 - CFD: 11/03/2014 - 22:00:23 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT O43 - CFD: 07/10/2013 - 18:59:42 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emoticon O43 - CFD: 14/11/2013 - 20:39:04 - [0] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 O43 - CFD: 25/03/2014 - 14:15:55 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player O43 - CFD: 14/12/2013 - 16:31:36 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 21/12/2012 - 18:41:30 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaBoitaKadosBarre (www.laboitakados.com) O43 - CFD: 28/03/2014 - 10:55:25 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legend Edition O43 - CFD: 14/07/2009 - 05:49:38 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 29/06/2013 - 21:55:19 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muslim Bag O43 - CFD: 09/06/2015 - 17:32:01 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre =>Adware.ADON O43 - CFD: 08/06/2013 - 23:43:19 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Frame Studio O43 - CFD: 21/04/2015 - 18:58:58 - [] R---D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 28/11/2012 - 22:51:24 - [0] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tickerbar O43 - CFD: 24/11/2012 - 16:46:59 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 08/06/2013 - 21:36:28 - [] ----D C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ ~ 1 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 420 Scanned in 00mn 03s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.B862256A8617108CD67ACE2D22AF6D2D] - 09/06/2015 - 10:04:15 ---A- . (...) -- C:\Windows\setupact.log [2338] O44 - LFC:[MD5.D8260B5DA72FEC3142966E662F7A572D] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1672934] O44 - LFC:[MD5.0A62036ACA2031015A449E0FB8F106F2] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfc009.dat [122274] O44 - LFC:[MD5.D0A6E25EE5C97877839D5AB414B8709F] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [149434] O44 - LFC:[MD5.D8FD8A13F082355A99F19EF8C7C3CAE8] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfh009.dat [655932] O44 - LFC:[MD5.5BEE9401D0CF5CCAFF570266271DBEAD] - 09/06/2015 - 10:10:23 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [738946] O44 - LFC:[MD5.6685566C39D59426CFE11916E321858D] - 09/06/2015 - 17:24:24 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.D22E177E7B8F36B028A07BDB2DC5291A] - 09/06/2015 - 21:19:27 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1608663] ~ Files: 8 Scanned in 00mn 07s ---\\ Latest files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.5405E2B6EC056724D90B3CF9C248B1AC] - 09/06/2015 - 17:32:57 ---A- - C:\Windows\Prefetch\PACKBARRE.EXE-20ECD862.pf =>Adware.ADON ~ Prefetcher: 1 Scanned in 00mn 00s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" [Enabled] .(.Trend Media Corporation Limited.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe O47 - AAKE:Key Export SP - "C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [Enabled] .(...) -- C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe (.not file.) ~ Keys Export: 2 Scanned in 00mn 00s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll ~ LSA: 9 Scanned in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 13 Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{10521325-b80d-11dc-a9ae-806e6f6e6963}\AutoRun\command. (...) -- F:\start.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ TDSD: 2 Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O53 - SMSR:HKLM\...\startupreg\CatalinaGroup Update [Key] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe O53 - SMSR:HKLM\...\startupreg\ccleaner [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O53 - SMSR:HKLM\...\startupreg\Clock Widget (HTC Home) [Key] . (.No owner - Clock widget for HTC Home 3.) -- C:\Program Files (x86)\HTC Home 3\Clock.exe O53 - SMSR:HKLM\...\startupreg\Coin Miner [Key] . (...) -- C:\Program Files (x86)\CoinMiner\coinminer.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Facebook Update [Key] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe O53 - SMSR:HKLM\...\startupreg\facemoods [Key] . (...) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (.not file.) =>Adware.Facemoods O53 - SMSR:HKLM\...\startupreg\FlashGet 3 [Key] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe O53 - SMSR:HKLM\...\startupreg\iCloudServices [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O53 - SMSR:HKLM\...\startupreg\RealDownloader [Key] . (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\se [Key] . (...) -- C:\Users\RCZ\AppData\Roaming\SkypEmoticons\SE.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Weather Widget (HTC Home) [Key] . (.No owner - Weather widget for HTC Home 3.) -- C:\Users\RCZ\Downloads\HTC_Home_Apis\Weather.exe O53 - SMSR:HKLM\...\startupreg\Zoner Photo Studio Autoupdate [Key] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe O53 - SMSR:HKLM\...\startupreg\Zoner Photo Studio Service 16 [Key] . (...) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.exeC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe (.not file.) ~ SMSR Keys: 17 Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableLockWorkstation"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableClock"=0 O55 - MWPS:[HKCU\...\Policies\System] - "LogonHoursAction"=2 O55 - MWPS:[HKCU\...\Policies\System] - "DontDisplayLogonHoursWarnings"=1 ~ MWPS: 22 Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRun"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFind"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 ~ MWPE Keys: 8 Scanned in 00mn 00s ---\\ Search Drivers Rootkit (SDR) (O57) O57 - SDR:Search Drivers Rootkit - ( - .) -- ~ Keys: Scanned in 00mn 01s ---\\ System Drivers List (SDL) (O58) O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [339536] O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [182864] O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [15440] O58 - SDL:20/11/2010 - 14:32:46 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [107904] O58 - SDL:14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [194128] O58 - SDL:20/11/2010 - 14:32:47 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [27008] O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [87632] O58 - SDL:14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [97856] O58 - SDL:10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60a.sys [270848] O58 - SDL:10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [18432] O58 - SDL:10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [8704] O58 - SDL:14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [286720] O58 - SDL:10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [47104] O58 - SDL:10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976] O58 - SDL:10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720] O58 - SDL:10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [468480] O58 - SDL:14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [17488] O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3286016] O58 - SDL:21/08/2012 - 13:01:20 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:20/11/2010 - 14:33:35 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [78720] O58 - SDL:20/11/2010 - 14:33:38 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [410496] O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [44112] O58 - SDL:17/04/2015 - 03:43:55 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [114752] O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [106560] O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [65600] O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [115776] O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\System32\Drivers\megasas.sys [35392] O58 - SDL:14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [284736] O58 - SDL:14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [51264] O58 - SDL:11/02/2011 - 22:23:34 ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [35344] O58 - SDL:26/02/2013 - 00:32:32 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 311.06.) -- C:\Windows\System32\Drivers\nvlddmkm.sys [11036448] O58 - SDL:20/11/2010 - 14:33:48 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [148352] O58 - SDL:20/11/2010 - 14:33:48 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [166272] O58 - SDL:14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1524816] O58 - SDL:14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [128592] O58 - SDL:10/06/2009 - 21:35:42 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\System32\Drivers\Rt64win7.sys [187392] O58 - SDL:10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040] O58 - SDL:14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [43584] O58 - SDL:14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [80464] O58 - SDL:11/09/2009 - 06:47:24 ---A- . (.TechniSat Digital, S.A. - NDIS 5.0 driver.) -- C:\Windows\System32\Drivers\SkyNET_AMD64.sys [615440] O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800] O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080] O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [206080] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:15/08/2014 - 23:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [17488] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [161872] O58 - SDL:31/01/2015 - 01:49:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys [48784] =>PUP.LinkiDoo O58 - SDL:31/03/2015 - 09:32:50 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys [48784] =>PUP.LinkiDoo O58 - SDL:06/08/2014 - 09:43:26 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys [61632] =>PUP.LinkiDoo O58 - SDL:04/02/2005 - 17:12:50 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\SysWOW64\drivers\pfc.sys [10368] ~ Drivers: 55 Scanned in 00mn 06s ---\\ Last modified or created user files (O61) O61 - LFC: 08/06/2015 - 21:40:15 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\3770\temp\5972653202229919220b.exe [2584576] O61 - LFC: 08/06/2015 - 21:40:24 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\3770\temp\BondedSplitter.xyz.exe [2792960] O61 - LFC: 08/06/2015 - 21:40:25 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\5972653202229919220b.exe [2584576] O61 - LFC: 08/06/2015 - 21:40:27 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Temp\ntwdblib.dll [4096] O61 - LFC: 09/06/2015 - 21:35:58 ---A- . (...) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\User Data\ev_hashes_whitelist.bin [1113849] O61 - LFC: 09/06/2015 - 21:36:19 ---A- . (...) -- C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849] O61 - LFC: 09/06/2015 - 21:40:27 ---A- . (.Client Connect LTD.) -- C:\Users\RCZ\AppData\Local\Temp\Runner.exe [236352] O61 - LFC: 09/06/2015 - 21:40:35 ---A- . (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr25.bin [24] O61 - LFC: 09/06/2015 - 21:41:09 R--A- . (.BPMconcept.) -- C:\Users\RCZ\AppData\Roaming\Microsoft\Installer\{CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}\DesktopIcon.exe [378368] =>Adware.ADON O61 - LFC: 09/06/2015 - 21:41:09 R--A- . (.BPMconcept.) -- C:\Users\RCZ\AppData\Roaming\Microsoft\Installer\{CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}\StartMenuIcon.exe [378368] O61 - LFC: 09/06/2015 - 21:51:56 ---A- . (.Nicolas Coolman.) -- C:\Users\RCZ\Downloads\ZHPDiag2.exe [6880102] =>.Nicolas Coolman ~ 105 Fichiers temporaires (Temporary files) ~ 3016 Fichiers cookies (Cookies files) ~ Files: 11 Scanned in 16mn 35s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 11/02/2011 - C:\Windows\System32\drivers\npf.sys (npf) .(.CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) - LEGACY_NPF O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 31/01/2015 - C:\Windows\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys ({4f8c067a-e55a-4229-81e6-7be1491578a2}w64) .(.StdLib - StdLib.) - LEGACY_{4F8C067A-E55A-4229-81E6-7BE1491578A2}W64 =>PUP.LinkiDoo O64 - Services: CurCS - 31/03/2015 - C:\Windows\System32\drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys ({bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64) .(.StdLib - StdLib.) - LEGACY_{BDF235AD-4365-4D0E-84D9-2132BDB9D67C}GW64 =>PUP.LinkiDoo O64 - Services: CurCS - 06/08/2014 - C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys ({ed7eb956-75ed-460d-8f69-29a93b07afd1}w64) .(.StdLib - StdLib.) - LEGACY_{ED7EB956-75ED-460D-8F69-29A93B07AFD1}W64 =>PUP.LinkiDoo ~ Legacy: 77 Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- c:\program files\internet explorer\iexplore.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- c:\program files (x86)\opera mail\operamail.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- c:\program files (x86)\opera\launcher.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000082.isPlayDisplay", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000082.state", "{\"state\":\"stopped\",\"text\":\"Today's T...\",\"description\":\"Today's Top Country Hits\[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_TMP_city", "ALGIERS"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_TMP_country", "DZ"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_country", "ALGERIA"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_locId", "AGXX0001"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_location", "Algiers, 