Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#19715
############################## | UsbFix V 7.152 | [Recherche]

Utilisateur: FassMaraj (Administrateur) # FASSMARAJ-PC
Mis à  jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à  21:05:13 | 29/11/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Micro-Star International Co., Ltd. (MS-16GN)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3564 | Free : 2113]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Intégrale (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2014 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 165 Go (11 Go libre(s) - 7%) [Disque local] # NTFS
D:\ -> Disque fixe # 301 Go (18 Go libre(s) - 6%) [Disque local] # NTFS
E:\ -> CD-ROM
G:\ -> Disque fixe # 100 Mo (63 Mo libre(s) - 63%) [Réservé au système] # NTFS

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 680 |ParentID: 668)
C:\Windows\system32\wininit.exe (ID: 752 |ParentID: 668)
C:\Windows\system32\csrss.exe (ID: 792 |ParentID: 764)
C:\Windows\system32\services.exe (ID: 828 |ParentID: 752)
C:\Windows\system32\winlogon.exe (ID: 852 |ParentID: 764)
C:\Windows\system32\lsass.exe (ID: 888 |ParentID: 752)
C:\Windows\system32\lsm.exe (ID: 896 |ParentID: 752)
C:\Windows\system32\svchost.exe (ID: 1016 |ParentID: 828)
C:\Windows\system32\svchost.exe (ID: 636 |ParentID: 828)
C:\Windows\System32\svchost.exe (ID: 816 |ParentID: 828)
C:\Windows\System32\svchost.exe (ID: 1064 |ParentID: 828)
C:\Windows\system32\svchost.exe (ID: 1100 |ParentID: 828)
C:\Windows\system32\svchost.exe (ID: 1300 |ParentID: 828)
C:\Windows\system32\svchost.exe (ID: 1444 |ParentID: 828)
C:\Windows\system32\svchost.exe (ID: 1704 |ParentID: 828)
C:\Windows\system32\Dwm.exe (ID: 1892 |ParentID: 1064)
C:\Windows\system32\svchost.exe (ID: 2264 |ParentID: 828)
C:\Windows\explorer.exe (ID: 4216 |ParentID: 852)
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 4440 |ParentID: 828)
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (ID: 2836 |ParentID: 4440)
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (ID: 4880 |ParentID: 4440)
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (ID: 3316 |ParentID: 4440)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1236 |ParentID: 828)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2196 |ParentID: 1236)
C:\Windows\System32\spoolsv.exe (ID: 2716 |ParentID: 828)
C:\Windows\system32\sppsvc.exe (ID: 4388 |ParentID: 828)
C:\Windows\system32\DllHost.exe (ID: 3292 |ParentID: 1016)
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (ID: 3952 |ParentID: 828)
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (ID: 2040 |ParentID: 3952)
C:\Windows\System32\svchost.exe (ID: 2076 |ParentID: 828)
C:\Program Files (x86)\AVG Secure Search\vprot.exe (ID: 2340 |ParentID: 3084)
C:\Windows\system32\AUDIODG.EXE (ID: 4708 |ParentID: 816)
C:\Windows\System32\WUDFHost.exe (ID: 2400 |ParentID: 1064)
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 4092 |ParentID: 2836)
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 1692 |ParentID: 3316)
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID: 4356 |ParentID: 828)
C:\Windows\system32\taskeng.exe (ID: 984 |ParentID: 1100)
C:\Program Files (x86)\Kanakoo Liberté Plus\Main\USB Modem.exe (ID: 4944 |ParentID: 4216)
C:\UsbFix\Go.exe (ID: 4048 |ParentID: 688)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1472 |ParentID: 1016)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\SOFTWARE | Run : [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
04 - HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\SOFTWARE | Run : [goihkgucfv] - wscript.exe //B "C:\Users\FassMaraj\AppData\Roaming\goihkgucfv..vbs"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Recherche générique |


################## | Registre |

Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afterfx.exe
Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afterfx.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
Voila je t'attend
#19726
re

fais ceci et poste le rapport s'il te plaît
  • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Branchez toutes vos sources de données externes à  votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Choisis l'option Suppression

    Note : Si UsbFix bloque à  14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
puis ceci et poste aussi le rapport
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
:merci2:
#20266
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: FassMaraj (Administrateur) # FASSMARAJ-PC
Mis à  jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à  20:11:41 | 02/12/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Micro-Star International Co., Ltd. (MS-16GN)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 3564 | Free : 2294]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Intégrale (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16736
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2014 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 165 Go (11 Go libre(s) - 7%) [Disque local] # NTFS
D:\ -> Disque fixe # 301 Go (12 Go libre(s) - 4%) [Disque local] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (2 Go libre(s) - 93%) [SWAGG] # FAT
G:\ -> Disque fixe # 100 Mo (64 Mo libre(s) - 64%) [Réservé au système] # NTFS
H:\ -> Disque amovible # 13 Go (3 Go libre(s) - 25%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:\PROGRA~2\AVG\AVG2014\avgrsa.exe (ID: 436 |ParentID: 424)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ID: 472 |ParentID: 436)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (ID: 1432 |ParentID: 808)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (ID: 1724 |ParentID: 808)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 1916 |ParentID: 808)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID: 2532 |ParentID: 2540)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (ID: 1964 |ParentID: 1916)
Stoppé! C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (ID: 2492 |ParentID: 1916)
Stoppé! C:\Windows\explorer.exe (ID: 2204 |ParentID: 908)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 2724 |ParentID: 1088)
Stoppé! C:\Windows\System32\rundll32.exe (ID: 1472 |ParentID: 1016)
Stoppé! C:\Program Files (x86)\Windows Media Player\wmplayer.exe (ID: 3716 |ParentID: 2204)
Stoppé! C:\Windows\system32\DllHost.exe (ID: 2252 |ParentID: 1016)
Stoppé! C:\Program Files (x86)\TuneWiki\tunewiki_desktop_win32.exe (ID: 2984 |ParentID: 2204)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2016 |ParentID: 808)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 1500 |ParentID: 2016)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 2740 |ParentID: 808)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 2444 |ParentID: 808)
Stoppé! C:\Windows\system32\sppsvc.exe (ID: 1652 |ParentID: 808)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
04 - HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\SOFTWARE | Run : [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
04 - HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\SOFTWARE | Run : [goihkgucfv] - wscript.exe //B "C:\Users\FassMaraj\AppData\Roaming\goihkgucfv..vbs"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Recherche générique |


(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afterfx.exe
Supprimé! HKU\S-1-5-21-2165522393-3575585336-3699973293-1000\Software\.\.\.\.\Mountpoints2\{238c2b39-ed16-11e2-9925-806e6f6e6963}

