Hébergeur de fichiers indépendant

ZHPDiag.txt

À propos

Type de fichier
Fichier TXT de 196 Ko (text/plain)
Confidentialité
Fichier public, envoyé le 9 juin 2015 à 23:20, depuis l'adresse IP 41.111.x.x (Algérie)
Sécurité
Ne contient aucun Virus ou Malware connus - Dernière vérification: 3 jours
Statistiques
La présente page de téléchargement a été vue 253 fois depuis l'envoi du fichier
Page de téléchargement

Aperçu du fichier


~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman  (31/05/2015)
~ Launched by RCZ (09/06/2015 21:32:53)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by 
~ Version State : Updated version.
~ White List : Deactivate by user
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17801
GCIE: Google Chrome v43.0.2357.81
OPIE: Opera vMail 1.0
OPIE: Opera Stable v28.0.1750.40

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ System protection software
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Deactivate)

---\\ System optimization software
CCleaner v3.24

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 17 PPAPI
Adobe Reader XI
Java 7 Update 9 (64-bit)

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (1%) free of 122 GB

---\\ Connection to the system mode
~ Computer Name: DAOUD-PC
~ User Name: RCZ
~ All Users Names: UpdatusUser, RCZ, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\RCZ\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\RCZ\AppData\Roaming\
~ %Desktop% : C:\Users\RCZ\Desktop\
~ %Favorites% : C:\Users\RCZ\Favorites\
~ %LocalAppData% : C:\Users\RCZ\AppData\Local\
~ %StartMenu% : C:\Users\RCZ\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 122 Go)
D: Hard drive, Flash drive, Thumb drive (Free 4 Go of 172 Go)
E: Hard drive, Flash drive, Thumb drive (Free 48 Go of 172 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Scanned in 00mn 00s



---\\ Search Generic System Files
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/12774
~ Mes musiques (My Musics) : 1/1276
~ Mes Videos (My Videos) : 1/197
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/644
~ Mon Bureau (My Desktop) : 1/417
~ Menu demarrer (Programs) : 1/58
~ Hidden Files:  Scanned in 00mn 20s



