Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#13551
El Desaparecido a écrit :Plus de soucis avec le disque G ?

Refais un scan ZHPDiag et post le nouveau rapport hébergé stp
j'arrive a l'ouvrir et le parcourir sans problème...

Rapport ZHPDIAG
Code: Tout sélectionner
~ Report of ZHPDiag v2013.10.28.74 - Nicolas Coolman (10/28/2013)
~ Launched by Younes (10/30/2013 11:55:10 AM)
~ Web site address : http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 6.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer
eMule
Vuze v5.1.0.0 =>P2P.Azureus

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 9

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8156.9 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 30 GB (20%) free of 146 GB

---\\ Connection to the system mode
~ Computer Name: YOUNES-PC
~ User Name: Younes
~ All Users Names: Younes, UpdatusUser, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Younes\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Younes\AppData\Roaming\
~ %Desktop% : C:\Users\Younes\Desktop\
~ %Favorites% : C:\Users\Younes\Favorites\
~ %LocalAppData% : C:\Users\Younes\AppData\Local\
~ %StartMenu% : C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 30 Go of 146 Go)
D: Hard drive, Flash drive, Thumb drive (Free 218 Go of 319 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 59 Go of 149 Go)



---\\ State of the Windows Security Center
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.7/14/2009 - 2:39:10 AM.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/14/2009 - 2:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.7/14/2009 - 2:41:56 AM.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.7/14/2009 - 2:39:52 AM.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.7/14/2009 - 2:41:54 AM.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.7/14/2009 - 12:21:42 AM.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 2:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 12:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.7/14/2009 - 12:19:54 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.7/14/2009 - 12:23:44 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/14/2009 - 1:06:13 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.7/14/2009 - 12:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.7/14/2009 - 12:24:00 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.7/14/2009 - 12:21:29 AM.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.7/14/2009 - 2:48:27 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.7/14/2009 - 1:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 1:10:12 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.7/14/2009 - 1:18:02 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.7/14/2009 - 12:21:15 AM.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.7/14/2009 - 2:45:55 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/1011
~ Mes musiques (My Musics) : 1/5578
~ Mes Videos (My Videos) : 1/249
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/7765
~ Mon Bureau (My Desktop) : 3/7928
~ Menu demarrer (Programs) : 1/100
~ Hidden Files: Scanned in 10mn AMs