################## | Listing |

[30/11/2013 - 14:45:16 | D ] C:\$AVG
[29/11/2013 - 09:52:16 | SHD ] C:\$RECYCLE.BIN
[10/06/2009 - 21:42:20 | N | 24] C:\autoexec.bat
[10/06/2009 - 21:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:08:56 | SHD ] C:\Documents and Settings
[30/11/2013 - 12:02:28 | D ] C:\Downloads
[24/11/2013 - 14:45:34 | D ] C:\H
[25/05/2013 - 12:28:21 | D ] C:\inetpub
[30/10/2013 - 09:06:46 | RHD ] C:\MSOCache
[24/11/2013 - 14:38:59 | D ] C:\Nouveau dossier
[02/12/2013 - 19:56:33 | ASH | 3736858624] C:\pagefile.sys
[14/07/2009 - 03:20:08 | D ] C:\PerfLogs
[29/11/2013 - 00:24:24 | N | 512] C:\PhysicalDisk0_MBR.bin
[30/10/2013 - 09:08:42 | D ] C:\Program Files
[28/11/2013 - 23:57:40 | D ] C:\Program Files (x86)
[30/11/2013 - 10:42:52 | HD ] C:\ProgramData
[15/07/2013 - 09:04:00 | SHD ] C:\Recovery
[01/12/2013 - 07:07:37 | SHD ] C:\System Volume Information
[28/07/2013 - 10:46:37 | D ] C:\Temp
[02/12/2013 - 20:12:02 | D ] C:\UsbFix
[29/11/2013 - 19:07:31 | N | 16812] C:\UsbFix [Clean 4] FASSMARAJ-PC.txt
[02/12/2013 - 20:13:13 | A | 8626] C:\UsbFix [Clean 5] FASSMARAJ-PC.txt
[29/11/2013 - 21:05:40 | N | 8651] C:\UsbFix [Scan 1] FASSMARAJ-PC.txt
[02/12/2013 - 20:10:57 | N | 9814] C:\UsbFix [Scan 2] FASSMARAJ-PC.txt
[14/09/2013 - 08:26:23 | RD ] C:\Users
[29/11/2013 - 08:01:14 | D ] C:\Windows
[29/11/2013 - 14:06:39 | D ] D:\$AVG
[01/12/2013 - 06:40:07 | SHD ] D:\$RECYCLE.BIN
[14/10/2013 - 07:35:47 | N | 26870] D:\1374769_340802922723016_1210707325_n.jpg
[21/10/2013 - 23:23:04 | N | 40791] D:\1374973_930872400320722_305454934_n.jpg
[18/10/2013 - 22:58:49 | N | 40171] D:\1376644_676242075733680_1140229366_n.jpg
[05/10/2013 - 07:52:16 | N | 138876] D:\1377067_757368297623192_1726485285_n.jpg
[17/10/2013 - 21:45:04 | N | 24243] D:\1378127_675519559139265_744486611_n.jpg
[05/10/2013 - 07:49:41 | N | 18689] D:\1379342_613629845349966_907012803_n.jpg
[15/10/2013 - 18:22:39 | N | 26978] D:\1380093_603972559643912_2132461502_n.jpg
[05/10/2013 - 07:50:46 | N | 28019] D:\1382388_664977796868017_608525256_n.jpg
[16/10/2013 - 21:53:08 | N | 78040] D:\1382835_408539252608640_1580444316_n.png
[18/10/2013 - 07:43:17 | N | 28162] D:\1383187_524934400922283_142856209_n.jpg
[12/10/2013 - 22:16:27 | N | 54661] D:\1383830_516651231753071_2071706720_n.jpg
[02/10/2013 - 19:38:41 | N | 28584] D:\1385037_389426351160208_414916932_n.jpg
[11/10/2013 - 02:34:58 | N | 661360] D:\1385705_10151918051426142_314313606_n.png
[03/11/2013 - 03:41:30 | N | 25075] D:\1385996_704480566228664_88315971_n.jpg
[18/10/2013 - 22:57:10 | N | 120320] D:\1395218_676130972411457_14066382_n.jpg
[03/11/2013 - 03:38:33 | N | 139890] D:\1450068_760285680663793_214547457_n.png
[02/10/2013 - 19:26:44 | N | 76914] D:\312660_354342461331341_994345674_n.jpg
[05/10/2013 - 07:57:31 | N | 214112] D:\453px-Zekrom-NB.png
[20/10/2013 - 08:00:14 | N | 24386] D:\545227_561979983869003_1840957485_n.jpg
[05/10/2013 - 08:00:50 | N | 275749] D:\545px-Reshiram.png
[02/10/2013 - 22:29:01 | N | 17348] D:\579146_602611126465772_620272337_n.jpg
[01/10/2013 - 05:44:20 | N | 17262] D:\599332_611829535529997_1845729032_n.jpg
[03/11/2013 - 03:27:42 | N | 15680] D:\644274_682603141757977_1080603938_n.jpg
[20/11/2013 - 19:21:55 | D ] D:\91
[24/10/2013 - 22:39:23 | N | 75448] D:\931355_135183663336462_2043850405_n.jpg
[26/07/2012 - 06:51:57 | N | 24] D:\autoexec.bat
[27/09/2013 - 18:51:40 | D ] D:\Bebert
[26/07/2012 - 03:44:30 | RASH | 398156] D:\bootmgr
[02/06/2012 - 14:30:55 | N | 1] D:\BOOTNXT
[17/11/2013 - 17:46:18 | D ] D:\Carte memoire
[26/07/2012 - 06:51:57 | N | 10] D:\config.sys
[30/11/2013 - 10:46:57 | D ] D:\Daria
[11/10/2013 - 14:51:35 | D ] D:\DD
[12/09/2013 - 19:30:45 | D ] D:\EMUL
[25/11/2013 - 16:11:42 | D ] D:\Faiz
[15/07/2013 - 12:07:45 | D ] D:\Faiz 1
[02/12/2013 - 17:55:54 | ASH | 2143911936] D:\hiberfil.sys
[29/11/2013 - 10:07:36 | D ] D:\HUMOUR
[30/09/2013 - 18:32:50 | D ] D:\Les BET
[25/11/2013 - 18:32:29 | RHD ] D:\MSOCache
[27/11/2013 - 15:11:01 | D ] D:\naruto
[11/10/2013 - 17:14:21 | D ] D:\New
[02/12/2013 - 17:55:55 | N | 2684354560] D:\pagefile.sys
[26/07/2012 - 06:29:28 | D ] D:\PerfLogs
[05/10/2011 - 16:39:52 | N | 31286075] D:\Photodex.ProShow.Gold.4.52.3053_2.rar
[01/12/2013 - 06:39:41 | D ] D:\Program Files
[19/11/2013 - 10:17:18 | D ] D:\Program Files (x86)
[02/12/2013 - 18:47:16 | HD ] D:\ProgramData
[21/11/2013 - 11:39:33 | SHD ] D:\Recovery
[02/12/2013 - 17:55:55 | N | 268435456] D:\swapfile.sys
[02/12/2013 - 14:33:40 | SHD ] D:\System Volume Information
[10/10/2013 - 14:16:21 | D ] D:\TuneUp Utilities 2013 13.0.2013.194 Final Incl Patch @ ONly By THE RAIN {HKRG}