---\\ Process running
[MD5.4606A6E8383DC80242A13BF197619E46] - (.GregLand - No Comment.) -- C:\Program Files (x86)\Emoticon\Emoticon.exe   [1494016] [PID.2680]
[MD5.BA6435C78C4A91877AE8AA4DCC0927D3] - (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe   [572416] [PID.3144]
[MD5.716F5828497A7739B1BCCEE4D0E8A80F] - (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe   [833240] [PID.3452]
[MD5.AA1489AA08AF959A8E1B725B6DFE66EE] - (.DreamStudio - Email Client.) -- D:\DreamMail4\DM2005.exe   [1898496] [PID.3848]
[MD5.C53D46F346668248C15F3159526A4303] - (...) -- C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe   [385536] [PID.3948]
[MD5.C09341AD133729F72B2A3238BB8A1A0E] - (. Green Horse Tickerbar - 1.0.0.1.) -- C:\Program Files (x86)\Tickerbar\theTickerBar.exe   [57344] [PID.3960]
[MD5.FF708EC69A2B14230344199DFB3737EF] - (.No owner - ExtraBarre.) -- C:\agia3d\Extrakdo\barre.exe   [110592] [PID.3944]
[MD5.896D9A92E8504BA2254E729895B1EC20] - (.Legend Edition - deadsurfv1.0.) -- C:\Users\RCZ\AppData\Local\Apps\2.0\PHYLAXJ4.Z4W\R5KE1QMJ.6KC\dead..tion_0000000000000000_0001.0002_058d90b7aa34d6de\deadsurfv1.2.exe   [210944] [PID.5140]
[MD5.0027DF21415E1A0BD420BFDAB766620A] - (.Legend Edition - soulcodev1.2.) -- C:\Users\RCZ\AppData\Local\Apps\2.0\PHYLAXJ4.Z4W\R5KE1QMJ.6KC\soul..tion_0000000000000000_0001.0002_41d9d682e7b47003\soulcodev1.2.exe   [465920] [PID.5192]
[MD5.DE671E75767C4B98B47433FCA26307A5] - (.Epom Ltd. - Citrio.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe   [1083280] [PID.2052]
[MD5.EC5645B6DBF1E17F216E7BE5073B1157] - (.BPMconcept - PackBarre.) -- C:\Program Files (x86)\PackBarre\PackBarre.exe   [378368] [PID.448]  =>Adware.ADON
[MD5.4ADFE62F23A0CF1D2234B0CC865544F1] - (.KADRIMEX S.A.R.L - AW-Manager-V6.) -- C:\Users\RCZ\Downloads\AW-Manager-V6.3.exe   [1414144] [PID.4200]
[MD5.EC75F14CC85659C780A0DC575F7B1242] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [815304] [PID.5784]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8214016] [PID.5104]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe   [383264] [PID.744]
[MD5.2870CE9BFD6BA66FB0FFC6D11C9E41A7] - (.Arcai.com - Arp Intelligent Protection Service.) -- C:\Program Files (x86)\netcut\services\AIPS.exe   [262144] [PID.1184]
[MD5.87EE9D133646B4CEDB7D9A240D7BBD73] - (.Windows SysTool - Windows SysTool.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe   [602112] [PID.1460]  =>PUP.Fuyu
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [81088] [PID.1644]
[MD5.6E93D6D8C9B096F83DE1E9AC0C75C0BC] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\XTab\ProtectService.exe   [157824] [PID.1768]
[MD5.590DE2C0FF4E367050239BD1DDC912C1] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39568] [PID.1880]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\afodfkabigfjjeidfkkkhllcbdjeegko [RieGhttOFferApp]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [__MSG_appName__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppefdlohekfhjenppnpjekkjjgndhdf [New XCommander]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [Chrome Hotword Shared Module]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb [ClixSense.com]
G2 - EXT: C:\Users\RCZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__]
~ Google Lines Browser: 18 Scanned in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\3uoy8h9g.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\3uoy8h9g.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\g1n3hvfd.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\g1n3hvfd.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\oex4j5rw.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\oex4j5rw.default\user.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\x00vjp98.default\prefs.js
C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\x00vjp98.default\user.js
M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\mystartsearch.xml  =>PUP.StartSearch
M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\VenteeRo.xml  =>Trojan.Vonteera
M3 - MFPP: Plugins - [RCZ] -- C:\Users\RCZ\AppData\Roaming\Mozilla\Firefox\Profiles\5rnsyl0i.default\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [RCZ - 3uoy8h9g.default] http://websearch.goodforsearch.info
M0 - MFSP: prefs.js [RCZ - 5rnsyl0i.default] http://www.google.com
M0 - MFSP: prefs.js [RCZ - g1n3hvfd.default] http://websearch.goodforsearch.info
M0 - MFSP: prefs.js [RCZ - oex4j5rw.default] http://websearch.goodforsearch.info
M0 - MFSP: prefs.js [RCZ - x00vjp98.default] http://websearch.goodforsearch.info
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] 89@AC.com
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] staged
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - 3uoy8h9g.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: prefs.js [RCZ - 5rnsyl0i.default\89@AC.com] [] SaleuPPLuus v1.2 (..)  =>PUP.SalePlus
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] 89@AC.com
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] staged
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - 5rnsyl0i.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] 89@AC.com
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] staged
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - g1n3hvfd.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] 89@AC.com
M2 - MFEP: Extension [RCZ - oex4j5rw.default] staged
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - oex4j5rw.default] {70df8d13-bdd3-448e-944c-efde21b77161}
M2 - MFEP: Extension [RCZ - x00vjp98.default] jid1-vW9nopuIAJiRHw@jetpack.xpi
M2 - MFEP: Extension [RCZ - x00vjp98.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}
M2 - MFEP: Extension [RCZ - x00vjp98.default] 89@AC.com
M2 - MFEP: Extension [RCZ - x00vjp98.default] staged
M2 - MFEP: Extension [RCZ - x00vjp98.default] {9ad332cd-bead-be52-8765-ca0f3c4bc59c}
M2 - MFEP: Extension [RCZ - x00vjp98.default] {c46e19ac-eb65-41d7-9b4e-5a8008569cd6}
M2 - MFEP: Extension [RCZ - x00vjp98.default] {2e8e1262-0343-4234-ae37-aa6cdd4336c4}
M2 - MFEP: Extension [RCZ - x00vjp98.default] {70df8d13-bdd3-448e-944c-efde21b77161}
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.9.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.9.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.9.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.40416.0.) -- C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=3] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\1.3.25.219\npCatalinaUpdate3.dll
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=9] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\1.3.25.219\npCatalinaUpdate3.dll
~ Firefox Browser: 91 Scanned in 00mn 01s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com  =>PUP.Istart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com  =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com  =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com  =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com  =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com  =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com  =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com  =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com  =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (11.00.9600.17631 (winblue_r7.150111-1500)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: (no name) [64Bits] - {b1bcea4a-6c4e-43be-a618-69cb8a66d8b8} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R3 - URLSearchHook: ClixSense.com Toolbar [64Bits] - {70df8d13-bdd3-448e-944c-efde21b77161} . (.Conduit Ltd. - Conduit Toolbar.) (6.17.2.8) -- C:\Program Files (x86)\ClixSense.com\prxtbCli2.dll  =>Toolbar.Conduit
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 22 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (63)
~ Hosts File:  Scanned in 00mn 46s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{70DF8D13-BDD3-448E-944C-EFDE21B77161} Orphan key
~ Toolbar:  Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.)  -- C:\Program Files (x86)\Opera\launcher.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [RCZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [RCZ]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\QuickLaunch [RCZ]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\RCZ\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\TaskBar [RCZ]: Facebook.lnk . (.Epom Ltd. - Citrio.)  -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.facebook.com
O4 - GS\TaskBar [RCZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\TaskBar [RCZ]: Opera.lnk . (.Opera Software - Opera Internet Browser.)  -- C:\Program Files (x86)\Opera\launcher.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\Program [RCZ]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\SystemTools [RCZ]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com  =>Hijacker.DeltaHomes
O4 - GS\Desktop [RCZ]: Chrome Web Store.lnk . (.Epom Ltd. - Citrio.)  -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://chrome.google.com
O4 - GS\Desktop [RCZ]: Facebook.lnk . (.Epom Ltd. - Citrio.)  -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.facebook.com
O4 - GS\Desktop [RCZ]: YouTube.lnk . (.Epom Ltd. - Citrio.)  -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe http://www.youtube.com
~ Global Startup: 12 Scanned in 00mn 26s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe 
O4 - HKCU\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\RCZ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll   =>PUP.Babylon
O4 - HKCU\..\Run: [CatalinaGroup Update] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe 
O4 - HKCU\..\Run: [AutoShutdown] . (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe 
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.) 
O4 - HKCU\..\Run: [FlashGet 3] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe 
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe 
O4 - HKLM\..\Wow6432Node\Run: [GreenHorseTickerBar] . (.Green Horse Corporation - Green Horse Tickerbar.) -- C:\Program Files (x86)\Tickerbar\tickerbar.dll 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [BackgroundContainer] . (.Conduit Ltd. - Background Container.) -- C:\Users\RCZ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll   =>PUP.Babylon
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [CatalinaGroup Update] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe 
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [AutoShutdown] . (.Sundagger Solutions Co. - Automated shutdown utility for windows..) -- E:\ashut21\AutoShutdown\autoshutdown2.exe 
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (.not file.) 
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [FlashGet 3] . (.Trend Media Corporation Limited - FlashGet3.) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe 
O4 - HKUS\S-1-5-21-2367945247-3885244437-53792642-1000\..\Run: [Zoner Photo Studio Autoupdate] . (.ZONER software - Zoner Photo Studio Autoupdate.) -- C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.exe 
~ Application:  Scanned in 00mn 00s