---\\ Process running
[MD5.8C5B4A20100F09B856B38C9059251919] - (.SuperCopier team - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier\SuperCopier2.exe [296960] [PID.1080]
[MD5.38AE7A942FC3FAB1C6A27EB65DE8F827] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864] [PID.2276]
[MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.2912]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.3404]
[MD5.C4A0673606F8A4D912646E2778630BDD] - (.Azureus Software, Inc - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe [316360] [PID.2756] =>P2P.Azureus
[MD5.3B605772669BDFD6DC266B9320E87B45] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8143872] [PID.5044]
[MD5.B2386A8E66891F7CFEC9F5A03F0F1210] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384] [PID.1360]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2044]
[MD5.19A22A2869040F5901A343D991A95CFA] - (.Green Packet Berhad. - WiMAX Device Service.) -- C:\Windows\RNDIS_MGR\WmGenieFwSrv.exe [75264] [PID.1212]
[MD5.FEFA32073D77BB9C741A63B6286479F6] - (.Razer Inc. - RzKLService.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472] [PID.1468]
[MD5.284303D0B36D7825851A8AD752439E3B] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472] [PID.2140]
~ Processes Running: Scanned in 00mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [jbmihfmcieemmafjkogmdabpdgjndlll] conTinuetoySiavae v.3.9 (Activé) =>PUP.OfferWare
G2 - GCE: Preference [User Data\Default] [ohpafhbnohgogojklhkcnlgbpcgcpkak] BBrowsee2sAove v.3.8 (Activé) =>Adware.Browse2Save
~ Google Browser: 14 Legitimates Filtered in 12mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Younes\AppData\Roaming\Mozilla\Firefox\Profiles\1p8xu5sc.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: 38 Dictionnaires et Recueils de Correspondance.lnk . (.L'Aventure Multimedia - No Comment.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - GS\Desktop [Public]: Acronis True Image Home 2010.lnk . (.Acronis - Acronis True Image.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
O4 - GS\Desktop [Public]: AESHelp for FSX.lnk . (.Aerosoft and Oliver Pabst - No Comment.) -- D:\Program Files (x86)\Aerosoft\AES\AESHELP.exe
O4 - GS\Desktop [Public]: Bigasoft Audio Converter.lnk . (.Bigasoft Corporation - Audio Converter.) -- C:\Program Files (x86)\Bigasoft\Audio Converter\videoconverter.exe
O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net" onclick="window.open(this.href);return false; - eMule.) -- C:\Program Files (x86)\eMule\emule.exe
O4 - GS\Desktop [Public]: FlipShare.lnk . (...) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShare.exe
O4 - GS\Desktop [Public]: FTX Central.lnk . (.Orbx Simulation Systems Pty Ltd - FTX Central.) -- D:\Program Files (x86)\ORBX\Scripts\FTXCentral\FTXCentral.exe
O4 - GS\Desktop [Public]: FTX Day.lnk . (...) -- D:\Program Files (x86)\ORBX\Scripts\FTXLights_Day.exe
O4 - GS\Desktop [Public]: FTX Night.lnk . (...) -- D:\Program Files (x86)\ORBX\Scripts\FTXLights_Night.exe
O4 - GS\Desktop [Public]: KJAC.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Razer Game Booster.lnk . (.Razer Inc. - RazerGameBooster.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe
O4 - GS\Desktop [Public]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus
O4 - GS\Program [Public]: FlipShare.lnk . (...) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShare.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Uninstall .lnk . (...) -- D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Uninstal.exe (.not file.)
O4 - GS\Program [Public]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus
O4 - GS\QuickLaunch [Younes]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Younes]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus
O4 - GS\TaskBar [Younes]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Younes]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Younes]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Younes]: Uninstall Polish Airports vol.1.lnk . (...) -- D:\Program Files (x86)\Microsoft Games\PolishAirportsVol2uninstall.exe (.not file.)
O4 - GS\SystemTools [Younes]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Younes]: ACE (2).lnk . (.Captain Sim - Aircraft Configuration Utility.) -- D:\Program Files (x86)\Captain_Sim\130\ace\ACE_130.exe
O4 - GS\Desktop [Younes]: ACE.lnk . (.Captain Sim - ACE 777 Captain.) -- D:\Program Files (x86)\Captain_Sim\777\ace\ace_777.exe
O4 - GS\Desktop [Younes]: Acronis True Image Home.lnk . (.Acronis - Acronis True Image.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
O4 - GS\Desktop [Younes]: Any Video Converter Ultimate.lnk . (.Any-Video-Converter.com - Any Video Converter Ultimate.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\AVCUltimate.exe
O4 - GS\Desktop [Younes]: Configuration.lnk . (.feelThere - Setup application for feelThere ERJ.) -- D:\Program Files (x86)\FeelThere\Erj\ErjSetup.exe
O4 - GS\Desktop [Younes]: EGHI.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: EVGA Precision.lnk . (...) -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
O4 - GS\Desktop [Younes]: FSC_FSX.lnk . (...) -- C:\Windows\Installer\{2A9A269C-1C36-493C-96D8-60B23FAB2E10}\Icon2A9A269C5.exe
O4 - GS\Desktop [Younes]: FSX.lnk . (.Microsoft Corp. - Microsoft Flight Simulator®.) -- D:\Program Files (x86)\fsx.exe
O4 - GS\Desktop [Younes]: FTX Aero.lnk . (.Orbx Simulation Systems Pty. Ltd. - FTX_Aero.) -- D:\Program Files (x86)\ORBX\Scripts\Aero\FTXAero.exe
O4 - GS\Desktop [Younes]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Younes]: Hanse-Blampain.lnk . (.Zero G - LaunchAnywhere GUI.) -- C:\Program Files (x86)\Hanse-Blampain\Hanse-Blampain.exe
O4 - GS\Desktop [Younes]: KJAC.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: LeConjugueur.lnk . (.Le Conjugueur - Le Conjugueur.) -- C:\Program Files (x86)\LeConjugueur\LeConjugueur.exe
O4 - GS\Desktop [Younes]: NGXPerfMan.lnk . (...) -- D:\Program Files (x86)\PMDG\PMDG 737 NGX\PerfMan\NGXPerfMan.exe
O4 - GS\Desktop [Younes]: OTM.lnk . (.OldTimer Tools - No Comment.) -- C:\Users\Younes\Downloads\OTM.exe
O4 - GS\Desktop [Younes]: PAJN.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: PAKT.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: PMDG Livery Manager.lnk . (...) -- D:\Program Files (x86)\PMDG\Livery Manager\PMDG_Livery_Manager.exe
O4 - GS\Desktop [Younes]: PMDG MD-11 Load Manager.lnk . (.Precision Manuals Development Group - MD-11 Load Manager.) -- D:\Program Files (x86)\PMDG\MD11_LoadManager.exe
O4 - GS\Desktop [Younes]: PMDG Operations Center.lnk . (...) -- C:\Program Files (x86)\PMDG Operations Center\PMDG Operations Center.exe
O4 - GS\Desktop [Younes]: PMDG_BAe_JS410ConfigManager.lnk . (...) -- D:\Program Files (x86)\PMDG\JS4100\PMDG_BAe_JS4100_ConfigManager.exe
O4 - GS\Desktop [Younes]: QW146 Dispatcher.lnk . (...) -- D:\Program Files (x86)\Qualitywings\LiveryManager\QW146Dispatcher.exe
O4 - GS\Desktop [Younes]: QW757 Livery Manager.lnk . (.Microsoft - Qw757RepaintManager.) -- D:\Program Files (x86)\Qualitywings\LiveryManager\QW757RepaintManager.exe
O4 - GS\Desktop [Younes]: SnapShot.lnk . (.StageSoft - No Comment.) -- D:\Program Files (x86)\SnapShot.exe
O4 - GS\Desktop [Younes]: VATroute.lnk . (...) -- D:\Program Files (x86)\VATroute.exe
O4 - GS\Desktop [Younes]: Virtual DJ.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
O4 - GS\Desktop [Younes]: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
O4 - GS\Desktop [Younes]: YBBN.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: YBCS.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: YMLT.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: YMMB.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: YMML.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [Younes]: YSCB.lnk . (.Orbx Simulation Systems Pty Ltd - Orbx Control Panel.) -- D:\Program Files (x86)\ORBX\Scripts\OrbxControlPanel.exe
O4 - GS\Desktop [UpdatusUser]: Hanse-Blampain.lnk . (.Zero G - LaunchAnywhere GUI.) -- C:\Program Files (x86)\Hanse-Blampain\Hanse-Blampain.exe
O4 - GS\Desktop [UpdatusUser]: LeConjugueur.lnk . (.Le Conjugueur - Le Conjugueur.) -- C:\Program Files (x86)\LeConjugueur\LeConjugueur.exe
O4 - GS\Desktop [UpdatusUser]: Rhodes Xtreme Manual.lnk . (...) -- D:\Program Files (x86)\Addon Scenery\Rhodes Xtreme Manual.pdf (.not file.)
O4 - GS\Desktop [UpdatusUser]: TOPCAT - Take-Off and Landing Performance Calculation Tool.lnk . (...) -- D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\TOPCAT\TOPCAT.exe (.not file.)
O4 - GS\Desktop [UpdatusUser]: VATroute.lnk . (...) -- D:\Program Files (x86)\VATroute.exe
O4 - GS\Desktop [UpdatusUser]: VATSpy.lnk . (...) -- D:\Program Files (x86)\Microsoft Games\VATSpy\VATSpy.exe (.not file.)
~ Global Startup: 125 Legitimates Filtered in 01mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Younes]: VFP6.lnk . (...) -- C:\Users\Younes\Documents\Visual Studio 2005\MSDEV\FoxPro\VFP6.exe (.not file.)
O4 - GS\Startup [Younes]: Visual Studio.lnk . (...) -- C:\Users\Younes\Documents\Visual Studio 2005\MSDEV\IDE\MSDEV.exe (.not file.)
O4 - HKCU\..\Run: [ultracopier] C:\Program Files (x86)\Supercopier\supercopier.exe (.not file.)
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SuperCopier team - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier\SuperCopier2.exe
O4 - HKLM\..\Wow6432Node\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-274241942-440908366-385262484-1000\..\Run: [ultracopier] C:\Program Files (x86)\Supercopier\supercopier.exe (.not file.)
O4 - HKUS\S-1-5-21-274241942-440908366-385262484-1000\..\Run: [SuperCopier2.exe] . (.SuperCopier team - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier\SuperCopier2.exe
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2671CBCA-D845-40AD-A42B-1D359BCAC61E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CEB4398-C675-4712-9359-E362BC8E9A1A}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{977F6D2A-C376-4C64-A735-3529D6DB9453}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{B85EF786-6645-485A-B5EC-751446E5AC9A}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD9FD82D-116A-4609-B4A2-A06D76E62812}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CEB4398-C675-4712-9359-E362BC8E9A1A}: DhcpDomain = wimax
O17 - HKLM\System\CCS\Services\Tcpip\..\{977F6D2A-C376-4C64-A735-3529D6DB9453}: DhcpDomain = wimax
O17 - HKLM\System\CCS\Services\Tcpip\..\{B85EF786-6645-485A-B5EC-751446E5AC9A}: DhcpDomain = wimax
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD9FD82D-116A-4609-B4A2-A06D76E62812}: DhcpDomain = wimax
O17 - HKLM\System\CS1\Services\Tcpip\..\{2671CBCA-D845-40AD-A42B-1D359BCAC61E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CEB4398-C675-4712-9359-E362BC8E9A1A}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{977F6D2A-C376-4C64-A735-3529D6DB9453}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{B85EF786-6645-485A-B5EC-751446E5AC9A}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DD9FD82D-116A-4609-B4A2-A06D76E62812}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CEB4398-C675-4712-9359-E362BC8E9A1A}: DhcpDomain = wimax
O17 - HKLM\System\CS1\Services\Tcpip\..\{977F6D2A-C376-4C64-A735-3529D6DB9453}: DhcpDomain = wimax
O17 - HKLM\System\CS1\Services\Tcpip\..\{B85EF786-6645-485A-B5EC-751446E5AC9A}: DhcpDomain = wimax
O17 - HKLM\System\CS1\Services\Tcpip\..\{DD9FD82D-116A-4609-B4A2-A06D76E62812}: DhcpDomain = wimax
O17 - HKLM\System\CS2\Services\Tcpip\..\{2671CBCA-D845-40AD-A42B-1D359BCAC61E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CEB4398-C675-4712-9359-E362BC8E9A1A}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{977F6D2A-C376-4C64-A735-3529D6DB9453}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{B85EF786-6645-485A-B5EC-751446E5AC9A}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{DD9FD82D-116A-4609-B4A2-A06D76E62812}: DhcpNameServer = 192.168.111.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CEB4398-C675-4712-9359-E362BC8E9A1A}: DhcpDomain = wimax
O17 - HKLM\System\CS2\Services\Tcpip\..\{977F6D2A-C376-4C64-A735-3529D6DB9453}: DhcpDomain = wimax
O17 - HKLM\System\CS2\Services\Tcpip\..\{B85EF786-6645-485A-B5EC-751446E5AC9A}: DhcpDomain = wimax
O17 - HKLM\System\CS2\Services\Tcpip\..\{DD9FD82D-116A-4609-B4A2-A06D76E62812}: DhcpDomain = wimax
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: RNDIS Device Service (GenieService) . (.Green Packet Berhad. - WiMAX Device Service.) - C:\Windows\RNDIS_MGR\WmGenieFwSrv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
~ Services: 7 Legitimates Filtered in 02mn AMs