42, Algeria"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_region", "OT"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_temp_dis", "c"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.1000234.TWC_wind_dis", "kmh"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_DaysActivity.enc", "MTQxOTY3MTI0NDc4NA=="); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_firstTimeNotification_129883112190108518.enc", "bm8="); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_lang.enc", "RU4="); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_welcome_popup_text.enc", "Q2xpY2sgdG8gc3RhcnQgcnVubmluZyB5b3VyIHNjaGVkdWxlLCBldmVudHMsIGJpcnRoZGF5cy[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.Calendar_welcome_popup_title.enc", "V2VsY29tZSB0byBDYWxlbmRhcis="); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.FF19Solved", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.FirstTime", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.FirstTimeFF3", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.RestartDialogFirstTime", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.RestartDialogShouldDisplay", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.UserID", "UN34466822152440020"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.addressBarTakeOverEnabledInHidden", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.appOptions", "{}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.countryCode", "DZ"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.defaultSearch", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.dum", "2"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.embeddedsData", "[{\"appId\":\"128802460738106541\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.enableAlerts", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.enableSearchFromAddressBar", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.firstTimeDialogOpened", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.fixPageNotFoundError", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.fixPageNotFoundErrorInHidden", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.fullUserID", "UN34466822152440020.IN.20140726123001"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.https___calendar_tbccint_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhc[...] =>Toolbar.Conduit O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installDate", "26/07/2014 12:30:16"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installId", "dm"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installSessionId", "a82ef9a4-7f1a-414f-a7d3-c1cdaf6050ea"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installSp", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installType", "clientconnectnsisintegration"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.installerVersion", "1.11.0.11"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isCheckedStartAsHidden", true); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://www.trovi.com/?gd=&ctid=CT2192277&octid=CT2[...] =>Hijacker.TroviCom O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.lastVersion", "10.35.0.3"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.mam_gk_installer_preapproved.enc", "dHJ1ZQ=="); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"E[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.openThankYouPage", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.openUninstallPage", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.performedDomainChangesMigration", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.revertSettingsEnabled", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.search.searchAppId", "128802460738106541"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.search.searchCount", "0"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchInNewTabEnabledByUser", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchInNewTabEnabledInHidden", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchRevert", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchSuggestEnabledByUser", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchUninstallUserMode", "4"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.searchUserMode", "4"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2192277\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://ClixSens[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"ClixSense.com \[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_Configuration_lastUpdate", "1422257111750"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1422257114647"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_appsMetadata_lastUpdate", "1422257114011"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1422257114153"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1406374282787"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1406374284955"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408646211300"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411971236676"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.33.0.5_lastUpdate", "1406455990484"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415773286287"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.35.0.3_lastUpdate", "1422257118281"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_login_10.35.0.503_lastUpdate", "1419714318275"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1422257114552"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_searchAPI_lastUpdate", "1422257117609"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_serviceMap_lastUpdate", "1422257111344"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_toolbarContextMenu_lastUpdate", "1422257114034"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_toolbarSettings_lastUpdate", "1422257112151"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.serviceLayer_services_translation_lastUpdate", "1422257117511"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.settingsINI", true); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.shouldFirstTimeDialog", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.showToolbarPermission", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.smartbar.CTID", "CT2192277"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.smartbar.Uninstall", "0"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.smartbar.toolbarName", "ClixSense.com "); =>Hijacker.SmartBar O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.startPage", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.superCalendar_close_popup_129883112190108518.enc", "MC43MDAzNzgxNDY4Mzc4NDg2"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.super_Calendar_show_welcome_popup_129883112190108518.enc", "eWVz"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarBornServerTime", "26-7-2014"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarCurrentServerTime", "26-1-2015"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarInstallDate", "26-07-2014 12:30:04"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.toolbarLoginClientTime", "Sat Jul 26 2014 12:31:25 GMT+0100"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.versionFromInstaller", "10.35.0.3"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277.xpeMode", "1"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2192277_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1422257104784,\"isWithState\"[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.FF19Solved", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.UserID", "UN16168956731466736"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.fullUserID", "UN16168956731466736.IN.20131013193516"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installDate", "13/10/2013 