---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll  =>.Microsoft Corporation
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000009\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
~ Winsock: 9 Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{64EE6ED4-F667-430A-A281-DDF48A94DE9D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2066470-1119-426C-853D-86CAB06096F0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) . (.Arcai.com - Arp Intelligent Protection Service.) - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe  =>Adware.AgentODR
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Windows SysTool - Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe  =>PUP.Fuyu
~ Services: 11 Scanned in 00mn 04s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.00CC35F515079F5F94FABC3AC5C7D363] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe   [268464]
[MD5.C53D46F346668248C15F3159526A4303] [APT] [Bidaily Synchronize Task] (...) -- C:\ProgramData\{b3dbbd1b-894c-0d1c-b3db-bbd1b894f46e}\Enigma2_BootLogo_Program_2013.7z (1).exe   [385536]  =>PUP.BidailySync
[MD5.6BB7B3CB99C8E695C482BF99427FF1B0] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core] (.Catalina Group Ltd..) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe   [130416]
[MD5.6BB7B3CB99C8E695C482BF99427FF1B0] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA] (.Catalina Group Ltd..) -- C:\Users\RCZ\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe   [130416]
[MD5.A5062EA164067050F2DFA9DCA98CA63A] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe   [3157856]
[MD5.4606A6E8383DC80242A13BF197619E46] [APT] [emoticon] (.GregLand.) -- C:\Program Files (x86)\Emoticon\Emoticon.exe   [1494016]
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.)   [0]  =>Adware.ExpressFiles
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core] (.Facebook Inc..) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA] (.Facebook Inc..) -- C:\Users\RCZ\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.)   [0]  =>P2P.GoforFiles
[MD5.7E62782AA49FAE6939FE604B93300C1B] [APT] [LibrarySystem] (...) -- c:\programdata\{4b259ba2-b120-af84-4b25-59ba2b126e8a}\5972653202229919220b.exe   [2584576]
[MD5.16F026EC9F269CDCDA7B568994F38347] [APT] [Opera scheduled Autoupdate 1420212510] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe   [889976]
[MD5.EABE8AD92F8313ED11C4CD9D56C31A4B] [APT] [RealDownloaderDownloaderScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe   [369752]
[MD5.FB1FCD597FAC91CD4C0901A198C11714] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe   [147016]
[MD5.FB1FCD597FAC91CD4C0901A198C11714] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe   [147016]
[MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-2367945247-3885244437-53792642-1000] (...) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{2634143D-9191-44FD-BBFC-A5986952026A}] (...) -- H:\skystar2\Install\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{459C62C6-F8D1-4E4B-A277-000C75DC7609}] (...) -- C:\Users\RCZ\Downloads\ ©ëںê¤ ںéڑ¨ںë ںé¥ں«ي  ى§ï، êë ڑ¦يèê ïيë«.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4D01623E-ED82-4F12-A8A2-727FEA15EC77}] (...) -- C:\Users\RCZ\Desktop\2234.Football365.Toolbar.17.01.2007.rc_FTB001_1_0_0_0.exe (.not file.)   [0]
[MD5.FD93F8C8BC70CED3F2F2599D522E5197] [APT] [{4E896B93-CF98-4AF5-AA53-45AAFA1D09F6}] (.NCH Software.) -- C:\Program Files (x86)\NCH Software\MailBase\uninst.exe   [471044]
[MD5.00000000000000000000000000000000] [APT] [{7452F5F5-E9F0-4D46-90EC-CF2773D8B7BC}] (...) -- C:\Users\RCZ\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.)   [0]  =>PUP.Istart
[MD5.3469ED6FF6382044611321C26A879E2C] [APT] [{A0B0FB8B-3129-4097-8E5F-E8EA0ADDA0AB}] (...) -- C:\Users\RCZ\Downloads\mbsetup.exe   [268448]
[MD5.23E22BD7FBB0D11397EC33BF2EA64CD2] [APT] [{A8F1BAE4-DF27-4044-BBB3-D073CD97B0F8}] (...) -- C:\Users\RCZ\Downloads\MuslimBag-Setup.exe   [11326355]
[MD5.00000000000000000000000000000000] [APT] [{AD77D1C0-2437-417C-ACA6-647B7143F642}] (...) -- F:\Install\setup.exe (.not file.)   [0]
[MD5.78D0C1825E50CB3D58AA3CE9770FDB96] [APT] [{D42E0F16-61EF-4378-B3E3-8ED50C344542}] (.Adobe Systems Inc..) -- C:\Users\RCZ\Downloads\Shockwave_Installer_Slim (1).exe   [5006144]
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe   [561984]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job   [1002]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [1002]
O39 - APT: Bidaily Synchronize Task - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task.job   [382]  =>PUP.BidailySync
O39 - APT: Bidaily Synchronize Task - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task   [382]  =>PUP.BidailySync
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core.job   [1048]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core   [1048]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA.job   [1100]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA   [1100]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core.job   [898]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000Core   [898]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA.job   [920]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2367945247-3885244437-53792642-1000UA   [920]