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{02706645-EA50-4ADF-AC65-3DFCF62B5D5F}] (...) -- G:\FS Addons\FSX by Epikk\Softs\JVC 1124\RunNavData.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{14B3C263-BA32-47E5-BAD6-1110FE9E2FD8}] (...) -- G:\FS Addons\FSX by Epikk\Softs\JVC 1124\RunNavData.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1F25E935-0844-4DEA-AF67-A4E8A6AE498C}] (...) -- G:\FS Addons\FSX by Epikk\Softs\JVC 1124\RunNavData.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5406818B-D748-4CC3-95C2-C6D49BB3D490}] (...) -- C:\Users\Younes\Desktop\sb4setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8C68F6A5-84D8-4415-981E-DE408375274A}] (...) -- G:\FS Addons\FSX by Epikk\Softs\JVC 1124\RunNavData.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A1B95D27-B261-42B3-99C5-6C5403F04646}] (...) -- C:\Users\Younes\Desktop\PMDG.rar\3-PMDG 737 6700 NGX.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C0DD7580-BE5F-47F9-ACB5-CAC7CB9A68E3}] (...) -- G:\FS Addons\FSX by Epikk\Softs\JVC 1124\RunNavData.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E067EDED-38E2-4DBA-8A50-16C7CA2A89AE}] (...) -- G:\FS Addons\FSX by Epikk\Softs\JVC 1124\RunNavData.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn AMs