[02/12/2013 - 17:25:29 | D ] D:\UsbFix
[29/11/2013 - 10:42:09 | N | 15311] D:\UsbFix [Clean 1] JANUZ.txt
[28/11/2013 - 20:06:08 | N | 6025] D:\UsbFix [Scan 1] JANUZ.txt
[02/12/2013 - 17:25:24 | N | 4829] D:\UsbFix [Scan 2] JANUZ.txt
[21/11/2013 - 11:41:56 | RD ] D:\Users
[12/10/2013 - 23:49:10 | D ] D:\Val
[29/11/2013 - 10:07:41 | D ] D:\Windows
[21/11/2013 - 12:11:10 | D ] D:\Windows.old
[28/11/2013 - 16:06:02 | D ] D:\Yann
[12/09/2013 - 19:30:45 | D ] D:\Yu gi oh!
[12/11/2010 - 19:46:48 | D ] F:\_PAlbTN
[01/01/2013 - 10:33:00 | D ] F:\Videos
[01/01/2013 - 10:33:10 | D ] F:\Photos
[01/01/2013 - 10:42:32 | D ] F:\Received
[01/01/2013 - 00:00:02 | D ] F:\Cool_Photo
[03/05/2011 - 12:40:26 | D ] F:\FOUND.000
[01/01/2013 - 00:00:02 | D ] F:\Cool_Music
[20/09/2010 - 18:30:22 | D ] F:\@SMSFAVORITE
[20/09/2010 - 18:30:22 | D ] F:\SMSFAVORITE
[20/09/2010 - 18:30:24 | D ] F:\@SMSTRASH
[20/09/2010 - 18:30:24 | D ] F:\SMSTRASH
[01/01/2010 - 00:00:32 | D ] F:\Playlists
[20/09/2010 - 18:56:08 | D ] F:\@Playlists
[25/09/2010 - 17:53:22 | D ] F:\pb
[25/09/2010 - 17:53:22 | D ] F:\lifeblog
[01/01/2007 - 00:00:00 | D ] F:\nokia_unprocessed_images_
[01/01/2013 - 10:23:42 | N | 0] F:\audio_play_list.txt
[22/12/2010 - 18:09:28 | D ] F:\@wcache
[22/12/2010 - 18:09:44 | D ] F:\@wap
[22/12/2010 - 18:09:54 | D ] F:\@mms
[01/01/2013 - 00:00:02 | D ] F:\Cool_Video
[14/07/2011 - 22:28:14 | D ] F:\Phbimage
[01/01/2013 - 00:00:04 | D ] F:\Cool_Ebook
[16/05/2013 - 18:53:46 | D ] F:\Download
[30/11/2013 - 11:13:40 | D ] F:\Autorun.inf
[01/01/2012 - 00:00:04 | SHD ] F:\System
[01/01/2012 - 00:00:14 | D ] F:\Mp3_res
[01/01/2012 - 00:21:50 | D ] F:\My Music
[01/01/1601 - 00:00:00 | N | 0] F:\DEFAULT.SPL
[06/01/2007 - 11:36:08 | N | 4096] F:\tfs4_160.ess
[12/09/2011 - 20:19:30 | D ] F:\FOUND.001
[21/11/2013 - 11:56:10 | SHD ] G:\$RECYCLE.BIN
[30/11/2013 - 17:20:21 | SHD ] G:\Boot
[20/09/2012 - 06:27:51 | RASH | 398158] G:\bootmgr
[02/06/2012 - 14:30:55 | N | 1] G:\BOOTNXT
[21/11/2013 - 11:26:03 | RASH | 8192] G:\BOOTSECT.BAK
[26/06/2013 - 10:27:44 | N | 8192] G:\bootsect.lxe.bak
[15/07/2013 - 09:11:01 | N | 383592] G:\gdrop
[30/08/2013 - 04:25:14 | SHD ] G:\System Volume Information
[21/10/2013 - 11:36:14 | N | 171136] G:\w7ldr
[04/11/2009 - 15:28:11 | N | 17] G:\win7.ld
[15/07/2013 - 09:11:01 | N | 171136] G:\xeldr
[02/12/2013 - 11:54:02 | D ] H:\albumthumbs
[01/12/2013 - 19:17:08 | D ] H:\DCIM
[25/10/2013 - 08:44:58 | D ] H:\Android
[15/11/2013 - 11:55:10 | D ] H:\layar
[26/10/2013 - 04:00:00 | D ] H:\WhatsApp
[26/11/2013 - 06:33:46 | D ] H:\sd
[01/12/2013 - 18:52:24 | D ] H:\Download
[25/10/2013 - 10:46:18 | D ] H:\media
[20/11/2013 - 16:30:10 | D ] H:\Musics
[25/10/2013 - 10:49:24 | D ] H:\Socialin
[01/12/2013 - 18:57:44 | D ] H:\PicsArt
[25/10/2013 - 11:14:10 | D ] H:\PushADDownloads
[25/10/2013 - 11:16:26 | N | 33] H:\.tid
[28/11/2013 - 07:27:26 | D ] H:\cleanmaster_cn
[02/12/2013 - 13:37:40 | N | 17793] H:\friendcaster_log.txt
[02/12/2013 - 10:24:20 | D ] H:\bluetooth
[25/10/2013 - 15:54:34 | D ] H:\amazonmp3
[25/10/2013 - 19:14:56 | D ] H:\slacker
[26/10/2013 - 15:17:02 | D ] H:\viber
[01/12/2013 - 19:03:32 | D ] H:\Photo Grid
[01/12/2013 - 11:33:04 | N | 93] H:\.06ba141d-a652-464b-b7c2-0932d1a1402b.mologiq
[28/10/2013 - 06:54:36 | D ] H:\cleanmaster
[28/10/2013 - 07:15:24 | N | 33] H:\.bugsense
[27/10/2013 - 08:24:24 | D ] H:\Video
[27/11/2013 - 16:34:50 | D ] H:\wallpaperMarket_WSCL
[28/10/2013 - 11:46:10 | D ] H:\svox
[14/11/2013 - 11:42:36 | D ] H:\Sounds
[29/10/2013 - 08:47:46 | N | 18] H:\.tapcontext
[27/11/2013 - 19:58:08 | D ] H:\.mmsyscache
[31/10/2013 - 06:01:04 | D ] H:\SystemAndroid
[31/10/2013 - 06:02:40 | D ] H:\ADDownloads
[01/12/2013 - 18:59:12 | D ] H:\roidapp
[01/11/2013 - 12:14:18 | D ] H:\MusicManic
[04/11/2013 - 18:24:28 | D ] H:\MusicFreak
[01/11/2013 - 23:09:38 | D ] H:\SketchGuru
[16/11/2013 - 21:18:44 | D ] H:\datas
[02/11/2013 - 18:57:48 | D ] H:\FDDM
[11/11/2013 - 22:48:28 | D ] H:\onemobile_download
[16/11/2013 - 21:18:44 | D ] H:\ppy_cross
[16/11/2013 - 21:17:48 | N | 61222] H:\moodscanner_badge.png
[16/11/2013 - 21:17:48 | N | 56626] H:\moodscanner_badge_white.png
[04/11/2013 - 19:10:00 | N | 99] H:\.avg
[02/12/2013 - 11:39:12 | N | 0] H:\DiskCacheIndex54448.tmp
[13/11/2013 - 01:33:46 | N | 100352] H:\m_1384302826019.jpg
[16/11/2013 - 18:17:04 | D ] H:\lrcFiles
[10/11/2013 - 14:41:52 | D ] H:\com.androidm8.speakerphoneex
[02/12/2013 - 11:34:18 | N | 61] H:\.userReturn
[25/11/2013 - 14:01:20 | D ] H:\baidu
[30/11/2013 - 11:13:40 | D ] H:\Autorun.inf