O39 - APT: LibrarySystem - (...) -- C:\Windows\Tasks\LibrarySystem.job   [350]
O39 - APT: LibrarySystem - (...) -- C:\Windows\System32\Tasks\LibrarySystem   [350]
~ Scheduled Task: 37 Scanned in 00mn 15s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll  =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe  =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe  =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll  =>.Microsoft Corporation
O40 - ASIC: Disable SSL3 [64Bits] - {7D715857-A67C-4C2F-A929-038448584D63} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 11 Scanned in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver:  ({4f8c067a-e55a-4229-81e6-7be1491578a2}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}w64.sys  =>PUP.LinkiDoo
O41 - Driver:  ({bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{bdf235ad-4365-4d0e-84d9-2132bdb9d67c}Gw64.sys  =>PUP.LinkiDoo
O41 - Driver:  ({ed7eb956-75ed-460d-8f69-29a93b07afd1}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys  =>PUP.LinkiDoo
~ Drivers: 72 Scanned in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI
O42 - Logiciel: Adobe Flash Player 17 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI
O42 - Logiciel: Adobe Reader XI (11.0.11) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Adobe Shockwave Player 12.1 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player
O42 - Logiciel: Apple Application Support (32 bits) - (.Apple Inc..) [HKLM][64Bits] -- {AFA1153A-F547-409B-B837-3A0D6C5A3FEC}
O42 - Logiciel: Apple Application Support (64 bits) - (.Apple Inc..) [HKLM][64Bits] -- {D7B824DE-DA32-4772-9E5E-39C5158136A7}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {C4123106-B685-48E6-B9BD-E4F911841EB4}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}  =>.Apple Inc
O42 - Logiciel: AppsHat Mobile Apps - (.Somoto Ltd..) [HKCU][64Bits] -- AppsHat Mobile Apps  =>PUP.CrossRider
O42 - Logiciel: Athan Basic 3.8 - (...) [HKLM][64Bits] -- Athan
O42 - Logiciel: Barre v0.1 bêta - (.Agia3D.) [HKLM][64Bits] -- {3BDBA6BF-06E0-4372-91AB-996BEC377A72}_is1
O42 - Logiciel: Batch Image Resizer 2.87 - (.JKLNSoft, Inc..) [HKLM][64Bits] -- Batch Image Resizer_is1
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM][64Bits] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: CVitaeV4 - (...) [HKCU][64Bits] -- CVitaeV4
O42 - Logiciel: Citrio - (.© Epom Ltd..) [HKCU][64Bits] -- Citrio
O42 - Logiciel: ClixSense.com Toolbar - (.ClixSense.com.) [HKLM][64Bits] -- ClixSense.com Toolbar
O42 - Logiciel: Coloriage 2 - (...) [HKLM][64Bits] -- Coloriage 2
O42 - Logiciel: CoreAVC Professional Edition (remove only) - (...) [HKLM][64Bits] -- CoreAVC Professional Edition
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DVB Dream version 2.5 Ahmad & Takki R1 - (.www.dvbsapplicationrepack.blogspot.com.) [HKLM][64Bits] -- {8579ED9E-1F6F-4B75-8752-A13C38BB146B}_is1
O42 - Logiciel: DVB Dream version 2.6A Ahmad & Takki - (.www.dvbsapplicationrepack.blogspot.com.) [HKLM][64Bits] -- {10A280E5-EEC2-44A7-BEB3-657F838D4E86}_is1
O42 - Logiciel: DVBViewer TE2 - (.CM&V.) [HKLM][64Bits] -- DVBViewer TE2_is1
O42 - Logiciel: Dead Surf - 1  - (.Legend Edition.) [HKCU][64Bits] -- ca5afe92da7ae5fe
O42 - Logiciel: DreamMail 4.6 - (.DreamStudio.) [HKLM][64Bits] -- DreamMail 4.6
O42 - Logiciel: Euro-Happy M-B-v2.12e Bêta - (.Agia3D.) [HKLM][64Bits] -- {0558D976-2CD9-4056-BB6D-6609578F6FB9}_is1
O42 - Logiciel: ExtraBarre M-B-v2.15e - (.Agia3D.) [HKLM][64Bits] -- {27A6EC92-1F16-4A47-BDDC-64537DD2630A}_is1
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM][64Bits] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: FileZilla Client 3.10.3 - (.Tim Kosse.) [HKLM][64Bits] -- FileZilla Client
O42 - Logiciel: FlashGet3.7 - (.http://www.FlashGet.com.) [HKLM][64Bits] -- FlashGet3.7
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM][64Bits] -- {FE8DFDD0-A543-4A83-B7A9-C411138194D5}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Java 7 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF}
O42 - Logiciel: Java 7 Update 9 (64-bit) - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86417009FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}
O42 - Logiciel: K-Lite Codec Pack 7.9.0 (Full) - (...) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: LaBoitaKados M-B-v1.1 - (.Agia3D.) [HKLM][64Bits] -- {0B19DC32-C613-4B1C-8116-98A808261AE9}_is1
O42 - Logiciel: Logiciel d'archivage WinRAR - (...) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {F842F8B0-6942-4930-821F-543E976B2C66}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Photo Editor 6.8 - (.Photo Editor Software, Inc..) [HKLM][64Bits] -- Magic Photo Editor_is1
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- SkyDriveSetup.exe  =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visionneuse de rapports 2005 redistribuable - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Report Viewer Redistributable 2005
O42 - Logiciel: Mises à jour NVIDIA 1.11.3 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update
O42 - Logiciel: Muslim Bag - (.Soft4ISlam.) [HKLM][64Bits] -- Muslim Bag1.5