---\\ Software installed (O42)
O42 - Logiciel: Accu-Feel Air, Land, and Sea - (...) [HKLM][64Bits] -- Accu-Feel Air, Land, and Sea
O42 - Logiciel: Ben Gurion X - (.FSAddon Publishing.) [HKLM][64Bits] -- Ben Gurion X1.0
O42 - Logiciel: BrowseToSave - (...) [HKLM][64Bits] -- {E6E9009E-9593-4CC9-AE22-DDB13D0A2268} =>Adware.Browse2Save
O42 - Logiciel: ERJ145LR American Eagle (v1.02) - (...) [HKCU][64Bits] -- ERJ145LR American Eagle (v1.02)
O42 - Logiciel: ERJ145LR v2 World Airliners 1 (v1.01) - (...) [HKLM][64Bits] -- ERJ145LR v2 World Airliners 1 (v1.01)
O42 - Logiciel: FeelThere ERJ v.2 SP2 - (...) [HKCU][64Bits] -- FeelThere ERJ v.2 SP2
O42 - Logiciel: FlipShare - (.Flip Video.) [HKLM][64Bits] -- {97C658D2-61FB-027F-0D76-E9CDC84AFEC7}
O42 - Logiciel: Hanse-Blampain - (...) [HKLM][64Bits] -- Hanse-Blampain
O42 - Logiciel: Imaginesim WSSS Singapore FSX 1.00 - (...) [HKLM][64Bits] -- Imaginesim WSSS Singapore FSX 1.00
O42 - Logiciel: Latin VFR MHTG FSX - (.SimMarket.) [HKLM][64Bits] -- LatinVFRMHTGFSX_is1
O42 - Logiciel: Majestic MJC8Q400 - (...) [HKLM][64Bits] -- MJC8Q400
O42 - Logiciel: QualityWings Ultimate 146 Collection FSX - (...) [HKLM][64Bits] -- QualityWings Ultimate 146 Collection FSX
O42 - Logiciel: QualityWings Ultimate 757 Collection FSX 1.2.2 - (...) [HKLM][64Bits] -- QualityWings Ultimate 757 Collection FSX_is1
O42 - Logiciel: Remove UK2000 Belfast Xtreme files - (...) [HKLM][64Bits] -- UK2000 Belfast Xtreme
O42 - Logiciel: Remove UK2000 Edinburgh Xtreme files - (...) [HKLM][64Bits] -- UK2000 Edinburgh Xtreme
O42 - Logiciel: Shade - (...) [HKCU][64Bits] -- Shade
O42 - Logiciel: TJSJ San Juan FSX - (...) [HKLM][64Bits] -- TJSJ San Juan FSX
O42 - Logiciel: TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool - (.FlightSimSoft.com Inh. Christian Grill.) [HKLM][64Bits] -- TOPCAT
O42 - Logiciel: TaiCreations Noi Bai for FSX 1.00 - (...) [HKLM][64Bits] -- TaiCreations Noi Bai for FSX 1.00
O42 - Logiciel: Text-o-Matic for FSX - (...) [HKCU][64Bits] -- Text-o-Matic for FSX
O42 - Logiciel: UK2000 Cumbernauld Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 Cumbernauld Xtreme FSX
O42 - Logiciel: UK2000 East Midlands Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 East Midlands Xtreme FSX
O42 - Logiciel: UK2000 Gatwick Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 Gatwick Xtreme FSX
O42 - Logiciel: UK2000 Heathrow Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 Heathrow Xtreme
O42 - Logiciel: UK2000 Leeds Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 Leeds Xtreme FSX
O42 - Logiciel: UK2000 London City Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 London City Xtreme FSX
O42 - Logiciel: UK2000 Luton Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 Luton Xtreme FSX
O42 - Logiciel: UK2000 Newcastle Xtreme FSX - (.UK2000 Scenery.) [HKLM][64Bits] -- UK2000 Newcastle Xtreme FSX
O42 - Logiciel: Ultimate Mahjong - (...) [HKLM][64Bits] -- Ultimate Mahjong
O42 - Logiciel: UltimateDefrag - (.DiskTrix, Inc..) [HKLM][64Bits] -- UltimateDefrag
O42 - Logiciel: VAT-Spy - (...) [HKLM][64Bits] -- VATSpy
O42 - Logiciel: VATroute 0.0.1.021 - (.Dirk Trinkaus, Henning Hà¼lsebusch.) [HKLM][64Bits] -- VATroute
O42 - Logiciel: VTBS-FSX 2010 1.00 Ver.FSX - (...) [HKLM][64Bits] -- VTBS-FSX 2010 1.00 Ver.FSX
~ Logic: 223 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ancestry.com]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Fadeamp]
[HKCU\Software\Flip Video]
[HKCU\Software\ImagineSim]
[HKCU\Software\Jeppesen]
[HKCU\Software\Level 27 Technologies]
[HKCU\Software\QualityWings]
[HKCU\Software\SpeedBit]
[HKCU\Software\TOPCAT - Christian Grill]
[HKCU\Software\Ultimate Mahjong Demo]
[HKCU\Software\alex_t]
[HKLM\Software\Wow6432Node\Abraxis]
[HKLM\Software\Wow6432Node\Ancestry.com]
[HKLM\Software\Wow6432Node\Flip Video]
[HKLM\Software\Wow6432Node\Florenc]
[HKLM\Software\Wow6432Node\France VFR]
[HKLM\Software\Wow6432Node\InInstallCount]
[HKLM\Software\Wow6432Node\Jeppesen]
[HKLM\Software\Wow6432Node\LLH]
[HKLM\Software\Wow6432Node\Leonardo]
[HKLM\Software\Wow6432Node\Level 27 Technologies]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\Uk2000 Scenery]
~ Key Software: 289 Legitimates Filtered in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 12/15/2012 - 2:41:06 PM - [0.134] ----D C:\Program Files (x86)\aircraft
O43 - CFD: 7/22/2012 - 10:05:48 AM - [220.684] ----D C:\Program Files (x86)\Flip Video
O43 - CFD: 9/10/2013 - 9:49:19 AM - [0.007] ----D C:\Program Files (x86)\FSC9
O43 - CFD: 9/9/2013 - 7:40:55 PM - [0] ----D C:\Program Files (x86)\GUMB7D9.tmp
O43 - CFD: 5/12/2013 - 9:24:09 PM - [0] ----D C:\Program Files (x86)\GUMFC49.tmp
O43 - CFD: 5/2/2013 - 2:22:28 PM - [61.782] ----D C:\Program Files (x86)\Hanse-Blampain
O43 - CFD: 12/15/2012 - 2:41:06 PM - [0.191] ----D C:\Program Files (x86)\networks
O43 - CFD: 6/7/2013 - 5:51:20 PM - [0] ----D C:\Program Files (x86)\PCFixKit
O43 - CFD: 12/15/2012 - 2:41:06 PM - [2.611] ----D C:\Program Files (x86)\sound
O43 - CFD: 2/27/2013 - 10:12:49 AM - [1.121] ----D C:\Program Files (x86)\TotalImageConverter
O43 - CFD: 7/9/2013 - 3:42:50 PM - [7.083] ----D C:\Program Files (x86)\Ultimate Mahjong demo
O43 - CFD: 12/15/2012 - 2:41:06 PM - [0.086] ----D C:\Program Files (x86)\weather
O43 - CFD: 7/22/2012 - 7:52:56 AM - [0.007] ----D C:\Program Files (x86)\Wings of POWER II
O43 - CFD: 10/29/2012 - 8:00:45 PM - [1.782] ----D C:\Program Files (x86)\Common Files\TOPCAT
O43 - CFD: 7/22/2012 - 10:06:12 AM - [7.155] ----D C:\ProgramData\Flip Video
O43 - CFD: 5/27/2013 - 2:35:30 PM - [6.455] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 11/28/2012 - 1:57:36 AM - [0.001] ----D C:\ProgramData\SpeedBit
O43 - CFD: 8/21/2012 - 1:30:56 AM - [0.006] ----D C:\Users\Younes\AppData\Roaming\4X_DATA
O43 - CFD: 7/22/2012 - 10:06:29 AM - [1.155] ----D C:\Users\Younes\AppData\Roaming\Flip Video
O43 - CFD: 7/16/2013 - 4:27:06 PM - [0] ----D C:\Users\Younes\AppData\Roaming\fscabincrew
O43 - CFD: 6/7/2013 - 5:49:30 PM - [0.000] ----D C:\Users\Younes\AppData\Roaming\PCFixKit
O43 - CFD: 9/10/2012 - 9:51:41 PM - [0.000] ----D C:\Users\Younes\AppData\Roaming\QualityWings
O43 - CFD: 12/15/2012 - 1:43:57 PM - [1.858] ----D C:\Users\Younes\AppData\Roaming\VAT-Spy
O43 - CFD: 5/2/2013 - 2:22:57 PM - [0.008] ----D C:\Users\Younes\AppData\Local\Ancestry.com
O43 - CFD: 11/22/2012 - 2:57:23 PM - [0.001] ----D C:\Users\Younes\AppData\Local\StageSoft
O43 - CFD: 7/23/2012 - 12:49:05 PM - [0.005] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eiresim Cork Ultimate FsX
O43 - CFD: 5/4/2013 - 3:30:20 PM - [0.002] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeelThere
O43 - CFD: 2/5/2013 - 8:28:57 PM - [0.001] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lebor OLBAX V1.0
O43 - CFD: 12/12/2012 - 10:51:36 PM - [0.001] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shade
O43 - CFD: 7/22/2012 - 7:57:24 AM - [0.906] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sim Giants
O43 - CFD: 11/15/2012 - 6:42:28 PM - [0.001] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SunSkyJet Sceneries
O43 - CFD: 5/4/2013 - 3:43:43 PM - [0] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TOPCAT
O43 - CFD: 5/12/2013 - 5:00:09 AM - [0] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery
O43 - CFD: 7/9/2013 - 3:42:48 PM - [0] ----D C:\Users\Younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Mahjong
~ Program Folder: 219 Legitimates Filtered in 20mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.2F8182300B38EF593C396A59AC880A11] - 10/30/2013 - 10:05:30 AM ---A- . (...) -- C:\UsbFix [Clean 5] YOUNES-PC.txt [12354]
O44 - LFC:[MD5.AD6997C9298FA1FDF19358DDD1B3364B] - 10/30/2013 - 11:21:49 AM ---A- . (...) -- C:\UsbFix [Listing 1 ] YOUNES-PC.txt [6477]
O44 - LFC:[MD5.2E41D16EF00F13925CAA0644DBC0F003] - 10/30/2013 - 11:22:13 AM ---A- . (...) -- C:\UsbFix [Listing 2 ] YOUNES-PC.txt [6552]
O44 - LFC:[MD5.551EF43E1C4C4DDE5C92DE58DC5CC560] - 10/30/2013 - 11:26:06 AM ---A- . (...) -- C:\Windows\genfwsrv.log [1009586]
O44 - LFC:[MD5.B1D31BEF5DF41433791C63E4784E717E] - 10/30/2013 - 11:26:15 AM ---A- . (...) -- C:\Windows\AutoKMS.log [427399]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/30/2013 - 11:39:17 AM ---A- . (...) -- C:\END [0]
~ Files: 23 Legitimates Filtered in 09mn AMs