################## | Vaccin |

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |

Voila pour usbfix
#20272
~ Rapport de ZHPDiag v2013.11.28.59 - Nicolas Coolman (28/11/2013)
~ Lancé par FassMaraj (02/12/2013 20:20:35)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PMJBM
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
AVG 2014 v14.0.3657
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9 - Français

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3563 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 11 GB (6%) free of 165 GB

---\\ Mode de connexion au système
~ Computer Name: FASSMARAJ-PC
~ User Name: FassMaraj
~ All Users Names: FassMaraj, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\FassMaraj\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\FassMaraj\AppData\Roaming\
~ %Desktop% : C:\Users\FassMaraj\Desktop\
~ %Favorites% : C:\Users\FassMaraj\Favorites\
~ %LocalAppData% : C:\Users\FassMaraj\AppData\Local\
~ %StartMenu% : C:\Users\FassMaraj\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 165 Go)
D: Hard drive, Flash drive, Thumb drive (Free 12 Go of 301 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
H: Floppy drive, Flash card reader, USB Key (Free 3 Go of 13 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 08:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d&#130;ouverture de session Windows.) (.20/11/2010 - 13:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.96119226320B3B2A80E87FDB9D446BA0] - (.Microsoft Corporation - Microsoft Tablet PC Component.) (.20/11/2010 - 13:27:26.) -- C:\Windows\System32\sppcomapi.dll [1536]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 01:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 10:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/7731
~ Mes musiques (My Musics) : 0/1041
~ Mes Videos (My Videos) : 1/81
~ Mes Favoris (My Favorites) : 0/27
~ Mes Documents (My Documents) : 0/1147
~ Mon Bureau (My Desktop) : 2/4197
~ Menu demarrer (Programs) : 0/53
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.2532]
[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.2220]
[MD5.43B8F173E8832081F249DA9F50A03980] - (.Pas de propriétaire - GOM Player.) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe [7080032] [PID.3324]
[MD5.DBA0C529D62F6E2F59C6F4367A0A5543] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8256512] [PID.3784]
[MD5.1E68487EF81995767905DE628866215B] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944] [PID.1432]
[MD5.F89B2DACE0FBE54CF65D12B7081C19C3] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544] [PID.1724]
[MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008] [PID.1916]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\FassMaraj\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\prefs.js
C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\user.js
M3 - MFPP: Plugins - [FassMaraj] -- C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [FassMaraj] -- C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\searchplugins\avg-secure-search.xml
M3 - MFPP: Plugins - [FassMaraj] -- C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\searchplugins\Search_Results.xml =>PUP.SearchResults
M3 - MFPP: Plugins - [FassMaraj] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Ask.xml
M3 - MFPP: Plugins - [FassMaraj] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg-secure-search.xml
M3 - MFPP: Plugins - [FassMaraj] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fcmdSrch.xml =>Adware.Facemoods
M3 - MFPP: Plugins - [FassMaraj] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml =>PUP.SearchResults
M0 - MFSP: prefs.js [FassMaraj - urk29wv4.default] http://isearch.avg.com" onclick="window.open(this.href);return false;
M2 - MFEP: prefs.js [FassMaraj - urk29wv4.default\anttoolbar@ant.com] [] Ant Video Downloader v2.4.7.11 (..)
M2 - MFEP: prefs.js [FassMaraj - urk29wv4.default\bookmarks@cometmarks.com] [] 彗星書簽 v2.4 (..)
M2 - MFEP: prefs.js [FassMaraj - urk29wv4.default\{99079a25-328f-4bd4-be04-00955acaa0a7}] [] Searchqu Toolbar v4.6.1.01 (..) =>PUP.Datamngr
M2 - MFEP: prefs.js [FassMaraj - urk29wv4.default\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}] [] BitComet 视频下载器 v1.36 (..) =>P2P.BitComet
M2 - MFEP: prefs.js [FassMaraj - urk29wv4.default\{e46378a8-4e82-45f4-9ce5-678f3f8e0cf9}] [] Music Toolbar (Dist. by Bandoo Media, Inc.) v1.5.0.0 (..) =>Adware.Bandoo
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com" onclick="window.open(this.href);return false; =>Adware.Bandoo
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com" onclick="window.open(this.href);return false; =>Adware.Facemoods
R3 - URLSearchHook: Hot MP3 Toolbar [64Bits] - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 5, 4) -- C:\Program Files (x86)\Hot_MP3\tbHot_.dll =>Toolbar.Conduit
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: BitComet ClickCapture [64Bits] - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll =>P2P.BitComet
O2 - BHO: PXCIEaddin [64Bits] - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} . (.Tracker Softaware - Pas de description.) -- C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Hot MP3 Toolbar [64Bits] - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Hot_MP3\tbHot_.dll =>Toolbar.Conduit
O2 - BHO: Searchqu Toolbar [64Bits] - {99079a25-328f-4bd4-be04-00955acaa0a7} . (.Pas de propriétaire - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll =>Adware.Bandoo
O2 - BHO: Music Toolbar (Dist. by Bandoo Media, Inc.) [64Bits] - {e46378a8-4e82-45f4-9ce5-678f3f8e0cf9} . (.Pas de propriétaire - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll =>Adware.Bandoo
~ BHO: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Angry Birds Rio.lnk . (.Rovio Mobile Ltd. - Angry Birds Rio.) -- C:\Program Files (x86)\Rovio\Angry Birds Rio\AngryBirdsRio.exe
O4 - GS\Desktop [Public]: Angry Birds Space.lnk . (.Rovio Entertainment Ltd. - Angry Birds Space.) -- C:\Program Files (x86)\Rovio\Angry Birds Space\AngryBirdsSpace.exe
O4 - GS\Desktop [Public]: Angry Birds Star Wars.lnk . (.Rovio Entertainment Ltd. - Angry Birds Star Wars.) -- C:\Program Files (x86)\Rovio\Angry Birds Star Wars\AngryBirdsStarWars.exe
O4 - GS\Desktop [Public]: Angry Birds.lnk . (.Rovio Entertainment - Angry Birds.) -- C:\Program Files (x86)\Rovio\Angry Birds\AngryBirds.exe
O4 - GS\Desktop [Public]: BitComet.lnk . (.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files\BitComet\BitComet.exe =>P2P.BitComet
O4 - GS\Desktop [Public]: Comet Player.lnk . (...) -- C:\Program Files (x86)\MpcStar\CometPlayer\cometplayer.exe
O4 - GS\Desktop [Public]: Get The Best Facebook Chat Messenger.lnk - Clé orpheline
O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\Desktop [Public]: iLivid Download Manager.lnk . (...) -- C:\Program Files (x86)\iLivid\ilivid.exe =>Adware.Bandoo
O4 - GS\Desktop [Public]: Kanakoo Liberté Plus.lnk . (...) -- C:\Program Files (x86)\Kanakoo Liberté Plus\Main\USB Modem.exe
O4 - GS\Desktop [Public]: Lightroom 5 64 bits.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe (.not file.) =>.Adobe Systems Incorporated
O4 - GS\Desktop [Public]: LINE.lnk . (.LINE Corporation - LINE.) -- C:\Program Files (x86)\Naver\LINE\Line.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: MpcStar.lnk . (...) -- C:\Program Files (x86)\MpcStar\mpcstar.exe
O4 - GS\Desktop [Public]: Office2PDF.lnk . (.Tracker Software Products Ltd. - Batch converter for Office documents to PDF.) -- C:\Program Files\Tracker Software\PDF-XChange 4\OFFice2PDF.exe
O4 - GS\Desktop [Public]: PDF-Tools 4.lnk . (.Tracker Software Products Ltd. - PDF-Tools.) -- C:\Program Files\Tracker Software\PDF-Tools 4\PDFTools4.exe
O4 - GS\Desktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.) -- C:\Program Files (x86)\PowerISO\PowerISO.exe
O4 - GS\Desktop [Public]: Street Fighter X Tekken.lnk . (.CAPCOM U.S.A, INC. - Street Fighter X Tekken.) -- C:\Program Files (x86)\Capcom\Street Fighter X Tekken\SFTK.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [FassMaraj]: Angry Birds Rio Gold 2012 v1.2.2 Full.lnk . (.Rovio Mobile Ltd. - Angry Birds Rio.) -- C:\Program Files (x86)\Angry Birds Rio Gold 2012\AngryBirdsRio.exe
O4 - GS\QuickLaunch [FassMaraj]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [FassMaraj]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [FassMaraj]: Lphant.lnk . (.Bandoo Media Inc. - Lphant.) -- C:\Program Files (x86)\Lphant Applications\Lphant\Lphant.exe =>Adware.Bandoo
O4 - GS\TaskBar [FassMaraj]: AVG User Interface.lnk . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - GS\TaskBar [FassMaraj]: BitComet.lnk . (.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files\BitComet\BitComet.exe =>P2P.BitComet
O4 - GS\TaskBar [FassMaraj]: Comet Player.lnk . (...) -- C:\Program Files (x86)\MpcStar\CometPlayer\cometplayer.exe
O4 - GS\TaskBar [FassMaraj]: DeSmuME.lnk . (...) -- D:\EMUL\DeSmuME.exe
O4 - GS\TaskBar [FassMaraj]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\TaskBar [FassMaraj]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [FassMaraj]: Kanakoo Liberté Plus.lnk . (...) -- C:\Program Files (x86)\Kanakoo Liberté Plus\Main\USB Modem.exe
O4 - GS\TaskBar [FassMaraj]: Lphant.lnk . (.Bandoo Media Inc. - Lphant.) -- C:\Program Files (x86)\Lphant Applications\Lphant\Lphant.exe =>Adware.Bandoo
O4 - GS\TaskBar [FassMaraj]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [FassMaraj]: MpcStar.lnk . (...) -- C:\Program Files (x86)\MpcStar\mpcstar.exe
O4 - GS\TaskBar [FassMaraj]: TuneWiki.lnk . (.TuneWiki - TuneWiki.) -- C:\Program Files (x86)\TuneWiki\tunewiki_desktop_win32.exe
O4 - GS\Program [FassMaraj]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [FassMaraj]: Lphant.lnk . (.Bandoo Media Inc. - Lphant.) -- C:\Program Files (x86)\Lphant Applications\Lphant\Lphant.exe =>Adware.Bandoo
O4 - GS\Program [FassMaraj]: Photo to Cartoon.lnk . (...) -- C:\Users\FassMaraj\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_CFAB5842CE4CA8EE43C154.exe
O4 - GS\Program [FassMaraj]: TuneWiki.lnk . (.TuneWiki - TuneWiki.) -- C:\Program Files (x86)\TuneWiki\tunewiki_desktop_win32.exe
O4 - GS\SystemTools [FassMaraj]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [FassMaraj]: Angry Birds Rio Gold 2012 v1.2.2 Full.lnk . (.Rovio Mobile Ltd. - Angry Birds Rio.) -- C:\Program Files (x86)\Angry Birds Rio Gold 2012\AngryBirdsRio.exe
O4 - GS\Desktop [FassMaraj]: BurnoutParadise - Raccourci.lnk . (.Electronic Arts - Burnout(TM) Paradise Application.) -- C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
O4 - GS\Desktop [FassMaraj]: Lphant.lnk . (.Bandoo Media Inc. - Lphant.) -- C:\Program Files (x86)\Lphant Applications\Lphant\Lphant.exe =>Adware.Bandoo
O4 - GS\Desktop [FassMaraj]: PDF-Viewer.lnk . (...) -- C:\Program Files (x86)\Tracker Software\PDF Viewer\PDFXCview.exe (.not file.)
O4 - GS\Desktop [FassMaraj]: Photo to Cartoon.lnk . (...) -- C:\Users\FassMaraj\AppData\Roaming\Microsoft\Installer\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}\_FE06834DA7988E6849D002.exe
O4 - GS\Desktop [FassMaraj]: Pixia.lnk . (...) -- C:\Program Files (x86)\Seagrand\Pixia\pixia.exe
O4 - GS\Desktop [FassMaraj]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.sosvirus.net" onclick="window.open(this.href);return false;
O4 - GS\Desktop [FassMaraj]: SosVirus sur Facebook.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.facebook.com" onclick="window.open(this.href);return false;
O4 - GS\Desktop [FassMaraj]: TuneWiki.lnk . (.TuneWiki - TuneWiki.) -- C:\Program Files (x86)\TuneWiki\tunewiki_desktop_win32.exe
~ Global Startup: 112 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [goihkgucfv] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [BitComet] . (.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files\BitComet\BitComet.exe =>P2P.BitComet
O4 - HKCU\..\Run: [goihkgucfv] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.AVG Secure Search - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2165522393-3575585336-3699973293-1000\..\Run: [BitComet] . (.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files\BitComet\BitComet.exe =>P2P.BitComet
O4 - HKUS\S-1-5-21-2165522393-3575585336-3699973293-1000\..\Run: [goihkgucfv] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à  OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: viprotocol [64Bits] - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN64C~1.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Change Modem Device Service (Change Modem Device Service) . (...) - C:\Windows\SysWOW64\ChgService.exe
O23 - Service: (vToolbarUpdater15.1.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 10 Legitimates Filtered in 00mn 11s