O42 - Logiciel: MyCurriculum 2011 - (...) [HKLM][64Bits] -- MyCurriculum 2011
O42 - Logiciel: NVIDIA Pilote 3D Vision 311.06 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
O42 - Logiciel: NVIDIA Pilote graphique 311.06 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo
O42 - Logiciel: Nero 9 Lite - (.Nero AG.) [HKLM][64Bits] -- {6f555276-7852-4cae-9eda-d69c5802e3e4}
O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM][64Bits] -- {E8A80433-302B-4FF1-815D-FCC8EAC482FF}
O42 - Logiciel: Nero Online Upgrade - (.Nero AG.) [HKLM][64Bits] -- {C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
O42 - Logiciel: Nero StartSmart - (.Nero AG.) [HKLM][64Bits] -- {7748AC8C-18E3-43BB-959B-088FAEA16FB2}
O42 - Logiciel: NetCut 2.1.4 - (.arcai.com.) [HKLM][64Bits] -- NetCut_is1
O42 - Logiciel: New XCommander - (...) [HKLM][64Bits] -- {60EACF28-3304-CDE7-8F98-5992F85D389C}
O42 - Logiciel: Opera Mail 1.0 - (.Opera Software ASA.) [HKLM][64Bits] -- Opera 1.0.1040
O42 - Logiciel: Opera Stable 28.0.1750.40 - (.Opera Software ASA.) [HKLM][64Bits] -- Opera 28.0.1750.40
O42 - Logiciel: PackBarre - (.BPMconcept.) [HKLM][64Bits] -- {CDD9453E-67C2-40EC-B15B-137A9C8AD3C0}  =>Adware.ADON
O42 - Logiciel: Photo Frame Studio - (.MOJOSOFT.) [HKLM][64Bits] -- Photo Frame Studio_is1
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
O42 - Logiciel: SNT - (.SNT.) [HKLM][64Bits] -- {C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
O42 - Logiciel: SkypEmoticons - (...) [HKLM][64Bits] -- SkypEmoticons_is1
O42 - Logiciel: Skype™ 6.14 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
O42 - Logiciel: Snagit 11 - (.TechSmith Corporation.) [HKLM][64Bits] -- {44BD21C2-9132-48DB-B65B-23817E4C6F4B}
O42 - Logiciel: Soul-Code - (.Legend Edition.) [HKCU][64Bits] -- b04e6fc329b9f61e
O42 - Logiciel: TechniSat DVB-PC TV Star - (.TechniSat.) [HKLM][64Bits] -- {D032A7F0-8B5C-4603-8B46-235025D5F9C1}
O42 - Logiciel: Thread Manager 2.4.0.0 - (.Digital Generation.) [HKLM][64Bits] -- {78F4E027-355C-45C0-90DC-F89DFC618761}_is1
O42 - Logiciel: Tickerbar 2.106 - (...) [HKLM][64Bits] -- Tickerbar
O42 - Logiciel: Tirocado M-B-v1.1 - (.Agia3D.) [HKLM][64Bits] -- {D49EAEA6-4B6A-47CA-858B-CCDD7E237D05}_is1
O42 - Logiciel: VLC media player 2.0.8 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player  =>.VideoLAN
O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM][64Bits] -- WinPcapInst
O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507}  =>PUP.YouTubeAdBlock
O42 - Logiciel: Zoner Photo Studio 16 - (.ZONER software.) [HKLM][64Bits] -- ZonerPhotoStudio16_EN_is1
O42 - Logiciel: dreamboxEDIT -- The one and only settings editor for your Dreambox - (...) [HKLM][64Bits] -- dreamboxEDIT
O42 - Logiciel: iExplorer 2.2.1.3 - (.Macroplant, LLC.) [HKLM][64Bits] -- {7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {93F2A022-6C37-48B8-B241-FFABD9F60C30}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: v1.1 - (.Agia3D.) [HKLM][64Bits] -- {271CDF83-32A7-46FE-BBEB-D39968298083}_is1
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent  =>P2P.BitTorrent
O42 - Logiciel: ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ - (...) [HKLM][64Bits] -- ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ
~ Logic: 78 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]
[HKCU\Software\4shared]
[HKCU\Software\5a6dfdde568e844]  =>Hijacker.Eazel
[HKCU\Software\ARHome]  =>Trojan.Vonteera
[HKCU\Software\Absolute Futurity]
[HKCU\Software\Ada99]
[HKCU\Software\Adobe]
[HKCU\Software\App Lid-nv-ie]  =>PUP.CrossRider
[HKCU\Software\AppDataLow\SProtector]  =>PUP.Mocaflix
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\BackgroundContainer]  =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\ClixSense.com]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Conduit]  =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider]  =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\PriceGong]  =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\RealNetworks]
[HKCU\Software\AppDataLow\Software\Smartbar]  =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\toolbar]
[HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]  =>Adware.Graftor
[HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}]
[HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[HKCU\Software\AppDataLow]
[HKCU\Software\AppLid]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Applications WinDev]
[HKCU\Software\Arcai.com]
[HKCU\Software\AutoShutdown]
[HKCU\Software\BI]
[HKCU\Software\BPMconcept]
[HKCU\Software\BabSolution]  =>Hijacker.BabSolution
[HKCU\Software\BitTorrent]  =>P2P.BitTorrent
[HKCU\Software\Canneverbe Limited]
[HKCU\Software\CatalinaGroup]
[HKCU\Software\CeQuadrat]
[HKCU\Software\Chromium]
[HKCU\Software\Classes]
[HKCU\Software\Clem.Org]
[HKCU\Software\Clients]
[HKCU\Software\Commercial Research]
[HKCU\Software\ConduitOmaha]
[HKCU\Software\Conduit]  =>Toolbar.Conduit
[HKCU\Software\Cygnus Solutions]
[HKCU\Software\DataMngr]  =>PUP.Datamngr
[HKCU\Software\Digital Photo Software]
[HKCU\Software\DreamMail2005]
[HKCU\Software\ESET]
[HKCU\Software\Elecard]
[HKCU\Software\ExpressFiles]  =>Adware.ExpressFiles
[HKCU\Software\Facebook]
[HKCU\Software\FileScout]  =>PUP.FileScout