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.2D817BFE5F1BC0CCD36007D2D61DF5ED] - 10/28/2013 - 10:38:27 PM ---A- - C:\Windows\Prefetch\ADOBE PHOTOSHOP CS5.EXE-C89FED65.pf
O45 - LFCP:[MD5.298EDA2AF6DF41EC9BFEDC7F2E1F824C] - 10/28/2013 - 10:52:50 PM ---A- - C:\Windows\Prefetch\LOGTRANSPORT2.EXE-C2262700.pf
O45 - LFCP:[MD5.EA957FF0163694650B4ED7B9576BD45B] - 10/28/2013 - 2:03:14 PM ---A- - C:\Windows\Prefetch\SF.BIN-27A9EA0B.pf
O45 - LFCP:[MD5.90F2DB11C1D775292EEFEE994DE2F4C3] - 10/29/2013 - 1:12:28 PM ---A- - C:\Windows\Prefetch\AVAST03.SETUP-C3A11468.pf
O45 - LFCP:[MD5.06AE4B72B7E349A890C542E49F2B2540] - 10/29/2013 - 1:40:43 AM ---A- - C:\Windows\Prefetch\FTXNZQN100.EXE-8A9E3C25.pf
O45 - LFCP:[MD5.BE510C29A588FFE486086D1F922B06A7] - 10/29/2013 - 1:42:32 AM ---A- - C:\Windows\Prefetch\MODULEINSTALLER.EXE-602BA801.pf
O45 - LFCP:[MD5.F7C9722FDE16163713454D367AD57EB5] - 10/29/2013 - 1:42:42 AM ---A- - C:\Windows\Prefetch\FTXCONFIGURATOR.EXE-1DCC85C2.pf
O45 - LFCP:[MD5.3F7FE5E7AD269666E8A3C5224F92EF30] - 10/29/2013 - 1:47:49 PM ---A- - C:\Windows\Prefetch\GAMEBOOSTER.EXE-EE649315.pf
O45 - LFCP:[MD5.525E6E5202BA3EC94B49E245ADB29BB3] - 10/29/2013 - 1:48:01 PM ---A- - C:\Windows\Prefetch\GBTRAY.EXE-1F6B94CA.pf
O45 - LFCP:[MD5.EFA9EE146C3D6AB3C77FD5FDAE644E8C] - 10/29/2013 - 1:48:12 PM ---A- - C:\Windows\Prefetch\RZUPDATEMANAGER.EXE-A48FAD03.pf
O45 - LFCP:[MD5.9EF3A1B91C7A6D526CC60E0A4E2883D6] - 10/29/2013 - 2:00:12 PM ---A- - C:\Windows\Prefetch\TMP5271.TMP.EXE-97D580BE.pf
O45 - LFCP:[MD5.AD4BADA99F760EE798E90642D7CDF78B] - 10/29/2013 - 2:04:30 PM ---A- - C:\Windows\Prefetch\DOTNETFX45LP_FULL_X86_X64FR.E-838E7368.pf
O45 - LFCP:[MD5.B80C4EC5D8431CC2255A9CF24D3F0047] - 10/29/2013 - 2:08:30 PM ---A- - C:\Windows\Prefetch\UNINSTALLPOWERPLANS.EXE-F05E0806.pf
O45 - LFCP:[MD5.6E055E33619EEE61D73D41941B3CA688] - 10/29/2013 - 2:08:42 PM ---A- - C:\Windows\Prefetch\SETUPSYSTEMSTART.EXE-3D26ECB9.pf
O45 - LFCP:[MD5.092B7EEBEAFA2D38DA4831C3F21FF53B] - 10/29/2013 - 2:08:56 PM ---A- - C:\Windows\Prefetch\RZKLSERVICE.EXE-2113B899.pf
O45 - LFCP:[MD5.4FEDF3A96827C29CB5096DD43851A5F9] - 10/29/2013 - 2:09:07 PM ---A- - C:\Windows\Prefetch\RAZERGAMEBOOSTER.EXE-3D88C981.pf
O45 - LFCP:[MD5.56104E3B517F8046394E1420D965ED03] - 10/29/2013 - 2:13:27 AM ---A- - C:\Windows\Prefetch\RECOVERMYFILES.EXE-C26F2E9D.pf
O45 - LFCP:[MD5.0A4359F637331DED6852FE063D7B4F49] - 10/29/2013 - 2:17:06 PM ---A- - C:\Windows\Prefetch\FSCABINCREWMODULE.EXE-762A4003.pf
O45 - LFCP:[MD5.C636B4A3CF1D4DA7DD656B56A9DE8290] - 10/29/2013 - 2:18:41 PM ---A- - C:\Windows\Prefetch\PROCESSCAPTURER.EXE-BF9AC456.pf
O45 - LFCP:[MD5.E56D60EEDC8C5A8F75E2738D57B88A64] - 10/29/2013 - 3:47:26 PM ---A- - C:\Windows\Prefetch\EZCALOADER.EXE-E6B368F2.pf
O45 - LFCP:[MD5.43AFB2D8592BB5451B65238A90A2EF6A] - 10/29/2013 - 3:47:35 PM ---A- - C:\Windows\Prefetch\EZCA.EXE-7F2DDDAF.pf
O45 - LFCP:[MD5.1479681E58E06D8AF7679C0F5394BD15] - 10/29/2013 - 9:57:19 PM ---A- - C:\Windows\Prefetch\VIRTUALDJ_HOME.EXE-97CE2AB3.pf
O45 - LFCP:[MD5.3895C0BD34D70E4282709BB1157978A3] - 10/30/2013 - 11:26:44 AM ---A- - C:\Windows\Prefetch\AVAST02.SETUP-42A18533.pf
O45 - LFCP:[MD5.8B6A560A51C99E913B79687335B56871] - 10/30/2013 - 11:40:17 AM ---A- - C:\Windows\Prefetch\AZUREUS.EXE-997C5496.pf =>P2P.Azureus
O45 - LFCP:[MD5.1E5AF942B7A938D250C9D50B2CD5A9A9] - 10/30/2013 - 11:41:58 AM ---A- - C:\Windows\Prefetch\FILZIP.EXE-D5102095.pf
~ Prefetcher: 138 Legitimates Filtered in 01mn AMs



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Zune Launcher [Key] . (...) -- C:\Program Files\Zune\ZuneLauncher.exe (.not file.)
~ SMSR Keys: 16 Legitimates Filtered in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.E8184039D57365BEE3EAA750375C44AD] - 6/28/2010 - 9:32:36 PM ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\System32\Drivers\aswFsBlk.sys [20048]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 4/2/2009 - 1:30:14 PM ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 16 Legitimates Filtered in 00mn AMs