---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll =>Adware.Bandoo
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll =>Adware.Bandoo
~ Keys: Scanned in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Game_Booster_AutoUpdate] (...) -- D:\Carte memoire\Game Booster 3\AutoUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F09EE95-2FC2-4DA4-9112-92C36E7EB1DA}] (...) -- H:\setup.exe (.not file.) [0]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: BitComet 1.36 64-bit - (.CometNetwork.) [HKLM][64Bits] -- BitComet_x64 =>P2P.BitComet
O42 - Logiciel: Hot_MP3 Toolbar - (...) [HKLM][64Bits] -- Hot_MP3 Toolbar
O42 - Logiciel: Kanakoo Liberté Plus 2.2.5.4.2.320 - (...) [HKLM][64Bits] -- Kanakoo Liberté Plus 2.2.5.4.2.320
O42 - Logiciel: Lphant - (.Bandoo Media Inc.) [HKCU][64Bits] -- Lphant =>Adware.Bandoo
O42 - Logiciel: Music Toolbar for Firefox (Dist. by Bandoo Media, Inc.) - (.APN LLC.) [HKLM][64Bits] -- lphantmusictoolbardlaFF =>Adware.Bandoo
O42 - Logiciel: TuneWiki - (.TuneWiki.) [HKLM][64Bits] -- TuneWiki
O42 - Logiciel: Windows iLivid Toolbar - (.Bandoo Media, Inc.) [HKLM][64Bits] -- Searchqu Toolbar =>Adware.Bandoo
O42 - Logiciel: iLivid - (.Bandoo Media Inc..) [HKLM][64Bits] -- {8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} =>Adware.Bandoo
~ Logic: 25 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN DTX]
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\CometMarks]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Hot_MP3]
[HKLM\Software\Wow6432Node\Lphant]
[HKLM\Software\Wow6432Node\SearchquMediabarTb] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\ilivid] =>Adware.Bandoo
[HKLM\Software\goihkgucfv]
~ Key Software: 281 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/08/2013 - 20:36:34 - [4,660] ----D C:\Program Files (x86)\CometMarks
O43 - CFD: 14/09/2013 - 08:26:30 - [0,497] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 14/09/2013 - 08:26:30 - [2,435] ----D C:\Program Files (x86)\Hot_MP3
O43 - CFD: 05/10/2013 - 05:32:51 - [39,643] ----D C:\Program Files (x86)\iLivid =>Adware.Bandoo
O43 - CFD: 15/07/2013 - 09:35:52 - [15,168] ----D C:\Program Files (x86)\Kanakoo Liberté Plus
O43 - CFD: 27/08/2013 - 00:36:27 - [22,854] ----D C:\Program Files (x86)\Music Toolbar =>Adware.Bandoo
O43 - CFD: 03/11/2013 - 00:24:46 - [11,199] ----D C:\Program Files (x86)\Seagrand
O43 - CFD: 24/07/2013 - 21:21:42 - [0] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV
O43 - CFD: 15/07/2013 - 09:35:44 - [42,592] ----D C:\Program Files (x86)\TuneWiki
O43 - CFD: 05/10/2013 - 05:22:57 - [2,978] ----D C:\Program Files (x86)\Windows iLivid Toolbar =>Adware.Bandoo
O43 - CFD: 30/11/2013 - 10:42:52 - [0,004] ----D C:\ProgramData\342A0
O43 - CFD: 22/11/2013 - 18:28:43 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 27/08/2013 - 02:41:54 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 28/11/2013 - 17:45:56 - [0,009] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 09/11/2013 - 10:33:34 - [0,053] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 15/07/2013 - 09:10:55 - [1,504] ----D C:\ProgramData\Kanakoo Liberté Plus
O43 - CFD: 04/11/2013 - 00:31:10 - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 29/09/2013 - 05:43:00 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 11/11/2013 - 10:26:52 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 03/09/2013 - 21:23:53 - [0] ----D C:\Users\FassMaraj\AppData\Roaming\Avant Profiles
O43 - CFD: 02/12/2013 - 20:07:06 - [9,811] ----D C:\Users\FassMaraj\AppData\Roaming\BitComet =>P2P.BitComet
O43 - CFD: 16/08/2013 - 11:50:58 - [0] ----D C:\Users\FassMaraj\AppData\Roaming\CometMarks
O43 - CFD: 27/07/2013 - 22:06:54 - [0,001] ----D C:\Users\FassMaraj\AppData\Local\AvHcyyFxbXokmfA
O43 - CFD: 05/10/2013 - 05:33:03 - [0,014] ----D C:\Users\FassMaraj\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 30/11/2013 - 13:01:53 - [-1264,859] ----D C:\Users\FassMaraj\AppData\Local\Lphant
O43 - CFD: 02/12/2013 - 20:09:24 - [309,994] ----D C:\Users\FassMaraj\AppData\Local\Tunewiki
O43 - CFD: 27/07/2013 - 22:06:54 - [0,001] ----D C:\Users\FassMaraj\AppData\Local\WUMtRCHJJ
O43 - CFD: 14/08/2013 - 20:36:35 - [0,004] ----D C:\Users\FassMaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CometMarks
~ Program Folder: 210 Legitimates Filtered in 01mn 13s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.56DEE2DA014F0851F9DAEA699E9EFD8B] - 02/12/2013 - 20:10:57 ----- . (...) -- C:\UsbFix [Scan 2] FASSMARAJ-PC.txt [9814]
O44 - LFC:[MD5.6FA766D5FF94427204DBB9A75AF48913] - 02/12/2013 - 20:13:15 ---A- . (...) -- C:\UsbFix [Clean 5] FASSMARAJ-PC.txt [17304]
O44 - LFC:[MD5.D93CF7C5F59EB35D9E1FC11A5831FE92] - 18/11/2013 - 09:41:12 ---A- . (...) -- C:\Windows\DirectX.log [17627]
O44 - LFC:[MD5.67FC5B9D0957C4FBB37376DE49A2B170] - 21/11/2013 - 10:00:34 ---A- . (...) -- C:\Windows\diagerr.xml [1890]
O44 - LFC:[MD5.7BE2B2DDE5488881CFFB9AA2E07F733D] - 21/11/2013 - 10:00:34 ---A- . (...) -- C:\Windows\diagwrn.xml [2544]
O44 - LFC:[MD5.9870A99E353B367A5E42C176D440D148] - 29/11/2013 - 10:44:35 ---A- . (...) -- C:\Windows\ntbtlog.txt [153264]
O44 - LFC:[MD5.E0F5AEA8EDB7C7217BD6B020464C26D2] - 29/11/2013 - 19:07:31 ----- . (...) -- C:\UsbFix [Clean 4] FASSMARAJ-PC.txt [16812]
O44 - LFC:[MD5.62586373765721A6DAE0548C6DA12B0B] - 29/11/2013 - 21:05:40 ----- . (...) -- C:\UsbFix [Scan 1] FASSMARAJ-PC.txt [8651]
~ Files: 24 Legitimates Filtered in 00mn 09s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 25/07/2013 - 06:50:51 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:[MD5.F7CE5A215B0CF6929FEDC8857AAF699A] - 25/07/2013 - 06:35:16 ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [34840]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.D3680817EA6E0C8A117A2FBEB222BA75] - 02/06/2011 - 10:28:33 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [142632]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/12/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\Downloads.xml.20131201.bak [27260] =>P2P.BitComet
O61 - LFC: 01/12/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\rules\dhtnodes.dat [38220] =>P2P.BitComet
O61 - LFC: 01/12/2013 - 20:23:05 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\Microsoft\Clip Organizer\Offic14.MGC [148512]
O61 - LFC: 01/12/2013 - 20:23:05 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\Microsoft\Clip Organizer\mstore14.mgc [197688]
O61 - LFC: 01/12/2013 - 20:23:08 ---A- . (...) -- C:\Users\FassMaraj\Documents\ExposéIG.pdf [1354909]
O61 - LFC: 02/12/2013 - 20:22:55 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Avg2014\log\avgcfg.log.1 [65599]
O61 - LFC: 02/12/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\BitComet.xml [4752] =>P2P.BitComet
O61 - LFC: 02/12/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\Downloads.xml [27260] =>P2P.BitComet
O61 - LFC: 02/12/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\Downloads.xml.bak [27260] =>P2P.BitComet
O61 - LFC: 02/12/2013 - 20:23:07 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\ZHP\Log.txt [117543] =>.Nicolas Coolman
O61 - LFC: 02/12/2013 - 20:23:07 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\ZHP\TestsZHPDiag.txt [2961] =>.Nicolas Coolman
O61 - LFC: 29/11/2013 - 20:22:55 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Avg2014\log\avgmsgdisp.log.1 [131189]
O61 - LFC: 29/11/2013 - 20:22:55 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Avg2014\log\avgui.log.2 [131305]
O61 - LFC: 29/11/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\Downloads.xml.20131129.bak [26930] =>P2P.BitComet
O61 - LFC: 29/11/2013 - 20:23:07 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 29/11/2013 - 20:23:07 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\ZHP\ZHPDiag.txt [99799] =>.Nicolas Coolman
O61 - LFC: 29/11/2013 - 20:23:08 ---A- . (...) -- C:\Users\FassMaraj\Documents\exo info2.pdf [288490]
O61 - LFC: 29/11/2013 - 20:23:09 ---A- . (...) -- C:\Users\FassMaraj\Downloads\1130710.vcf [126]
O61 - LFC: 30/11/2013 - 20:22:55 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Avg2014\log\avgdecider.log.1 [65609]
O61 - LFC: 30/11/2013 - 20:22:55 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Avg2014\log\avgui.log.1 [131127]
O61 - LFC: 30/11/2013 - 20:22:55 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Avg2014\log\krnlapi.log.1 [1024182]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - Disney Channel Playlist - 0(100x100).jpeg [4487]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - Disney Channel Playlist - 0(150x150).jpeg [8185]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - J To Tha L-O! The Remixes - ffffffff(100x100).jpeg [4742]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - J To Tha L-O! The Remixes - ffffffff(150x150).jpeg [9386]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - L'apogée - 0(100x100).jpeg [5223]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - L'apogée - 0(150x150).jpeg [11055]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - Les Inséparables - 0(100x100).jpeg [3655]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - Les Inséparables - 0(150x150).jpeg [6497]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - NRJ Hits 2010 - 0(100x100).jpeg [4356]
O61 - LFC: 30/11/2013 - 20:22:57 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\album - NRJ Hits 2010 - 0(150x150).jpeg [8176]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Artwork\D&D - album - J To Tha L-O! The Remixes - ffffffff(100x100).jpeg [4693]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\Albums.db [5390336]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\Artists.db [5570560]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\Albums.db [5316608]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\Artists.db [5570560]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\Cddb.db [4227072]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\ContentDirs.db [4235264]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\ContentFile.db [24666112]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\DownloadFile.db [4227072]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\PartsHashes.db [14835712]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\Playlists.db [5185536]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\StreamingFiles.db [4227072]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\BackUp\VirtualFile.db [4440064]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\Cddb.db [4227072]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\ContentDirs.db [4235264]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\ContentFile.db [27009024]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\DownloadFile.db [4227072]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\PartsHashes.db [15687680]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\Playlists.db [5185536]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\StreamingFiles.db [4227072]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\VirtualFile.db [4440064]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Data\rjn.a92 [80974]
O61 - LFC: 30/11/2013 - 20:22:58 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Lphant\Statistics.xml [526]