[HKCU\Software\FlashGet Network]
[HKCU\Software\Freemake]
[HKCU\Software\FullBarre]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GoforFiles]  =>P2P.GoforFiles
[HKCU\Software\Goobzo]  =>PUP.Goobzo
[HKCU\Software\Google]
[HKCU\Software\Grandsoft]
[HKCU\Software\Haali]
[HKCU\Software\IGagnant]
[HKCU\Software\IM Providers]
[HKCU\Software\Imobie]
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\JKLNSoft]
[HKCU\Software\JavaSoft]
[HKCU\Software\LAV]
[HKCU\Software\Licenses]
[HKCU\Software\LlamaWare]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MCAFEE]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\MediaInfo]
[HKCU\Software\Mediachance]
[HKCU\Software\Michael Herf]
[HKCU\Software\Mixesoft]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\NoVooITSet]  =>Trojan.Vonteera
[HKCU\Software\NoVooIT]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\Optimizer Pro]  =>PUP.OptimizerPro
[HKCU\Software\Orange]
[HKCU\Software\PC SOFT]
[HKCU\Software\PHM-SYSTEM DEVELOPMENT]
[HKCU\Software\PHP Desktop]
[HKCU\Software\PerformerSoft LLC]  =>PUP.PerformerSoft
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Popajar]  =>Toolbar.Conduit
[HKCU\Software\RealNetworks]
[HKCU\Software\RegisteredApplicationsEx]  =>PUP.SfKpCouponApp
[HKCU\Software\Salfeld]
[HKCU\Software\SensePlus-nv-ie]  =>PUP.CrossRider
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SmileysWeLove]  =>Adware.SmileyBar
[HKCU\Software\Softonic]  =>Toolbar.Conduit
[HKCU\Software\SourceForge]
[HKCU\Software\SupHpUISoft]  =>PUP.CrossRider
[HKCU\Software\Tasksgr]  =>Trojan.Tasksgr
[HKCU\Software\TechSmith]
[HKCU\Software\Trolltech]
[HKCU\Software\U]
[HKCU\Software\UpToDown]  =>PUP.UpToDown
[HKCU\Software\V9]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Vonteera Safe ads]  =>Trojan.Vonteera
[HKCU\Software\WebApp]
[HKCU\Software\WebPlayer]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\Xilisoft]
[HKCU\Software\Yahoo]
[HKCU\Software\ZONER]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\ched]
[HKCU\Software\dreamboxEDIT]
[HKCU\Software\drpsu]
[HKCU\Software\ecokey]
[HKCU\Software\globalUpdate]  =>PUP.GlobalUpdate
[HKCU\Software\iWebar-nv-ie]  =>PUP.CrossRider
[HKCU\Software\mIRC]
[HKCU\Software\madFlac]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\AuthenificateWin32]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CoreCodec]
[HKLM\Software\DVB Support]
[HKLM\Software\FileZilla 3]
[HKLM\Software\GEAR Software]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\ShopperPro]  =>PUP.ShopperPro
[HKLM\Software\Sonic]
[HKLM\Software\Stardvb]
[HKLM\Software\Tarma Installer]  =>PUP.Tarma
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node\"echo_installer"/n]
[HKLM\Software\Wow6432Node\64e0632d-912f-07ba-47ea-698ae24cbe93]  =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Absolute Futurity]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Apple Computer, Inc.]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Arcai]
[HKLM\Software\Wow6432Node\BabylonToolbar]  =>PUP.Babylon
[HKLM\Software\Wow6432Node\Babylon]  =>PUP.Babylon
[HKLM\Software\Wow6432Node\CDDB]
[HKLM\Software\Wow6432Node\Canneverbe Limited]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\ClixSense.com]
[HKLM\Software\Wow6432Node\Conduit]  =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\CoreCodec]
[HKLM\Software\Wow6432Node\Cygnus Solutions]
[HKLM\Software\Wow6432Node\DVBDream]
[HKLM\Software\Wow6432Node\DataMngr]  =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Debug]
[HKLM\Software\Wow6432Node\ExpressFiles]  =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\FileZilla 3]
[HKLM\Software\Wow6432Node\FlashGet Network]
[HKLM\Software\Wow6432Node\Freemake]
[HKLM\Software\Wow6432Node\GHC]
[HKLM\Software\Wow6432Node\GNU]
[HKLM\Software\Wow6432Node\Gabest]
[HKLM\Software\Wow6432Node\GoforFiles]  =>P2P.GoforFiles
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\HaaliMkx]
[HKLM\Software\Wow6432Node\IHProtect]  =>Adware.AgentODR
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\IO3O]
[HKLM\Software\Wow6432Node\IObit]
[HKLM\Software\Wow6432Node\InstallShield]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\InterVideo]
[HKLM\Software\Wow6432Node\Internet Download Manager]
[HKLM\Software\Wow6432Node\JGsoft]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\KLCodecPack]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\LAV]
[HKLM\Software\Wow6432Node\LIRC]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\Ludosoft]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MainConcept]
[HKLM\Software\Wow6432Node\Mindscape]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\NetDragon]
[HKLM\Software\Wow6432Node\Netscape]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Opera Software]
[HKLM\Software\Wow6432Node\PicexaSvc]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\RealNetworks]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\RichFX]
[HKLM\Software\Wow6432Node\SNC]
[HKLM\Software\Wow6432Node\SP Global]  =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector]  =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Senfer]
[HKLM\Software\Wow6432Node\SiteFinder]  =>Adware.ShoppingReport