---\\ Last modified or created user files (O61)
O61 - LFC: 10/27/2013 - 11:57:41 AM ---A- . (...) -- C:\Users\Younes\Documents\VirtualDJ\Tracklisting\2013-10-27.m3u [977]
O61 - LFC: 10/28/2013 - 11:56:14 AM ---A- . (...) -- C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260408]
O61 - LFC: 10/28/2013 - 11:56:45 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\PMDG\PMDG Operations Center\Liveries\PMDG 777-200LR - AC.ptp [12479640]
O61 - LFC: 10/28/2013 - 11:56:45 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\PMDG\PMDG Operations Center\Liveries\PMDG 777-200LR - JL.ptp [18317728]
O61 - LFC: 10/28/2013 - 11:56:45 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\PMDG\PMDG Operations Center\PMDG 737NGX Livery Backup.dat [24136]
O61 - LFC: 10/28/2013 - 11:56:45 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\PMDG\PMDG Operations Center\PMDG 777X Livery Backup.dat [11104]
O61 - LFC: 10/28/2013 - 11:56:45 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\PMDG\PMDG Operations Center\PMDG J41 Livery Backup.dat [6494]
O61 - LFC: 10/28/2013 - 11:57:41 AM ---A- . (...) -- C:\Users\Younes\Documents\VirtualDJ\Tracklisting\2013-10-28.m3u [193]
O61 - LFC: 10/28/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\FX_F-S-dre-a-m-t-e-a-m-G-en-e-ve.rar_ [104570750]
O61 - LFC: 10/28/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\PMDG_VHHX [NG] V2.0.zip [1710720]
O61 - LFC: 10/28/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\Wing Creation - Narita RJAA.rar [550085847]
O61 - LFC: 10/28/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\anz2.zip [8348887]
O61 - LFC: 10/29/2013 - 11:56:39 AM ---A- . (...) -- C:\Users\Younes\AppData\Local\Razer\GameBooster2\Accounts\RazerLoginData.xml [568]
O61 - LFC: 10/29/2013 - 11:56:39 AM ---A- . (...) -- C:\Users\Younes\AppData\Local\Razer\GameBooster2\Accounts\RzLogins.xml [199]
O61 - LFC: 10/29/2013 - 11:56:42 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\EZCA\db\general.INI [1881]
O61 - LFC: 10/29/2013 - 11:56:43 AM R--A- . (...) -- C:\Users\Younes\AppData\Roaming\Microsoft\Installer\{A6AC699F-8315-40CA-8F70-E917494978AB}\VirtualdjIcon [289422]
O61 - LFC: 10/29/2013 - 11:56:44 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\Microsoft\OIS\Toolbars.dat [780]
O61 - LFC: 10/29/2013 - 11:56:46 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 10/29/2013 - 11:56:47 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\ZHP\ZHPDiag.txt [60877] =>.Nicolas Coolman
O61 - LFC: 10/29/2013 - 11:57:41 AM ---A- . (...) -- C:\Users\Younes\Documents\VirtualDJ\TracklistingToUpload.vdjsend [112]
O61 - LFC: 10/29/2013 - 11:57:41 AM ---A- . (...) -- C:\Users\Younes\Documents\VirtualDJ\Tracklisting\2013-10-29.m3u [1391]
O61 - LFC: 10/29/2013 - 11:57:41 AM ---A- . (...) -- C:\Users\Younes\Documents\VirtualDJ\Tracklisting\tracklist.txt [31040]
O61 - LFC: 10/29/2013 - 11:57:42 AM ---A- . (...) -- C:\Users\Younes\Documents\VirtualDJ\VirtualDJ Database v6.xml [2052266]
O61 - LFC: 10/29/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\adwcleaner.exe [1060070]
O61 - LFC: 10/29/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\exe_fix_w7.zip [886]
O61 - LFC: 10/29/2013 - 11:59:04 AM ---A- . (...) -- C:\Users\Younes\Downloads\folder_fix_w7.zip [1547]
O61 - LFC: 10/30/2013 - 11:56:14 AM ---A- . (...) -- C:\Users\Younes\AppData\Local\GDIPFONTCACHEV1.DAT [147880]
O61 - LFC: 10/30/2013 - 11:56:38 AM ---A- . (...) -- C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Local State [46323]
O61 - LFC: 10/30/2013 - 11:56:46 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\ZHP\Log.txt [38190] =>.Nicolas Coolman
O61 - LFC: 10/30/2013 - 11:56:46 AM ---A- . (...) -- C:\Users\Younes\AppData\Roaming\ZHP\TestsZHPDiag.txt [2866] =>.Nicolas Coolman
~ 14 Fichiers temporaires (Temporary files)
~ Files: 737 Legitimates Filtered in 29mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - http://www.usbfix.net.)" onclick="window.open(this.href);return false; [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn AMs