19:35:21"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installSessionId", "1A7D7525-9FD3-47C1-86EF-1A3C498193E1"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installSp", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installUsage", "13/10/2013 20:27:25"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installUsageEarly", "13/10/2013 20:27:25"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.installerVersion", "1.7.1.7"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.keyword", "true"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.originalSearchAddressUrl", "http://websearch.searchere.info/?pid=1387&r=2013/10/02&hid=3735048643843791204&lg[...] O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.searchRevert", "false"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.searchUserMode", "1"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.versionFromInstaller", "10.20.1.8"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("CT2943121.xpeMode", "0"); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("aol_toolbar.default.homepage.check", false); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("aol_toolbar.default.search.check", false); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>PUP.Babylon O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("extensions.crossrider.bic", "144e920847aba8436b4240fa46bbd3e0"); =>PUP.CrossRider O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("plugin.state.npconduitfirefoxplugin", 2); O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2943121&SearchSource=2&CUI=UN1[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RCZ - 5rnsyl0i.default] user_pref("sweetim.toolbar.searchguard.enable", ""); =>PUP.SweetIM O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {301FE28C-F99D-4426-BB7E-01F110619AFF} - (Search The Web (eseeky)) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {CCC82E44-53EC-478C-956A-12818D53B22A} - (ClixSense.com Customized Web Search) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - http://do-search.com =>PUP.DoSearches O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 08s ---\\ Crack & Keygen Files (CKF) (O82) C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\localname.sol =>.Crack,Keygen C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\save.sol =>.Crack,Keygen C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\userData.sol =>.Crack,Keygen C:\Users\RCZ\Downloads\Batch.Image.Resizer.v2.87.Incl.Keymaker-ARN\Keymaker\keygen.exe =>.Crack,Keygen C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\localname.sol =>.Crack,Keygen C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\save.sol =>.Crack,Keygen C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KFHPHEDY\files.boycool.com\gf-mr-fawks-cracker.swf\userData.sol =>.Crack,Keygen C:\Users\RCZ\Downloads\Batch.Image.Resizer.v2.87.Incl.Keymaker-ARN\Keymaker\keygen.exe =>.Crack,Keygen ~ Files: Scanned in 01mn 27s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [72192] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [236032] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [777728] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [859648] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [680960] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [99328] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll [344064] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [97792] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [64512] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [359424] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [316928] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [683520] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [2553856] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [849920] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [370688] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [70144] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [67584] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [121856] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [136704] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [111104] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1110016] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [90624] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84480] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [210432] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [44544] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [100864] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [193536] ~ Services: 33 Scanned in 00mn 01s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.D71D423685E4F189032790D891ADC5B4] [SPRF][14/01/2014] (...) -- C:\Users\RCZ\AppData\Roaming\4E92.exe [1462696] [MD5.F2DD0DEDB2C260419ECE4A9E03B2E828] [SPRF][17/04/2015] (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr2.bin [4] [MD5.B727AC151CEA8525CE069F9B78753E3D] [SPRF][09/06/2015] (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr25.bin [24] [MD5.C7427D0D0877D4F30D709C3B4588A738] [SPRF][14/05/2015] (...) -- C:\Users\RCZ\AppData\Roaming\appdataFr3.bin [20] [MD5.0B8A80CA2CC6CE5A227AD84A13503E12] [SPRF][14/01/2014] (...) -- C:\Users\RCZ\AppData\Roaming\C972.exe [1445440] [MD5.9DBDEE49DADD657065836572BE8CE383] [SPRF][05/03/2011] (...) -- C:\Users\RCZ\AppData\Roaming\Setup.exe [559424] [MD5.B9AB4651ACB27EAB705155F5E27587B4] [SPRF][01/12/2008] (.PC SOFT - WD140ACTION.DLL (Action prédéfinies).) -- C:\Users\RCZ\Desktop\WD140Action.dll [180224] [MD5.E601A3440380EEE2C0384BA3C14FA36D] [SPRF][10/07/2008] (.PC SOFT - PC SOFT - Gestion de l'agent.) -- C:\Users\RCZ\Desktop\WD140agt.dll [143360] [MD5.FD1F78465951797A23A5E8F996AFE527] [SPRF][22/10/2008] (.PC SOFT - WD140BarC.dll (Générateur de codes barres).) -- C:\Users\RCZ\Desktop\WD140barc.dll [131072] [MD5.330BE1FDCE8A30E97F6834DFEEE171F0] [SPRF][17/07/2008] (.PC SOFT - WD140CE.DLL (Fonctions d'accès aux terminaux mobiles).) -- C:\Users\RCZ\Desktop\WD140CE.dll [134656] [MD5.5493E60046FDA10F70375BBE83EB3B07] [SPRF][12/12/2008] (.PC SOFT - WD140COD.DLL (Macro Code Utilisateur).) -- C:\Users\RCZ\Desktop\WD140cod.dll [1118208] [MD5.1F9CBDC10E401ADD070531D2724F237D] [SPRF][09/12/2008] (.PC SOFT - WD140COM.DLL (Fonctions de communication).) -- C:\Users\RCZ\Desktop\WD140com.dll [925696] [MD5.D2C69F4C6950104D645B55F442AA98EB] [SPRF][29/10/2008] (.PC SOFT - WD140DB.DLL (Driver Natif XBase).) -- C:\Users\RCZ\Desktop\WD140db.dll [602112] [MD5.A2810B300613AA7239756CDBC8D197F2] [SPRF][01/12/2008] (.PC SOFT - WD140ETAT.DLL (Impression des états).) -- C:\Users\RCZ\Desktop\WD140ETAT.dll [385024] [MD5.F7C93330F73585B546B1F849DCBDCBC9] [SPRF][17/12/2008] (.PC SOFT - WD140GGL.DLL (Services Google).) -- C:\Users\RCZ\Desktop\WD140GGL.dll [372736] [MD5.BB213109F6C185A7BF092B3FAF97A512] [SPRF][01/12/2008] (.PC SOFT - WD140GPU.DLL (Fonctions