[HKLM\Software\Wow6432Node\SiteSee]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Stardvb]
[HKLM\Software\Wow6432Node\SupDp]  =>PUP.SupTab
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\TDS]
[HKLM\Software\Wow6432Node\TechSmith]
[HKLM\Software\Wow6432Node\TechniSat]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\Voice]
[HKLM\Software\Wow6432Node\WinPcap]
[HKLM\Software\Wow6432Node\Windows]
[HKLM\Software\Wow6432Node\Wondershare]
[HKLM\Software\Wow6432Node\Xing Technology Corp.]
[HKLM\Software\Wow6432Node\Yahoo]
[HKLM\Software\Wow6432Node\ZONER]
[HKLM\Software\Wow6432Node\delta-homesSoftware]  =>Hijacker.DeltaHomes
[HKLM\Software\Wow6432Node\diamondata]  =>Hijacker.Diamondata
[HKLM\Software\Wow6432Node\hdcode]
[HKLM\Software\Wow6432Node\istartsurfSoftware]  =>PUP.Istart
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node\mystartsearchSoftware]  =>PUP.StartSearch
[HKLM\Software\Wow6432Node\supTab]  =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM]  =>PUP.WpManager
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]  =>PUP.Fuyu
[HKLM\Software\Wow6432Node\tcpip32]
[HKLM\Software\Wow6432Node\tueagles]
[HKLM\Software\Wow6432Node\vPlug]
[HKLM\Software\Wow6432Node\winzipersvc]  =>Adware.D365
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZONER]
~ Key Software: 434 Scanned in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03/04/2015 - 12:52:56 - [0] ----D C:\Program Files (x86)\50CoouponS
O43 - CFD: 31/01/2015 - 19:26:50 - [0] ----D C:\Program Files (x86)\AAllCheApPricee  =>PUP.AllCheapPrice
O43 - CFD: 10/10/2014 - 19:35:52 - [] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 28/11/2012 - 21:27:29 - [] ----D C:\Program Files (x86)\AF Uninstalls
O43 - CFD: 25/11/2012 - 23:37:48 - [] ----D C:\Program Files (x86)\AFins Email Notifier Demo
O43 - CFD: 28/03/2014 - 10:53:11 - [] ----D C:\Program Files (x86)\aljazeera news
O43 - CFD: 11/11/2013 - 23:15:27 - [] ----D C:\Program Files (x86)\Apple Software Update  =>.Apple Inc
O43 - CFD: 29/06/2013 - 19:44:23 - [] ----D C:\Program Files (x86)\Athan
O43 - CFD: 08/08/2014 - 08:28:36 - [] ----D C:\Program Files (x86)\Batch Image Resizer
O43 - CFD: 09/08/2014 - 11:05:39 - [0] ----D C:\Program Files (x86)\BitSSAvver  =>PUP.BitSaver
O43 - CFD: 11/11/2013 - 23:14:36 - [] ----D C:\Program Files (x86)\Bonjour
O43 - CFD: 03/01/2014 - 20:35:23 - [] ----D C:\Program Files (x86)\CDBurnerXP
O43 - CFD: 29/04/2015 - 12:43:36 - [] ----D C:\Program Files (x86)\CheaapMe  =>PUP.CheapMe
O43 - CFD: 14/04/2014 - 22:23:21 - [0] ----D C:\Program Files (x86)\ChieAApMeE  =>PUP.CheapMe
O43 - CFD: 14/11/2013 - 16:57:14 - [] ----D C:\Program Files (x86)\ClixSense.com
O43 - CFD: 23/05/2015 - 16:15:21 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 15/03/2013 - 21:15:12 - [] ----D C:\Program Files (x86)\CoreCodec
O43 - CFD: 27/04/2013 - 15:53:28 - [] ----D C:\Program Files (x86)\CVitaeV4
O43 - CFD: 08/04/2014 - 18:46:52 - [] ----D C:\Program Files (x86)\denouvel
O43 - CFD: 28/03/2014 - 10:57:08 - [0] ----D C:\Program Files (x86)\DiScooUnttExttensi  =>PUP.DiscountExtens
O43 - CFD: 09/08/2014 - 11:06:05 - [0] ----D C:\Program Files (x86)\DowwnSSaive  =>PUP.DownSave
O43 - CFD: 11/03/2014 - 22:00:22 - [] ----D C:\Program Files (x86)\dreamboxEDIT
O43 - CFD: 20/12/2013 - 18:26:06 - [] ----D C:\Program Files (x86)\DVBViewer TE2
O43 - CFD: 14/04/2014 - 22:23:34 - [0] ----D C:\Program Files (x86)\EENjoyCouponn  =>PUP.EnjoyCoupon
O43 - CFD: 09/06/2015 - 10:04:55 - [] ----D C:\Program Files (x86)\Emoticon
O43 - CFD: 16/05/2015 - 11:24:14 - [] ----D C:\Program Files (x86)\FileZilla FTP Client
O43 - CFD: 16/07/2014 - 21:32:06 - [0] ----D C:\Program Files (x86)\FinDBoeesteDeal  =>PUP.FindBestDeal
O43 - CFD: 14/11/2013 - 20:38:52 - [] ----D C:\Program Files (x86)\FlashGet Network
O43 - CFD: 23/05/2015 - 16:11:33 - [] ----D C:\Program Files (x86)\Freemake
O43 - CFD: 13/01/2015 - 17:23:26 - [] ----D C:\Program Files (x86)\Google
O43 - CFD: 28/03/2014 - 11:00:03 - [0] ----D C:\Program Files (x86)\GreattSave4U  =>PUP.GreatSave4U
O43 - CFD: 06/04/2015 - 21:56:16 - [] ----D C:\Program Files (x86)\HTC Home 3
O43 - CFD: 14/09/2013 - 19:41:27 - [] ----D C:\Program Files (x86)\Idle Processor Utilization Services
O43 - CFD: 17/11/2013 - 22:32:41 - [] ----D C:\Program Files (x86)\iExplorer
O43 - CFD: 08/04/2014 - 18:44:46 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 23/07/2013 - 17:45:09 - [0] ----D C:\Program Files (x86)\Internet Download Manager
O43 - CFD: 14/05/2015 - 08:05:15 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 14/09/2013 - 20:03:14 - [] ----D C:\Program Files (x86)\IO3O LLC
O43 - CFD: 17/04/2015 - 14:51:04 - [] ----D C:\Program Files (x86)\IObit
O43 - CFD: 10/09/2013 - 11:03:25 - [0] ----D C:\Program Files (x86)\IslamicToolbar
O43 - CFD: 01/03/2015 - 23:41:10 - [] ----D C:\Program Files (x86)\iTunes
O43 - CFD: 21/06/2013 - 09:09:19 - [] ----D C:\Program Files (x86)\Java
O43 - CFD: 20/12/2013 - 17:34:04 - [] ----D C:\Program Files (x86)\JB ToolBox
O43 - CFD: 24/11/2012 - 16:51:47 - [] ----D C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 03/04/2015 - 13:12:06 - [] ----D C:\Program Files (x86)\LudoSoft