---\\ Crack & Keygen Files (CKF) (O82)
C:\Users\Younes\Documents\Nero.7.Premium.v7.9.6.0.FR.Incl-Keygen.rar
C:\Users\Younes\Documents\Nero.7.Premium.v7.9.6.0.FR.Incl-Keygen.rar
~ Files: Scanned in 39mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.41D8363C9C452E1501160BCCB9587EFA] [SPRF][8/20/2012] (...) -- C:\Users\Younes\AppData\Local\fusioncache.dat [94]
[MD5.0E771375445E13429E68CAE720A48B72] [SPRF][10/30/2013] (...) -- C:\Users\Younes\AppData\Local\Temp\i4jdel0.exe [35224]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][10/19/2013] (...) -- C:\Users\Younes\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.4D30775F821236A00F4C3BF12897C44B] [SPRF][11/7/2012] (.Ross A Carlson - Fuel planner utility for the 737 NG aircraft in MS Flight Simulator..) -- C:\Users\Younes\Desktop\FuelPlanner737NG.exe [208896]
[MD5.AD834A51534F4F22CC137205C7B7C03E] [SPRF][8/11/2011] (.Christian Grill - TOPCAT - Take-Off and Landing Performance Calculation Tool.) -- C:\Users\Younes\Desktop\TOPCAT.exe [1628672]
[MD5.06E5AA3C8989E43A1EA851D84AF6F3AD] [SPRF][6/9/2012] (.No owner - UltimateDefrag 4.) -- C:\Users\Younes\Desktop\UltimateDefrag.exe [6108581]
[MD5.F9657EA35C68816470AB34451F54F835] [SPRF][12/15/2012] (...) -- C:\Program Files (x86)\sbaicontrol10.dll [81920]
[MD5.B73972EA36808B5BCB8AD9635C2B945B] [SPRF][12/15/2012] (...) -- C:\Program Files (x86)\sbimage.dll [4468736]
[MD5.0A27BC5CB2D7D0B09E2B86B27E95F9E0] [SPRF][12/15/2012] (...) -- C:\Program Files (x86)\sbmod10.dll [4063232]
[MD5.A782730241B50D42FBB3400901AF5B0C] [SPRF][12/15/2012] (...) -- C:\Program Files (x86)\sbtrans10.dll [212992]
[MD5.65AC2F019216EF5E2620480B4D06BC09] [SPRF][12/15/2012] (...) -- C:\Program Files (x86)\sbuninstall.exe [77824]
[MD5.76AD8A4E765DF36C77F29EB69BEC3782] [SPRF][12/15/2012] (.Joel M. DeYoung - squawkbox_fs.exe.) -- C:\Program Files (x86)\squawkbox_fs.exe [1118208]
[MD5.30749E97E4D63C6C2DEB5173F2C049D7] [SPRF][12/15/2012] (.Joel M. DeYoung - squawkbox_fsx.exe.) -- C:\Program Files (x86)\squawkbox_fsx.exe [1093632]
~ Files: 14 Legitimates Filtered in 01mn AMs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{1AD47BA2-DEB0-48D0-AD59-9107E126C8EF}C:\windows\keygen.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
O87 - FAEL: "UDP Query User{BF0FE463-68EF-4AAE-857D-B05052C5A4C8}C:\windows\keygen.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
O87 - FAEL: "{A531913A-8DFD-41E5-B280-596B69C0DCF2}" | In - None - P17 - TRUE | .(.Green Packet Berhad. - WiMAX Device Manager.) -- C:\Windows\RNDIS_MGR\WmGenieSrv.exe
O87 - FAEL: "{83E4DCEE-C873-44A9-A7B6-1DE5196F9C55}" | Out - None - P17 - TRUE | .(.Green Packet Berhad. - WiMAX Device Manager.) -- C:\Windows\RNDIS_MGR\WmGenieSrv.exe
O87 - FAEL: "TCP Query User{8BBE77BC-63F4-424C-A876-8611FBEB2DDC}C:\program files (x86)\fsfdt\fwinn\fwinn.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\fsfdt\fwinn\fwinn.exe (.not file.)
O87 - FAEL: "UDP Query User{A2BCC02A-1716-47CD-812C-D575F7360B6D}C:\program files (x86)\fsfdt\fwinn\fwinn.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\fsfdt\fwinn\fwinn.exe (.not file.)
O87 - FAEL: "TCP Query User{25C72DDD-0A1E-4D14-8E13-B7F63C317C33}C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe (.not file.)
O87 - FAEL: "UDP Query User{8EEE0513-5F76-43FD-BCCE-DEBB2EA7564D}C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe (.not file.)
~ Firewall: 196 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.27C54EDB3225284A262D6A8A2D0649F1] [WIS][5/6/2011] (.Flip Video - FlipShare 5.12.3.0.) -- C:\Windows\Installer\1161005.msi [62862848]
[MD5.DA80EE36A6B03442249E4B603ECA70C5] [WIS][9/10/2013] (.Sascha W. Felix - Volker Heine © 2013 - Navigational Tool for Microsoft® Flight Simulator 2004® - FSX®.) -- C:\Windows\Installer\6c16b2.msi [84314624]
~ WIS: 57 Legitimates Filtered in 16mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 3/27/2010 1054568 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SR - | Auto 5/11/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 11/23/2012 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 1/16/2001 2480048 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SR - | Auto 6/28/2010 40384 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Demand 6/28/2010 40384 | (avast! Mail Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Demand 6/28/2010 40384 | (avast! Web Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 1/16/2001 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Disabled 5/6/2011 460144 | (FlipShare Service) . (...) - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
SS - | Disabled 5/6/2011 1085440 | (FlipShareServer) . (...) - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
SR - | Auto 8/3/2012 75264 | (GenieService) . (.Green Packet Berhad..) - C:\Windows\RNDIS_MGR\WmGenieFwSrv.exe
SS - | Auto 11/24/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/24/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 4/4/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 4/13/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Demand 5/16/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Disabled 3/20/2011 1012328 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Disabled 10/2/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 9/18/2013 106472 | (RzKLService) . (.Razer Inc..) - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
SS - | Auto 1/8/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 3/20/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 7/14/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 7/14/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 17mn AMs



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Younes at 10/30/2013 12:01:45 PM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Younes at 10/30/2013 12:01:47 PM

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs



---\\ Scan Additionnel (O88)
Database Version : 12960 - (10/28/2013)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\jbmihfmcieemmafjkogmdabpdgjndlll] =>PUP.OfferWare^
[HKLM\Software\Google\Chrome\Extensions\ohpafhbnohgogojklhkcnlgbpcgcpkak] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6E9009E-9593-4CC9-AE22-DDB13D0A2268}] =>Adware.Browse2Save^
[HKCU\Software\Classes\.bgl] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Program Files (x86)\Vuze\Azureus.exe =>P2P.Azureus^
C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmihfmcieemmafjkogmdabpdgjndlll =>PUP.OfferWare^
C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohpafhbnohgogojklhkcnlgbpcgcpkak =>Adware.Browse2Save^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
C:\Windows\AutoKMS.exe =>Trojan.Keygen
~ Additionnel Scan: 247508 Items scanned in 10mn AMs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/27332348-pup-offerware" onclick="window.open(this.href);return false; =>PUP.Offerware
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save" onclick="window.open(this.href);return false; =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit" onclick="window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma" onclick="window.open(this.href);return false; =>PUP.Tarma
~ MSI: 4 link(s) detected in 10mn AMs



~ 2035 Legitimates filtered by white list
End of the scan (695 lines in 47mn AMs)(2)
#13556
Plus de soucis non plus avec le dossier : FS Addons ?
  • Séléctionne et copie le script suivant :
    Script ZHPFix
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
    O87 - FAEL: "TCP Query User{1AD47BA2-DEB0-48D0-AD59-9107E126C8EF}C:\windows\keygen.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
    O87 - FAEL: "UDP Query User{BF0FE463-68EF-4AAE-857D-B05052C5A4C8}C:\windows\keygen.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
    O87 - FAEL: "{A531913A-8DFD-41E5-B280-596B69C0DCF2}" | In - None - P17 - TRUE | .(.Green Packet Berhad. - WiMAX Device Manager.) -- C:\Windows\RNDIS_MGR\WmGenieSrv.exe
    O87 - FAEL: "{83E4DCEE-C873-44A9-A7B6-1DE5196F9C55}" | Out - None - P17 - TRUE | .(.Green Packet Berhad. - WiMAX Device Manager.) -- C:\Windows\RNDIS_MGR\WmGenieSrv.exe
    O87 - FAEL: "TCP Query User{8BBE77BC-63F4-424C-A876-8611FBEB2DDC}C:\program files (x86)\fsfdt\fwinn\fwinn.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\fsfdt\fwinn\fwinn.exe (.not file.)
    O87 - FAEL: "UDP Query User{A2BCC02A-1716-47CD-812C-D575F7360B6D}C:\program files (x86)\fsfdt\fwinn\fwinn.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\fsfdt\fwinn\fwinn.exe (.not file.)
    O87 - FAEL: "TCP Query User{25C72DDD-0A1E-4D14-8E13-B7F63C317C33}C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe (.not file.)
    O87 - FAEL: "UDP Query User{8EEE0513-5F76-43FD-BCCE-DEBB2EA7564D}C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\fsfdt\control panel\fsfdtcp.exe (.not file.)
    [HKLM\Software\Google\Chrome\Extensions\jbmihfmcieemmafjkogmdabpdgjndlll]
    [HKLM\Software\Google\Chrome\Extensions\ohpafhbnohgogojklhkcnlgbpcgcpkak]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6E9009E-9593-4CC9-AE22-DDB13D0A2268}]
    [HKCU\Software\Classes\.bgl
    [HKLM\Software\Classes\Toolbar3.SBCONVERT]
    [HKLM\Software\Classes\Toolbar3.SBCONVERT.1]
    [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT]
    [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT.1]
    C:\ProgramData\InstallMate
    C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmihfmcieemmafjkogmdabpdgjndlll
    C:\Users\Younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohpafhbnohgogojklhkcnlgbpcgcpkak
    [HKCU\Software\Conduit]
    EmptyCLSID
    Emptytemp
    EmptyFlash
  • Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c'est le cas, Clic sur "GO"
    Image