groupware).) -- C:\Users\RCZ\Desktop\WD140gpu.dll [458752] [MD5.3C8A846E9858C87FF334D15243A89B52] [SPRF][09/12/2008] (.PC SOFT - WD140GRF.DLL (Gestion des graphes).) -- C:\Users\RCZ\Desktop\WD140GRF.dll [301568] [MD5.1C49ABDE9428069D87CE21189C969174] [SPRF][11/07/2008] (.PC SOFT - WD140GRV.DLL (Fonctions de gravure).) -- C:\Users\RCZ\Desktop\WD140GRV.dll [122880] [MD5.415E3448BE6E34C9F4FE21E72AB6BEF3] [SPRF][12/12/2008] (.PC SOFT - WD140HF.DLL (Moteur HyperFileSQL).) -- C:\Users\RCZ\Desktop\WD140HF.dll [2499584] [MD5.23DF3497E73799206C4383CE02E33545] [SPRF][05/12/2008] (.PC SOFT - WD140HTML.DLL (Génération de page HTML).) -- C:\Users\RCZ\Desktop\WD140HTML.dll [622592] [MD5.BFD7A4E6B91CB62725B08EB5DE180589] [SPRF][24/09/2008] (.PC SOFT - WD140MAT.DLL (Fonctions mathématiques).) -- C:\Users\RCZ\Desktop\WD140Mat.dll [114688] [MD5.95FFC6E4645794DF2670D3DC72ED44FE] [SPRF][04/11/2008] (.PC SOFT - WD130MESS.DLL (Fonctions de messagerie).) -- C:\Users\RCZ\Desktop\WD140mess.dll [317440] [MD5.ACF04FCAD327481F9EFEA41DBAF53516] [SPRF][11/09/2008] (.PC SOFT - WD140NET1.DLL (Accès à .Net 1.0).) -- C:\Users\RCZ\Desktop\wd140net1.dll [523776] [MD5.C45CC46507364F90B7E5B946EA2DE5B4] [SPRF][11/09/2008] (.PC SOFT - WD140NET2.DLL (Accès à .Net 2.0).) -- C:\Users\RCZ\Desktop\wd140net2.dll [397312] [MD5.E95B1F3823B1E3C2E0F77E21B9F34848] [SPRF][30/10/2008] (.PC SOFT - WD140NXML.DLL (Driver Natif XML).) -- C:\Users\RCZ\Desktop\WD140NXML.dll [360448] [MD5.3068DAAEA1FDD96FBE73A7EC805DBB99] [SPRF][25/11/2008] (.PC SOFT - WD140OLDB.dll (Client OLE DB).) -- C:\Users\RCZ\Desktop\WD140OLDB.dll [606208] [MD5.C1179460F2945AD09304D87F9052BECF] [SPRF][16/12/2008] (.PC SOFT - WD140PAGE.DLL (Gestion des pages dynamiques).) -- C:\Users\RCZ\Desktop\WD140Page.dll [977920] [MD5.213EE39488D103F1FF1D8E418DE0A00C] [SPRF][13/11/2008] (.PC SOFT - WD140PCL.DLL (Génération de fichier PCL).) -- C:\Users\RCZ\Desktop\WD140PCL.dll [237568] [MD5.7F1DAC55FA4B4A93F62A06A9C67D7FA4] [SPRF][26/11/2008] (.PC SOFT - WD140PDF.DLL (Génération de fichier PDF).) -- C:\Users\RCZ\Desktop\WD140pdf.dll [528384] [MD5.E2FDEA2996EA868794085F310EBCBE5C] [SPRF][04/11/2008] (.PC SOFT - WD140PLM.DLL (DLL PalmPilot).) -- C:\Users\RCZ\Desktop\WD140plm.dll [208896] [MD5.D7A4F8C933A2790C37B244BD0DB36BEC] [SPRF][15/12/2008] (.PC SOFT - WD140PRN.DLL (Fonctions d'impression).) -- C:\Users\RCZ\Desktop\WD140prn.dll [831488] [MD5.3227B44494E1CB030201E1CBA8F16EB8] [SPRF][22/07/2008] (.PC SOFT - WD140RPL.DLL (Réplication HF).) -- C:\Users\RCZ\Desktop\WD140RPL.dll [311808] [MD5.AE903B51F741095640530F0E923FE26B] [SPRF][13/11/2008] (.PC SOFT - WD140RTF.DLL (Génération de fichier RTF).) -- C:\Users\RCZ\Desktop\WD140RTF.dll [610304] [MD5.BD8BEF72F45D350AD92D32112289D8BB] [SPRF][04/12/2008] (.PC SOFT - WD140SQL.DLL (SQL).) -- C:\Users\RCZ\Desktop\WD140sql.dll [569344] [MD5.B70D88EF1304D28C1DF577F44E242AEA] [SPRF][03/12/2008] (.PC SOFT - WD140TEST.DLL (Passage de tests automatiques).) -- C:\Users\RCZ\Desktop\wd140test.dll [125440] [MD5.609B8E8C53337E97AA79CB64472B701D] [SPRF][03/12/2008] (.PC SOFT - WD140TRS.DLL (Transactions HF).) -- C:\Users\RCZ\Desktop\WD140TRS.dll [95232] [MD5.3AD57D737561510E5A3DE5DD6E32AE8F] [SPRF][26/09/2008] (.PC SOFT - WD140UNI.DLL (Unicode).) -- C:\Users\RCZ\Desktop\WD140UNI.dll [5991424] [MD5.50A175E6AD599CC9962182E179937CBA] [SPRF][16/07/2008] (.PC SOFT - Support XAML.) -- C:\Users\RCZ\Desktop\WD140xaml.dll [43520] [MD5.25A8B5ECCCDA081C43484494EF0AE260] [SPRF][16/12/2008] (.PC SOFT - WD140XLS.DLL (Gestion XLS).) -- C:\Users\RCZ\Desktop\WD140XLS.dll [507904] [MD5.1FDF174945230AD318EB31893129D550] [SPRF][17/12/2008] (.PC SOFT - WD140XML.DLL (Génération de fichier XML).) -- C:\Users\RCZ\Desktop\WD140XML.dll [446464] [MD5.29FB777108EF43D3D0D4B226DA95442F] [SPRF][03/12/2008] (.PC SOFT - PC SOFT - Fonctions de compression.) -- C:\Users\RCZ\Desktop\WD140zip.dll [430080] ~ Files: 41 Scanned in 00mn 05s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{5D158455-9BEE-42CD-AE54-6889708A60E4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{7D0AC9E0-CEE1-45E9-A2BE-8DE02CED480C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{CAFA8D27-EDB0-4BAD-BBF7-3970AC29953C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{664A77B5-9918-4522-8870-A9E1ADE4BBFE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 4 Scanned in 00mn 03s ---\\ Random Export Key (REK) (O91) [HKCU\Software\5a6dfdde568e844\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\5a6dfdde568e844\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel [HKCU\Software\5a6dfdde568e844] =>PUP.Babylon^ ~ Export Key Software: Scanned in 00mn 00s ---\\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.BD76E28CE1859E6564C9D7EB9618B9DC] [WIS][09/06/2015] (.BPMconcept - PackBarre.) -- C:\Windows\Installer\199fce7.msi [1818624] =>Adware.ADON ~ WIS: 1 Scanned in 00mn 05s ---\\ Search Tracing Registry Key (O100) HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\updatediamondata_RASAPI32 =>Hijacker.Diamondata HKLM\SOFTWARE\Microsoft\Tracing\updatediamondata_RASMANCS =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32 =>Adware.MegaSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS =>Adware.MegaSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASAPI32 =>PUP.BrowseMark HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowseMark_RASMANCS =>PUP.BrowseMark HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\diamondata_Setup_RASAPI32 =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\diamondata_Setup_RASMANCS =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky4ie_RASAPI32 =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky4ie_RASMANCS =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_1_RASAPI32 =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_1_RASMANCS =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_RASAPI32 =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_RASMANCS =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_uninst_RASAPI32 =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eseeky_uninst_RASMANCS =>Hijacker.Eseeky HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoforFiles_RASAPI32 =>P2P.GoforFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoforFiles_RASMANCS =>P2P.GoforFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PackBarre_RASAPI32 =>Adware.ADON HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PackBarre_RASDLG =>Adware.ADON HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PackBarre_RASMANCS =>Adware.ADON HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASAPI32 =>PUP.PerformerSoft HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASMANCS =>PUP.PerformerSoft HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SEDownloader_RASAPI32 =>PUP.SoftwareEngine HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SEDownloader_RASMANCS =>PUP.SoftwareEngine HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup(1)_RASAPI32 =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup(1)_RASMANCS =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup_RASAPI32 =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_full_setup_RASMANCS =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_RASAPI32 =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_RASMANCS =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmileysWeLove_SetupS_v1_RASAPI32 =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmileysWeLove_SetupS_v1_RASMANCS =>Adware.SmileyBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_smileys-we-love_RASAPI32 =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_smileys-we-love_RASMANCS =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_football365-toolbar_RASAPI32 =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_football365-toolbar_RASMANCS =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_myconnection-pc_RASAPI32 =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_myconnection-pc_RASMANCS =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedTestPro_RASAPI32 =>Adware.ScriptHost HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedTestPro_RASMANCS =>Adware.ScriptHost HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tasksgr_RASAPI32 =>Trojan.Tasksgr HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tasksgr_RASMANCS =>Trojan.Tasksgr HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TunesBarre_RASAPI32 =>Toolbar.TunesBarre HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TunesBarre_RASMANCS =>Toolbar.TunesBarre HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32 =>PUP.BrowseMark HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS =>PUP.BrowseMark HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatediamondata_RASAPI32 =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatediamondata_RASMANCS =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSourceApp_RASAPI32 =>PUP.SourceApp HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSourceApp_RASMANCS =>PUP.SourceApp HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSwiftRecord_RASAPI32 =>PUP.SwiftRecord HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSwiftRecord_RASMANCS =>PUP.SwiftRecord HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASAPI32 =>PUP.WebSpades HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASMANCS =>PUP.WebSpades HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utildiamondata_RASAPI32 =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utildiamondata_RASMANCS =>Hijacker.Diamondata HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSourceApp_RASAPI32 =>PUP.SourceApp HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSourceApp_RASMANCS =>PUP.SourceApp HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSwiftRecord_RASAPI32 =>PUP.SwiftRecord HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilSwiftRecord_RASMANCS =>PUP.SwiftRecord HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSpades_RASAPI32 =>PUP.WebSpades HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSpades_RASMANCS =>PUP.WebSpades HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VideoPerformerSetup_RASAPI32 =>PUP.VideoPerformer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VideoPerformerSetup_RASMANCS =>PUP.VideoPerformer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32 =>Adware.WebCake HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS =>Adware.WebCake HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSpades_RASAPI32 =>PUP.WebSpades HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSpades_RASMANCS =>PUP.WebSpades ~ BTK: 616 Scanned in 00mn 01s ---\\ Search CLSID Registry Key (O101) [HKCR\CLSID\{0FB2D74C-6F45-3C83-8B86-631E02FA8086}] (YoutubeAdblocker) =>PUP.Multiplug [HKCR\CLSID\{486AFD26-55CB-310A-8C13-BAAFC8C4A6F9}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar [HKCR\CLSID\{4B3C4278-AB91-32DC-AEA4-606C6509DFB4}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar [HKCR\CLSID\{77A0E495-9E74-3ECD-A4EB-788185AA6BAC}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar [HKCR\CLSID\{7B19CC07-9D3A-33F0-9F37-CB3A56766E11}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar [HKCR\CLSID\{801B480C-0052-3474-90B0-2B853494196E}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar [HKCR\CLSID\{8097B661-105D-3B2D-BA8A-B2AA0C1A2CBA}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar [HKCR\CLSID\{FC991D27-AB93-3043-B430-7FF0918E9623}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar ~ BCK: 5309 Scanned in 00mn 14s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 16/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 22/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 22/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 26/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 01/05/2015 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 28/07/2011 262144 | (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\AIPS.exe SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 20/05/2015 157824 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR SR - | Demand 07/04/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 26/10/2014 39568 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 20/05/2015 602112 | (WindowsMangerProtect) . (.Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 17s ---\\ Search Master Boot Record Infection (MBR)(O80) Run by RCZ at 09/06/2015 21:54:33 ~ OS 64 not supported by MBR tool ~ MBR: 0 Scanned in 00mn 00s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by RCZ at 09/06/2015 21:54:35 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13008 - (31/05/2015) Clés trouvées (Keys found) : 100 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 71 Fichiers trouvés (Files found) : 60 [HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^ [HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}] =>Adware.ADON^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.YouTubeAdBlock^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\facemoods] =>Adware.Facemoods^ [HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>PUP.Conduit [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}] =>Adware.Facemoods [HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar [HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods [HKLM\Software\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>PUP.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods [HKLM\Software\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods [HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}] =>Adware.Facemoods [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>PUP.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\IGagnant] =>Toolbar.Agent [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>PUP.Conduit [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKCU\Software\AppDataLow\Software\Toolbar] =>PUP.