O61 - LFC: 30/11/2013 - 20:23:03 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Tunewiki\albumartimg.db [322964480]
O61 - LFC: 30/11/2013 - 20:23:03 ---A- . (...) -- C:\Users\FassMaraj\AppData\Local\Tunewiki\lyrics.xml [2015801] =>Adware.AddLyrics
O61 - LFC: 30/11/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\Downloads.xml.20131130.bak [27260] =>P2P.BitComet
O61 - LFC: 30/11/2013 - 20:23:04 ---A- . (...) -- C:\Users\FassMaraj\AppData\Roaming\BitComet\torrents\verypdf2wordocr.exe.xml [1127] =>P2P.BitComet
O61 - LFC: 30/11/2013 - 20:23:05 --HA- . (...) -- C:\Users\FassMaraj\AppData\Roaming\Microsoft\Templates\~$Normal.dotm [162]
O61 - LFC: 30/11/2013 - 20:23:09 ---A- . (...) -- C:\Users\FassMaraj\Downloads\annexes.pdf [1299431]
O61 - LFC: 30/11/2013 - 20:23:09 ---A- . (...) -- C:\Users\FassMaraj\Downloads\capture-web2pdf-fr-windows-microsoft-com-28-11-2013(1).docx [98553]
O61 - LFC: 30/11/2013 - 20:23:09 ---A- . (...) -- C:\Users\FassMaraj\Downloads\capture-web2pdf-fr-windows-microsoft-com-28-11-2013.docx [98553]
O61 - LFC: 30/11/2013 - 20:23:09 --HA- . (...) -- C:\Users\FassMaraj\Downloads\~$pture-web2pdf-fr-windows-microsoft-com-28-11-2013.docx [162]
~ 7 Fichiers temporaires (Temporary files)
~ Files: 93 Legitimates Filtered in 00mn 18s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false;.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.cc", "BJ");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.client_js_http_src", "");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.client_js_https_src", "");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.currLocale", "fr");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.date", "1383588319000");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.finished", "15.1.0.2");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardCount", 0);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardKUCount", 0);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardKUCountInit", 156);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardSPCount", 0);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardSPPopupCount", 1);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.guid", "{9a7abf9a-7262-4f89-a0e9-aa63485213f7}");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.1.0.2"); =>Toolbar.AVGSearch
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.istoolbarhp", true);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.istoolbarsearch", true);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.lastUpdaterReq", "1385750090000");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.laststatreq", "1385750090000");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.overlayVersion", "635010458703881250");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.rewardsDisabled", false);
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.userHPSettings", "");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("avg.install.userSPSettings", "Google");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("browser.search.order.1", "Search Results");
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.DNSErrUrl", "http://start.facemoods.com/?a=make&f=5"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.aflt", "_#make"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.dfltSrch", true); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.dnsErr", true); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.firstRun", false); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.first_time", false); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.hmpg", true); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.hmpgUrl", "http://start.facemoods.com/?a=make"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.id", "_#124bf962000000000000000000000000"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.instlDay", "_#15920"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.mntz", ""); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.newTab", true); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.newTabUrl", "http://start.facemoods.com/?a=make&f=2"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.prtnrId", "_#facemoods.com"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.searchProviderAdded", true); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.sid", "_#7d82aaa46c594e13bb8cdc2066a6298d"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.tlbrSrchUrl", "http://start.facemoods.com/?a=make&f=3"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.update", "_#v1.4.0"); =>Adware.Facemoods
O69 - SBI: prefs.js [FassMaraj - urk29wv4.default] user_pref("extensions.facemoods.vrsn", "_#1.4.17.11"); =>Adware.Facemoods
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} - (Facemoods Search) - http://start.facemoods.com" onclick="window.open(this.href);return false; =>Adware.Facemoods
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2004} - (Ask.com) - http://dts.search.ask.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [DefaultScope] - (Search Results) - http://dts.search-results.com" onclick="window.open(this.href);return false; =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Hot MP3 Customized Web Search) - http://search.conduit.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {C2B55812-B06A-4FC3-A3FA-00EAAD32C955} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Downloads\Adobe Photoshop Lightroom 5.0 Final (64 bit) [ChingLiu]\Keygen - CORE\CORE10k.EXE =>.Adobe Systems Incorporated
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\dfx11Setup.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Keymaker-CORE.rar.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Patch SicaRil.rar.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\AlienMind\AlienMind.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\AquaDFX\AquaDFX.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer
#20273
11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\BlinkFX\BlinkFX.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Denon\Denon.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\DFX_X\DFX_X.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Expensive Hi-Fi Sony\ExpensiveHiFiSony.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\ExpensiveAmp_DFX7\ExpensiveAmp_DFX7.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Hotrod\Hotrod.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Howard\Howard.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\JennyMcCarthy\JennyMcCarthy.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\LaraFlynn\LaraFlynn.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\LeDisque\LeDisque.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\LeDisque_mini\LeDisque_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Misanthrope\Misanthrope.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\MMD3\MMD3.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\MoodOfSecretLove\MoodOfSecretLove.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\NucleoNLogI\NucleoNLogI.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\NucleoNLogII\NucleoNLogII.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\NucleoNLogIII\NucleoNLogIII.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Obsidian\Obsidian.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Obsidian_Mini\Obsidian_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Offspring\Offspring.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Poseidon\Poseidon.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Revert\Revert.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Revert_Mini\Revert_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Shark\Shark.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Blue_Hyper\Silver_Blue_Hyper.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Blue_Hyper_mini\Silver_Blue_Hyper_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Green_Hyper\Silver_Green_Hyper.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Green_Hyper_mini\Silver_Green_Hyper_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Red_Hyper\Silver_Red_Hyper.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Red_Hyper_mini\Silver_Red_Hyper_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\SoundFX\SoundFX.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Xbox\Xbox.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Zaxon\Zaxon.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\ZDL-AMP\ZDL-AMP.exe.bc!
C:\Downloads\Recuperer Vos Fichiers+keygen\RecoverMyFiles-Setup-French.exe
C:\Downloads\Recuperer Vos Fichiers+keygen\RecoverMyFiles-Setup.exe
C:\H\LOGIS\CorelDRAW Graphics Suite X6 16.0.0.707 (32 bit) (keygen-CORE) [ChingLiu]\Setup CorelDRAW X6\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe
C:\H\LOGIS\IDM 5.19 PreCracked !\IDM 5.19 Precracked.msi
C:\H\LOGIS\IDM 5.19 PreCracked !\RUN.REG
C:\H\LOGIS\IDM 5.19 PreCracked !\Torrent downloaded from Demonoid.com.txt
C:\Users\FassMaraj\Downloads\recover.my.files.data.recovery.v.3.98.keygen.[www.zetorrents.com].torrent
C:\Downloads\Adobe Photoshop Lightroom 5.0 Final (64 bit) [ChingLiu]\Keygen - CORE\CORE10k.EXE =>.Adobe Systems Incorporated
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\dfx11Setup.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Keymaker-CORE.rar.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Patch SicaRil.rar.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\AlienMind\AlienMind.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\AquaDFX\AquaDFX.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\BlinkFX\BlinkFX.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Denon\Denon.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\DFX_X\DFX_X.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Expensive Hi-Fi Sony\ExpensiveHiFiSony.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\ExpensiveAmp_DFX7\ExpensiveAmp_DFX7.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Hotrod\Hotrod.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Howard\Howard.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\JennyMcCarthy\JennyMcCarthy.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\LaraFlynn\LaraFlynn.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\LeDisque\LeDisque.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\LeDisque_mini\LeDisque_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Misanthrope\Misanthrope.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\MMD3\MMD3.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\MoodOfSecretLove\MoodOfSecretLove.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\NucleoNLogI\NucleoNLogI.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\NucleoNLogII\NucleoNLogII.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\NucleoNLogIII\NucleoNLogIII.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Obsidian\Obsidian.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Obsidian_Mini\Obsidian_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Offspring\Offspring.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Poseidon\Poseidon.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Revert\Revert.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Revert_Mini\Revert_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Shark\Shark.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Blue_Hyper\Silver_Blue_Hyper.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Blue_Hyper_mini\Silver_Blue_Hyper_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Green_Hyper\Silver_Green_Hyper.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Green_Hyper_mini\Silver_Green_Hyper_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Red_Hyper\Silver_Red_Hyper.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Silver_Red_Hyper_mini\Silver_Red_Hyper_mini.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\SoundFX\SoundFX.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Xbox\Xbox.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\Zaxon\Zaxon.exe.bc!