    Image
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à  été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
#13566
Si tu considères ton soucis réglé, tu vas pouvoir passer ton sujet en résolu.
  • Pour supprimer les outils de désinfections utilisés :
  • Télécharges Delfix sur ton Bureau.
  • Lance Delfix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Coche la case suivantes :
    • Supprimer les outils de désinfection
    • Purger la restauration système

      Image


Si vous avez eu des soucis d'infections, ce n'est certainement pas par hasard.Voici quelques conseils pour vous aider à surfer surement et pour adopter un bon comportement. • Le meilleur antivirus, c'est le comportement entre l'écran, la page Web et la souris. • Il ne faut pas cliquer sur n'importe quoi ( lien - image ) : Prendre le temps de lire, de réfléchir avant de cliquer ! • A l'installation d'un nouveau logiciel, bien choisir le site de téléchargement, ne plus/pas télécharger sur 01Net, et Softonic. Ces sites repackent les logiciels proposés en y incluant des adwares / publiciels.
C:\Users\%UserName%\Downloads\rcpsetup_softonic_englobal (1).exe (PUP.Optional.RegCleanerPro) C:\Users\%UserName%\Downloads\rcpsetup_softonic_englobal (2).exe (PUP.Optional.RegCleanerPro) C:\Users\%UserName%\Downloads\FlashPlayer_V.156338033a.exe (PUP.FakeFlash.Domaiq) C:\Users\%UserName%\Downloads\FlvPlayerWizard.exe (PUP.Optional.Cooltech) C:\Users\%UserName%\Downloads\Free PDF to Word Doc Converter.exe (PUP.Optional.Firseria) C:\Users\%UserName%\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) C:\Users\%UserName%\Downloads\Mapit_1.exe (PUP.Optional.Conduit.A) C:\Users\%UserName%\Downloads\pc-cleaner-379.exe (PUP.Optional.PCCleaner.A) C:\Users\%UserName%\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) C:\Users\%UserName%\Downloads\rcpsetupmarm_marm0fr.exe (PUP.Optional.RegCleanerPro)
• Préférez notre Logithèque SosVirus nous surveillons pour vous la qualité des téléchargements et de leurs éditeurs. • Bien lire durant l'installation d'un nouveau logiciel les options à décocher, bon nombre d'installeurs proposent l'installation tierce de barres d'outils, navigateurs web, scanners de sécurité etc. bc7d098864bbd36103d7302953ee7b9aVxB8e.pngN'acceptez pas ces installations tierces. • En aucun cas télécharger sur des sites Warez - P2P - Cracks - Keygens • Banir les sites pornographiques et de Poker, sources de problèmes par la suite ... Ils installent de faux codecs, proposent de fausses mises à jours Flash Player, Java etc
Il est primordial de tenir son système d'exploitation à jour, pour cela activez l'exécution automatique des mises à jour Windows. Mais il est tout aussi primordial de tenir à jour ses logiciels tiers comme Java - Adobe Reader - Flash Player - etc ... Pour cela il existe un petit programme bien pratique, j'ai nommé Update Checker.
Bitdefender 2015 Ensuite il faut bien entendu avoir une solution antivirale et un pare-feu. SosVirus vous conseille fortement d'adopter une solution complète plutôt qu'un simple antivirus gratuit, une solution complète incluant : • L'antivirus. • Le pare-feu. • Le contrôle parentale. • La protection lors d'achats sur la toile. Cela vous permettra d'être protégé au mieux sans avoir à effectuer une multitude de réglages. Pour vous protéger au mieux, nous vous recommandons d'adopter la suite Bitdefender Internet Security déjà primée plusieurs fois. • Protection de référence de toutes vos données • Extrêmement rapide. Léger. Silencieux. Intègre Bitdefender Photon™ • Protège vos achats en ligne. • Sécurise votre identité digitale. • Informe sur l'activité en ligne des enfants. Fournit des outils de filtrage si nécessaire. • Protège votre connexion Internet grâce au pare-feu. • Vaccination automatique des supports amovibles, Clé USB, Carte SD ... Protégez votre famille avec Bitdefender Internet Security, cliquez sur l'image ci-dessous pour vous le procurer :
ver Usb Il est aussi important de vacciner les supports externes USB, contre les infections se propageant via ceux-ci,
pour cela nous vous recommandons d'utiliser l'utilitaire gratuit de l'éditeur antivirus Bitdefender : Bitdefender USB Immunizer. L'avantage de Bitdefender USB Immunizer est qu'il dispose d'un système de vaccination actif.
C'est à dire qu'à chaque insertion d'un support amovible, il vérifiera si celui ci est vacciné ou pas, et le cas échéant le vaccinera.

Pour vous aider à utiliser correctement Bitdefender USB Immunizer, visionnez ce petit diaporama :



Si vous souhaitez vous informer sur ce type d'infections et leur système de propagation, nous vous conseillons de lire cet article : Infection Dinihiou : SosVirus et Bitdefender vous explique son fonctionnement.
blogsnews.png SosVirus dispose d'un fil d'actualité sous forme de blog, vous pouvez, si vous le souhaitez mettre cette page en favori, pour avoir accès quand vous le souhaitez aux dernières actualités du site mais aussi être informé des dernières menaces. Pour consulter le fil, cliquez sur l'image ci-dessous : logoblogs.png
resauxsociaux.png Si vous appréciez le site et si vous êtes satisfait de l'aide dont vous avez bénéficié, nous vous invitons à cliquer sur le bouton "j'aime", si vous disposez d'un compte Facebook afin de nous faire connaitre dans votre entourage : ) Vous bénéficierez également des news du site comme cité plus haut directement sur votre mur.

donsosvirus.png Enfin vous avez la possibilité de contribuer au bon fonctionnement du site et de participer à son évolution. En effet nous améliorons sans cesse le site pour vous apporter le meilleur service possible. Cela a bien sûr un coup financier que nous avons décidé de ne pas répercuter sur notre démarche. Vous pouvez cependant effectuer un don, aussi petit soit-il, via notre partenaire Paypal. Les dons sont bien évidemment totalement sécurisés et facultatifs. Cliquez sur l'image ci-dessous pour effectuer un don à SosVirus :
Pour continuer dans la gratuité, nous avons besoin de diffuser de la publicité pour couvrir les frais qu’engendre notre structure, tel que le coût de serveurs web par exemple.,
Si vous appréciez SosVirus, alors désactivez votre bloqueur de publicités sur notre domaine : sosvirus.net
Ceci constitue une autre façon de nous soutenir :)
Tutoriel : Désactiver Adblock sur SosVirus

Toute l'équipe SosVirus vous souhaite un bon surf et vous remercie de votre visite.



bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)