O43 - CFD: 09/11/2013 - 22:05:03 - [] ----D C:\Program Files (x86)\Magic Photo Editor
O43 - CFD: 16/07/2014 - 21:36:53 - [] ----D C:\Program Files (x86)\MainConcept
O43 - CFD: 24/11/2012 - 18:42:24 - [] ----D C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 24/11/2012 - 18:42:13 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 14/05/2015 - 07:46:04 - [] ----D C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 14/05/2015 - 08:06:42 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 26/11/2012 - 00:07:00 - [] ----D C:\Program Files (x86)\Microsoft SkyDrive  =>.Microsoft Corporation
O43 - CFD: 26/11/2012 - 22:49:22 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 24/11/2012 - 18:43:27 - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 26/11/2012 - 00:25:57 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 08/06/2013 - 23:42:40 - [] ----D C:\Program Files (x86)\MOJOSOFT
O43 - CFD: 24/11/2012 - 18:44:49 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 12/04/2015 - 03:01:59 - [0] ----D C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 29/06/2013 - 21:55:18 - [] ----D C:\Program Files (x86)\Muslim Bag
O43 - CFD: 29/11/2012 - 10:30:31 - [] ----D C:\Program Files (x86)\MyConnection PC Lite Edition
O43 - CFD: 27/04/2013 - 15:54:28 - [] ----D C:\Program Files (x86)\MyCurriculum 2011
O43 - CFD: 25/11/2012 - 23:28:01 - [] ----D C:\Program Files (x86)\NCH Software
O43 - CFD: 03/04/2015 - 13:05:57 - [] ----D C:\Program Files (x86)\Nero
O43 - CFD: 25/05/2013 - 12:44:09 - [] ----D C:\Program Files (x86)\netcut
O43 - CFD: 14/11/2013 - 21:30:26 - [] ----D C:\Program Files (x86)\NetDragon
O43 - CFD: 08/06/2015 - 07:00:37 - [] ----D C:\Program Files (x86)\New XCommander
O43 - CFD: 29/06/2013 - 22:03:43 - [] ----D C:\Program Files (x86)\Newcamd Mpcs Reader
O43 - CFD: 02/05/2015 - 09:29:13 - [0] ----D C:\Program Files (x86)\NExtCoupp  =>PUP.NextCoup
O43 - CFD: 15/04/2013 - 06:35:55 - [] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 09/06/2015 - 10:09:35 - [] ----D C:\Program Files (x86)\Opera
O43 - CFD: 01/08/2014 - 14:05:59 - [] ----D C:\Program Files (x86)\Opera Mail
O43 - CFD: 09/06/2015 - 17:32:00 - [] ----D C:\Program Files (x86)\PackBarre  =>Adware.ADON
O43 - CFD: 23/05/2015 - 16:14:10 - [] ----D C:\Program Files (x86)\Picon_Manager
O43 - CFD: 21/12/2014 - 10:26:09 - [] ----D C:\Program Files (x86)\priceChoep  =>PUP.PriceChop
O43 - CFD: 09/08/2014 - 11:08:08 - [0] ----D C:\Program Files (x86)\pricechoPP  =>PUP.PriceChop
O43 - CFD: 10/05/2013 - 11:41:52 - [] ----D C:\Program Files (x86)\ProgDVB
O43 - CFD: 26/10/2014 - 23:33:37 - [] ----D C:\Program Files (x86)\QuickTime
O43 - CFD: 23/05/2015 - 16:16:18 - [] ----D C:\Program Files (x86)\Real
O43 - CFD: 10/12/2014 - 07:31:47 - [] ----D C:\Program Files (x86)\RealNetworks
O43 - CFD: 14/07/2009 - 06:32:38 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 08/06/2015 - 07:00:14 - [] ----D C:\Program Files (x86)\RieGhttOFferApp
O43 - CFD: 28/03/2014 - 11:07:00 - [] ----D C:\Program Files (x86)\Ringtone Expressions
O43 - CFD: 17/07/2014 - 23:02:44 - [0] ----D C:\Program Files (x86)\RRoboSavEr  =>PUP.RoboSaver
O43 - CFD: 17/07/2014 - 23:03:40 - [0] ----D C:\Program Files (x86)\saafieweb  =>PUP.SafeWeb
O43 - CFD: 07/06/2015 - 19:42:27 - [] ----D C:\Program Files (x86)\SaleuPPLuus  =>PUP.SalePlus
O43 - CFD: 25/11/2012 - 23:20:39 - [] ----D C:\Program Files (x86)\Scorpio Software
O43 - CFD: 28/03/2014 - 11:08:26 - [] ----D C:\Program Files (x86)\SimpleTV
O43 - CFD: 04/04/2014 - 13:11:20 - [] R---D C:\Program Files (x86)\Skype
O43 - CFD: 03/04/2015 - 19:24:12 - [0] ----D C:\Program Files (x86)\Swift Record  =>PUP.SwiftRecord
O43 - CFD: 20/12/2013 - 18:26:28 - [] ----D C:\Program Files (x86)\TechniSat DVB
O43 - CFD: 29/05/2013 - 19:17:07 - [] ----D C:\Program Files (x86)\TechSmith
O43 - CFD: 08/06/2015 - 07:02:17 - [0] ----D C:\Program Files (x86)\TerminusSys  =>Adware.TerminusSys
O43 - CFD: 28/07/2013 - 18:11:52 - [] ----D C:\Program Files (x86)\Thread Manager
O43 - CFD: 29/10/2013 - 06:37:05 - [] ----D C:\Program Files (x86)\Tickerbar
O43 - CFD: 14/07/2009 - 05:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 28/03/2014 - 11:09:19 - [] ----D C:\Program Files (x86)\UniverseBarre
O43 - CFD: 24/11/2012 - 16:53:03 - [] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 12/07/2013 - 03:23:30 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 26/11/2012 - 22:49:17 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 12/03/2015 - 08:35:48 - [] ----D C:\Program Files (x86)\Windows Media Player  =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 06:32:38 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 21/03/2013 - 07:00:56 - [] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 22/06/2013 - 16:16:08 - [] ----D C:\Program Files (x86)\Wondershare
O43 - CFD: 20/05/2015 - 16:18:05 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 23/05/2015 - 16:19:16 - [] ----D C:\Program Files (x86)\Yahoo!
O43 - CFD: 14/03/2015 - 21:33:50 - [] ----D C:\Program Files (x86)\YoutubeAdblocker  =>PUP.YouTubeAdBlock
O43 - CFD: 28/03/2014 - 11:21:43 - [0] ----D C:\Program Files (x86)\YTNoAds


Partager le fichier

Télécharger ZHPDiag.txt

Télécharger le fichier (196 Ko)