C:\Downloads\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\DFX Audio Enhancer 11.106+keygen+[36]SKIN PACK by Senzati\Skin Pack [36]\Skin Pack\ZDL-AMP\ZDL-AMP.exe.bc!
C:\Downloads\Recuperer Vos Fichiers+keygen\RecoverMyFiles-Setup-French.exe
C:\Downloads\Recuperer Vos Fichiers+keygen\RecoverMyFiles-Setup.exe
C:\H\LOGIS\CorelDRAW Graphics Suite X6 16.0.0.707 (32 bit) (keygen-CORE) [ChingLiu]\Setup CorelDRAW X6\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe
C:\H\LOGIS\IDM 5.19 PreCracked !\IDM 5.19 Precracked.msi
C:\H\LOGIS\IDM 5.19 PreCracked !\RUN.REG
C:\H\LOGIS\IDM 5.19 PreCracked !\Torrent downloaded from Demonoid.com.txt
C:\Users\FassMaraj\Downloads\recover.my.files.data.recovery.v.3.98.keygen.[www.zetorrents.com].torrent
D:\DD\Hacking\Hack\crackme1.zip
D:\Faiz\Mes documents\logiciels\Telechargeurs\IDM 5.19 PreCracked !\IDM 5.19 Precracked.msi
D:\Faiz\Mes documents\logiciels\Telechargeurs\IDM 5.19 PreCracked !\RUN.REG
D:\Faiz\Mes documents\logiciels\Telechargeurs\IDM 5.19 PreCracked !\Torrent downloaded from Demonoid.com.txt
D:\Faiz\Mes documents\logiciels\Telechargeurs\Internet Download Manager (IDM) v6.10.2 + Keygen and Patch\Torrent Downloaded From ExtraTorrent.com.txt
D:\Faiz\Mes documents\Program\USB disk\USB Disk Security 5.3.0.20 with key cracked{h33t}{raththaran}\setup.exe
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeBridge5-mul\customaction.data =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeBridge5-mul-x64\customaction.data =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeColorCommonSetRGB4_0-mul\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeCSXSExtensions3-mul\customaction.data =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeCSXSInfrastructure3-mul\customaction.data =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeExtendScriptToolkit3.8.0-mul\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeLinguistics_4_0_All\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-Core\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-Core_x64\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-cs_CZ\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-Driver\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-Driver\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-en_AE\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-en_IL\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-fr_MA\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-hu_HU\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-pl_PL\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-ru_RU\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-tr_TR\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobePhotoshop13-uk_UA\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeSuiteSharedConfiguration3-mul\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\AdobeVideoProfilesCS4_0-mul\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Adobe CS6\payloads\SwitchBoard2.0All\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\AdobePatchInstaller.exe =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-Core-090812131523\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-Core-090812131523\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-Core_x64-090812132024\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-Core_x64-090812132024\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-cs_CZ-090812124825\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-cs_CZ_x64-090812124956\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-da_DK-090812121759\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-da_DK_x64-090812121931\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-de_DE-090812121155\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-de_DE_x64-090812121326\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-en_AE-090812130636\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-en_AE_x64-090812130806\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-en_GB-090812115650\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-en_GB_x64-090812115821\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-en_IL-090812130936\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-en_IL_x64-090812131108\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-es_ES-090812123614\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-es_ES_x64-090812123746\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-es_MX-090812123312\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-es_MX_x64-090812123443\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fi_FI-090812124218\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fi_FI_x64-090812124351\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fr_CA-090812123009\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fr_CA_x64-090812123141\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fr_FR-090812122707\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fr_FR_x64-090812122838\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fr_MA-090812131237\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-fr_MA_x64-090812131408\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-hu_HU-090812130334\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-hu_HU_x64-090812130506\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-it_IT-090812122102\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-it_IT_x64-090812122233\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-ja_JP-090812115953\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-ja_JP_x64-090812120124\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-ko_KR-090812120255\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-ko_KR_x64-090812120425\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-nb_NO-090812124522\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-nb_NO_x64-090812124653\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-nl_NL-090812122403\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-nl_NL_x64-090812122536\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-pl_PL-090812125127\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-pl_PL_x64-090812125258\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-pt_BR-090812121456\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-pt_BR_x64-090812121628\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-ru_RU-090812125730\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-ru_RU_x64-090812125902\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-Support-090812132621\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-Support-090812132621\Assets2_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-sv_SE-090812123917\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-sv_SE_x64-090812124048\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-tr_TR-090812125429\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-tr_TR_x64-090812125600\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-uk_UA-090812130032\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-uk_UA_x64-090812130203\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-zh_CN-090812120855\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-zh_CN_x64-090812121025\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-zh_TW-090812120555\Assets1_1.zip =>.Adobe Systems Incorporated
D:\Faiz\Mes documents\Yann Xcut\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\Photoshop_CS6_13_0_1_update\payloads\AdobePhotoshop13-zh_TW_x64-090812120725\Assets1_1.zip =>.Adobe Systems Incorporated
~ Files: Scanned in 03mn 59s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.1446090A781784FFDD236A79AAA0DB63] [SPRF][03/09/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.25BBF6AC3838CF7851BAD02406EED7B5] [SPRF][28/11/2013] (.Conduit - Setup.exe.) -- C:\Users\FassMaraj\Desktop\01net_Revo_Uninstaller.exe [1126816] =>Toolbar.Conduit
[MD5.861A82AAE757FAD8FD16309C3499E1E5] [SPRF][28/11/2013] (...) -- C:\Users\FassMaraj\Desktop\Unlocker1.9.2.exe [619176]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{6D23AE67-317F-4343-A3BD-FB3B446D0D5A}" | In - Public - P6 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{60A99BA3-AC19-4B14-B0F7-BD6D79AB9338}" | In - Public - P17 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{6F82DB66-7A10-406A-B9D4-FC0AF9BE6523}" | In - None - P17 - TRUE | .(.Bandoo Media Inc. - Lphant.) -- C:\Program Files (x86)\Lphant Applications\Lphant\Lphant.exe =>Adware.Bandoo
O87 - FAEL: "{8C3E68B2-3870-4944-9E3D-00AAD6A0AA6B}" | In - Public - P6 - TRUE | .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{DDC72A4D-C793-4306-9B09-CC23A9A739ED}" | In - Public - P17 - TRUE | .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe =>Adware.Bandoo
~ Firewall: 205 Legitimates Filtered in 00mn 02s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A12FC135B931B88731DA272F9CD5BEF1] [WIS][05/10/2013] (.Bandoo Media Inc. - iLivid Installation.) -- C:\Windows\Installer\27dd03c.msi [290816] =>Adware.Bandoo
~ WIS: 100 Legitimates Filtered in 00mn 26s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 27/06/2011 365568 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Demand 28/12/2010 1296728 | (BITCOMET_HELPER_SERVICE) . (.www.BitComet.com.) - C:\Program Files\BitComet\tools\BitCometService.exe =>P2P.BitComet
SS - | Auto 03/05/2012 135168 | (Change Modem Device Service) . (...) - C:\Windows\SysWOW64\ChgService.exe
SS - | Disabled 23/07/2013 3179520 | (DatamngrCoordinator) . (.Bandoo Media Inc..) - C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo
SS - | Auto 02/12/2011 74752 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Disabled 11/07/2011 160768 | (Micro Star SCM) . (.Micro-Star International Co., Ltd..) - C:\Program Files (x86)\S-Bar\MSIService.exe
SS - | Demand 19/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/09/2011 68928 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\NLSSRV32.exe
SS - | Disabled 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Auto 12/10/2013 2099512 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
SS - | Auto 04/11/2013 1008816 | (vToolbarUpdater15.1.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 24/09/2013 1358944 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 29s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by FassMaraj at 02/12/2013 20:27:54
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by FassMaraj at 02/12/2013 20:27:56