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}] =>Adware.Facemoods [HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\BI] =>Adware.MegaSearch [HKLM\Software\Classes\AppID\{2C254882-699A-464B-95F5-32F003F4F45C}] =>Adware.BDSearch [HKLM\Software\Wow6432Node\Classes\AppID\{2C254882-699A-464B-95F5-32F003F4F45C}] =>Adware.BDSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10245650-5917-4ff8-BED6-ABB91DD73E47}] =>Adware.BDSearch [HKLM\Software\Classes\AppID\FlashgetHook.DLL] =>Adware.BDSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974c985-8151-4de5-b23c-b875f0a8522f}] =>Adware.BDSearch [HKLM\Software\Classes\Interface\{A0939A48-0E2F-453F-899C-595F6648EE88}] =>Adware.BDSearch [HKLM\Software\Wow6432Node\Classes\Interface\{A0939A48-0E2F-453F-899C-595F6648EE88}] =>Adware.BDSearch [HKLM\Software\Classes\Interface\{6DD9E779-2707-4BF0-8269-E4C6BD8B39B7}] =>Adware.BDSearch [HKLM\Software\Wow6432Node\Classes\Interface\{6DD9E779-2707-4BF0-8269-E4C6BD8B39B7}] =>Adware.BDSearch [HKLM\Software\Classes\Interface\{810B845F-70F3-4B05-9625-3FB37B59A884}] =>Adware.BDSearch [HKLM\Software\Wow6432Node\Classes\Interface\{810B845F-70F3-4B05-9625-3FB37B59A884}] =>Adware.BDSearch [HKLM\Software\Classes\TypeLib\{DF772EB8-4116-49AE-8FA4-B5B078AA4198}] =>Adware.BDSearch [HKLM\Software\Classes\FG2CatchUrl.Netscape] =>Adware.BDSearch [HKLM\Software\Classes\FG2CatchUrl.Netscape.1] =>Adware.BDSearch [HKLM\Software\Classes\FlashGetHook.FG3DownMgr] =>Adware.BDSearch [HKLM\Software\Classes\FlashGetHook.FG3DownMgr.1] =>Adware.BDSearch [HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake [HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\odiaflgoglmdpognebeehehkabaclnpb] =>PUP.Conduit [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{70df8d13-bdd3-448e-944c-efde21b77161} =>Toolbar.Conduit^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BackgroundContainer =>PUP.Babylon^ C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\extensions\89@AC.com =>PUP.SalePlus^ C:\Program Files (x86)\AAllCheApPricee =>PUP.AllCheapPrice^ C:\Program Files (x86)\BitSSAvver =>PUP.BitSaver^ C:\Program Files (x86)\CheaapMe =>PUP.CheapMe^ C:\Program Files (x86)\ChieAApMeE =>PUP.CheapMe^ C:\Program Files (x86)\DiScooUnttExttensi =>PUP.DiscountExtens^ C:\Program Files (x86)\DowwnSSaive =>PUP.DownSave^ C:\Program Files (x86)\EENjoyCouponn =>PUP.EnjoyCoupon^ C:\Program Files (x86)\FinDBoeesteDeal =>PUP.FindBestDeal^ C:\Program Files (x86)\GreattSave4U =>PUP.GreatSave4U^ C:\Program Files (x86)\NExtCoupp =>PUP.NextCoup^ C:\Program Files (x86)\PackBarre =>Adware.ADON^ C:\Program Files (x86)\priceChoep =>PUP.PriceChop^ C:\Program Files (x86)\pricechoPP =>PUP.PriceChop^ C:\Program Files (x86)\RRoboSavEr =>PUP.RoboSaver^ C:\Program Files (x86)\saafieweb =>PUP.SafeWeb^ C:\Program Files (x86)\SaleuPPLuus =>PUP.SalePlus^ C:\Program Files (x86)\Swift Record =>PUP.SwiftRecord^ C:\Program Files (x86)\TerminusSys =>Adware.TerminusSys^ C:\Program Files (x86)\YoutubeAdblocker =>PUP.YouTubeAdBlock^ C:\ProgramData\AAllCheApPricee =>PUP.AllCheapPrice^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\ProgramData\BitSSAvver =>PUP.BitSaver^ C:\ProgramData\Browser AdBlocker =>PUP.Adblocker^ C:\ProgramData\ccontiNuetooSave =>PUP.ContinueToSave^ C:\ProgramData\ChieAApMeE =>PUP.CheapMe^ C:\ProgramData\cioonteinuEitossave =>PUP.ContinueToSave^ C:\ProgramData\coiNttinueetosavoe =>PUP.ContinueToSave^ C:\ProgramData\continuuetosave =>PUP.ContinueToSave^ C:\ProgramData\coonytiynnueotiosave =>PUP.ContinueToSave^ C:\ProgramData\DiOwNaload keePer =>PUP.DownloadKeeper^ C:\ProgramData\DiScooUnttExttensi =>PUP.DiscountExtens^ C:\ProgramData\DowwnSSaive =>PUP.DownSave^ C:\ProgramData\EENjoyCouponn =>PUP.EnjoyCoupon^ C:\ProgramData\FinDBoeesteDeal =>PUP.FindBestDeal^ C:\ProgramData\GreattSave4U =>PUP.GreatSave4U^ C:\ProgramData\IePluginServices =>PUP.IePluginService^ C:\ProgramData\IHProtectUpDate =>Adware.AgentODR^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\ProgramData\NExtCoupp =>PUP.NextCoup^ C:\ProgramData\priceChoep =>PUP.PriceChop^ C:\ProgramData\pricechoPP =>PUP.PriceChop^ C:\ProgramData\RRoboSavEr =>PUP.RoboSaver^ C:\ProgramData\saafieweb =>PUP.SafeWeb^ C:\ProgramData\safe save =>Adware.SafeSave^ C:\ProgramData\SearchNewTab =>Adware.FastSaveApp^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^ C:\ProgramData\YoutubeAdblocker =>PUP.YouTubeAdBlock^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedTestPro =>Adware.ScriptHost^ C:\Users\RCZ\AppData\Roaming\ARHome =>Trojan.Vonteera^ C:\Users\RCZ\AppData\Roaming\mystartsearch =>PUP.StartSearch^ C:\Users\RCZ\AppData\Roaming\SmileysWeLove =>Adware.SmileyBar^ C:\Users\RCZ\AppData\Roaming\uTorrent =>P2P.µTorrent^ C:\Users\RCZ\AppData\Roaming\VolIE =>Trojan.Vonteera^ C:\Users\RCZ\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider^ C:\Users\RCZ\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch^ C:\Users\RCZ\AppData\Local\Chromatic Browser =>PUP.Chromatic^ C:\Users\RCZ\AppData\Local\globalUpdate =>PUP.GlobalUpdate^ C:\Users\RCZ\AppData\Local\Torch =>PUP.Torch^ C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider^ C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PackBarre =>Adware.ADON^ C:\Users\RCZ\AppData\Local\Conduit =>PUP.Conduit C:\Users\RCZ\AppData\Local\Installer =>Adware.InstallPedia C:\Users\RCZ\AppData\Local\B1E =>Toolbar.BrotherSoft C:\Users\RCZ\AppData\LocalLow\Conduit =>PUP.Conduit C:\Users\RCZ\AppData\LocalLow\facemoods.com =>Adware.Facemoods C:\Users\RCZ\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb =>PUP.Conduit C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\Smartbar =>Hijacker.SmartBar C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\Zwinky_5q =>Adware.MyClearSearch [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^ C:\Program Files (x86)\PackBarre\PackBarre.exe =>Adware.ADON^ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu^ C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe =>PUP.BidailySync^ C:\Windows\Tasks\Bidaily Synchronize Task.job =>PUP.BidailySync^ C:\Windows\System32\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^ [HKCU\Software\ARHome] =>Trojan.Vonteera^ [HKCU\Software\App Lid-nv-ie] =>PUP.CrossRider^ [HKCU\Software\AppDataLow\Software\BackgroundContainer] =>PUP.Babylon^ [HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^ [HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] =>Adware.Graftor^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\BitTorrent] =>P2P.BitTorrent^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^ [HKCU\Software\FileScout] =>PUP.FileScout^ [HKCU\Software\GoforFiles] =>P2P.GoforFiles^ [HKCU\Software\Goobzo] =>PUP.Goobzo^ [HKCU\Software\NoVooITSet] =>Trojan.Vonteera^ [HKCU\Software\Optimizer Pro] =>PUP.OptimizerPro^ [HKCU\Software\PerformerSoft LLC] =>PUP.PerformerSoft^ [HKCU\Software\Popajar] =>Toolbar.Conduit^ [HKCU\Software\RegisteredApplicationsEx] =>PUP.SfKpCouponApp^ [HKCU\Software\SensePlus-nv-ie] =>PUP.CrossRider^ [HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^ [HKCU\Software\SupHpUISoft] =>PUP.CrossRider^ [HKCU\Software\Tasksgr] =>Trojan.Tasksgr^ [HKCU\Software\UpToDown] =>PUP.UpToDown^ [HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera^ [HKCU\Software\globalUpdate] =>PUP.GlobalUpdate^ [HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider^ [HKLM\Software\ShopperPro] =>PUP.ShopperPro^ [HKLM\Software\Wow6432Node\64e0632d-912f-07ba-47ea-698ae24cbe93] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^ [HKLM\Software\Wow6432Node\GoforFiles] =>P2P.GoforFiles^ [HKLM\Software\Wow6432Node\IHProtect] =>Adware.AgentODR^ [HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport^ [HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^ [HKLM\Software\Wow6432Node\diamondata] =>Hijacker.Diamondata^ [HKLM\Software\Wow6432Node\istartsurfSoftware] =>PUP.Istart^ [HKLM\Software\Wow6432Node\mystartsearchSoftware] =>PUP.StartSearch^ [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ [HKLM\Software\Wow6432Node\supWindowsMangerProtect] =>PUP.Fuyu^ [HKLM\Software\Wow6432Node\winzipersvc] =>Adware.D365^ [HKCU\Software\5a6dfdde568e844\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKCU\Software\5a6dfdde568e844] =>PUP.Babylon^^ C:\Windows\Installer\199fce7.msi =>Adware.ADON^ [HKCR\CLSID\{0FB2D74C-6F45-3C83-8B86-631E02FA8086}] (YoutubeAdblocker) =>PUP.Multiplug^ [HKCR\CLSID\{486AFD26-55CB-310A-8C13-BAAFC8C4A6F9}] (SmileysWeLoveToolbar.PopupForm+AltActionClickedEventArgs) =>Adware.SmileyBar^ [HKCR\CLSID\{4B3C4278-AB91-32DC-AEA4-606C6509DFB4}] (SmileysWeLoveToolbar.PopupForm) =>Adware.SmileyBar^ [HKCR\CLSID\{77A0E495-9E74-3ECD-A4EB-788185AA6BAC}] (SmileysWeLoveToolbar.IEModule+IECustomCommands) =>Adware.SmileyBar^ [HKCR\CLSID\{7B19CC07-9D3A-33F0-9F37-CB3A56766E11}] (SmileysWeLoveToolbar.IEModule+IECustomContextMenuCommands) =>Adware.SmileyBar^ [HKCR\CLSID\{801B480C-0052-3474-90B0-2B853494196E}] (SmileysWeLoveToolbar.PopupForm+SmileyClickedEventArgs) =>Adware.SmileyBar^ [HKCR\CLSID\{8097B661-105D-3B2D-BA8A-B2AA0C1A2CBA}] (SmileysWeLoveToolbar.WatermarkTextBox) =>Adware.SmileyBar^ [HKCR\CLSID\{FC991D27-AB93-3043-B430-7FF0918E9623}] (SmileysWeLoveToolbar.SWLSettings) =>Adware.SmileyBar^ C:\Users\RCZ\AppData\Local\facemoods.bmp =>Adware.Facemoods ~ Additionnel Scan: 354972 Items scanned in 00mn 47s ---\\ Additional information about modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51) ~ AMI: 5 Scanned in 00mn 00s ---\\ Summary of the detections found on your workstation http://www.nicolascoolman.fr/blog/ =>Hijacker.Application http://nicolascoolman.fr/adware-adon =>Adware.ADON http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera http://www.nicolascoolman.fr/blog/ =>PUP.SalePlus http://www.nicolascoolman.fr/blog/ =>PUP.Istart http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.fr/pup-babylon =>PUP.Babylon http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync http://nicolascoolman.fr/adware-expressfiles =>Adware.ExpressFiles http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/35828469-pup-youtubeadblocker- =>PUP.YouTubeAdBlock http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel http://nicolascoolman.fr/pup-mocaflix =>PUP.Mocaflix http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar http://www.nicolascoolman.fr/blog/ =>Adware.Graftor http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr http://nicolascoolman.fr/pup-filescout =>PUP.FileScout http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro http://www.nicolascoolman.fr/blog/ =>PUP.PerformerSoft http://www.nicolascoolman.fr/blog/ =>PUP.SfKpCouponApp http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar http://nicolascoolman.fr/33122347-trojan-tasksgr =>Trojan.Tasksgr http://www.nicolascoolman.fr/blog/ =>PUP.UpToDown http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro http://nicolascoolman.fr/pup-tarma =>PUP.Tarma http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport http://nicolascoolman.fr/pup-suptab =>PUP.SupTab http://nicolascoolman.fr/hijacker-diamondata =>Hijacker.Diamondata http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager http://www.nicolascoolman.fr/blog/ =>Adware.D365 http://www.nicolascoolman.fr/blog/ =>PUP.AllCheapPrice http://www.nicolascoolman.fr/blog/ =>PUP.BitSaver http://www.nicolascoolman.fr/blog/ =>PUP.CheapMe http://www.nicolascoolman.fr/blog/ =>PUP.DiscountExtens http://nicolascoolman.fr/pup-downsave =>PUP.DownSave http://www.nicolascoolman.fr/blog/ =>PUP.EnjoyCoupon http://www.nicolascoolman.fr/blog/ =>PUP.FindBestDeal http://www.nicolascoolman.fr/blog/ =>PUP.GreatSave4U http://www.nicolascoolman.fr/blog/ =>PUP.NextCoup http://www.nicolascoolman.fr/blog/ =>PUP.PriceChop http://nicolascoolman.fr/41783501-pup-robosaver =>PUP.RoboSaver http://nicolascoolman.fr/pup-safeweb =>PUP.SafeWeb http://www.nicolascoolman.fr/blog/ =>PUP.SwiftRecord http://www.nicolascoolman.fr/blog/ =>Adware.TerminusSys http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker http://www.nicolascoolman.fr/blog/ =>PUP.ContinueToSave http://nicolascoolman.fr/33571597-pup-downloadkeepeor =>PUP.DownloadKeeper http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService http://nicolascoolman.fr/29049364-adware-safesave =>Adware.SafeSave http://nicolascoolman.fr/adware-fastsaveapp =>Adware.FastSaveApp http://nicolascoolman.fr/adware-scripthost =>Adware.ScriptHost http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch http://www.nicolascoolman.fr/blog/ =>PUP.Chromatic http://www.nicolascoolman.fr/blog/ =>PUP.Torch http://nicolascoolman.fr/adware-facemoods =>Adware.Facemoods http://nicolascoolman.fr/pup-elex =>PUP.Elex http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup http://nicolascoolman.fr/pup-browsemark =>PUP.BrowseMark http://nicolascoolman.fr/33452999-hijacker-eseeky =>Hijacker.Eseeky http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy http://nicolascoolman.fr/pup-softwareengine =>PUP.SoftwareEngine http://nicolascoolman.fr/34019179-toolbar-tunesbarre =>Toolbar.TunesBarre http://www.nicolascoolman.fr/blog/ =>PUP.SourceApp http://nicolascoolman.fr/pup-webspades =>PUP.WebSpades http://nicolascoolman.fr/pup-videoperformer =>PUP.VideoPerformer http://nicolascoolman.fr/adware-webcake =>Adware.WebCake http://nicolascoolman.fr/pup-mutiplug =>PUP.Multiplug http://nicolascoolman.fr/pup-minibar =>PUP.Minibar http://www.nicolascoolman.fr/blog/ =>PUP.Conduit http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask http://www.nicolascoolman.fr/blog/ =>Adware.CDNHelper http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent http://www.nicolascoolman.fr/blog/ =>Adware.Agent http://nicolascoolman.fr/adware-browse2save =>Adware.Browse2Save http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch http://nicolascoolman.fr/adware-magnipic =>Adware.MagniPic http://www.nicolascoolman.fr/blog/ =>Adware.BDSearch http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia http://www.nicolascoolman.fr/blog/ =>Toolbar.BrotherSoft http://nicolascoolman.fr/28456964-adware-myclearsearch =>Adware.MyClearSearch ~ MSI: 100 link(s) detected in 00mn 00s End of the scan (2347 lines in 22mn 38s)(8.10)