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13001 - (28/11/2013)
Clés trouvées (Keys found) : 120
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 26
Fichiers trouvés (Files found) : 8

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] =>P2P.BitComet^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E46378A8-4E82-45F4-9CE5-678F3F8E0CF9}] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.1.0] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitComet_x64] =>P2P.BitComet^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Lphant] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\lphantmusictoolbardlaFF] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] =>Adware.Bandoo^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}] =>PUP.iMesh
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}] =>Adware.Facemoods
[HKLM\Software\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] =>PUP.Kiwee
[HKLM\Software\Wow6432Node\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] =>PUP.Kiwee
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] =>Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA35911C-1B6A-4AF3-B803-913BA025C271}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{EA35911C-1B6A-4AF3-B803-913BA025C271}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch

[HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D648710}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D648710}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7F}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7F}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\DiscoveryHelper.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\GIFAnimator.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\IMTrProgress.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\IMWeb.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\Launcher.EXE] =>PUP.BearShare
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\WMHelper.DLL] =>PUP.BearShare
[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery] =>PUP.iMesh
[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1] =>PUP.iMesh
[HKLM\Software\Classes\ilivid] =>
[HKLM\Software\Classes\imweb.imwebcontrol] =>PUP.iMesh
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3] =>Adware.Bandoo
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN DTX] =>Toolbar.Ask
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\SearchquMediabarTb] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hot_MP3 Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit
[HKLM\Software\Classes\Applications\iMeshV10.exe] =>PUP.iMesh
[HKLM\Software\Classes\Toolbar.CT1066435] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT1066435] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2004}] =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{9384bd4c-dd14-4be9-80f7-f6277511e4f5} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitComet =>P2P.BitComet^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSearch^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo
C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} =>PUP.Datamngr^
C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} =>P2P.BitComet^
C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\extensions\{e46378a8-4e82-45f4-9ce5-678f3f8e0cf9} =>Adware.Bandoo^
C:\Program Files (x86)\iLivid =>Adware.Bandoo^
C:\Program Files (x86)\Music Toolbar =>Adware.Bandoo^
C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV^
C:\Program Files (x86)\Windows iLivid Toolbar =>Adware.Bandoo^
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\FassMaraj\AppData\Roaming\BitComet =>P2P.BitComet^
C:\Users\FassMaraj\AppData\Local\Ilivid Player =>Adware.Bandoo^
C:\Program Files (x86)\AVG Secure Search =>Toolbar.AVGSearch
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\Hot_MP3 =>Toolbar.Conduit
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\Users\FassMaraj\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\FassMaraj\AppData\LocalLow\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\FassMaraj\AppData\LocalLow\searchresultstb =>Toolbar.Agent
C:\Users\FassMaraj\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\FassMaraj\AppData\LocalLow\Hot_MP3 =>Toolbar.Conduit
C:\Users\FassMaraj\AppData\LocalLow\searchquband =>Adware.Bandoo
C:\Users\FassMaraj\AppData\LocalLow\searchqutoolbar =>Adware.Bandoo
C:\Users\FassMaraj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch
C:\Users\FassMaraj\AppData\Roaming\Mozilla\Firefox\Profiles\urk29wv4.default\searchqutoolbar =>Adware.Bandoo
[HKCU\Software\BitComet] =>P2P.BitComet^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Datamngr] =>PUP.Datamngr^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr^
C:\Users\FassMaraj\Desktop\01net_Revo_Uninstaller.exe =>Toolbar.Conduit^
C:\Windows\Installer\27dd03c.msi =>Adware.Bandoo^
~ Additionnel Scan: 352922 Items scanned in 00mn 50s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... rchresults" onclick="window.open(this.href);return false; =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blo ... -facemoods" onclick="window.open(this.href);return false; =>Adware.Facemoods
~ http://nicolascoolman.webs.com/apps/blo ... p-datamngr" onclick="window.open(this.href);return false; =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blo ... are-bandoo" onclick="window.open(this.href);return false; =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit" onclick="window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... downloader" onclick="window.open(this.href);return false; =>PUP.1ClickDownloader
~ http://nicolascoolman.webs.com/apps/blo ... ker-torntv" onclick="window.open(this.href);return false; =>Hijacker.TornTV
~ http://nicolascoolman.webs.com/apps/blo ... lbar-tarma" onclick="window.open(this.href);return false; =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blo ... -addlyrics" onclick="window.open(this.href);return false; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blo ... -pup-imesh" onclick="window.open(this.href);return false; =>PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blo ... lbar-kiwee" onclick="window.open(this.href);return false; =>PUP.Kiwee
~ http://nicolascoolman.webs.com/apps/blo ... eyetoolbar" onclick="window.open(this.href);return false; =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blo ... oolbar-ask" onclick="window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim" onclick="window.open(this.href);return false; =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... arcadehits" onclick="window.open(this.href);return false; =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blo ... -bearshare" onclick="window.open(this.href);return false; =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon" onclick="window.open(this.href);return false; =>PUP.Babylon
~ MSI: 17 link(s) detected in 00mn 50s



~ 1268 Legitimates filtered by white list
End of the scan (1025 lines in 08mn 14s)(182)

Et pour l'autre alors je fais quoi ensuite?
#20291
re

pour l'os W7

la misère avec 1 grand "M" se trouve dans ton pc :electriksock:

avant de continuer la désinfection, tu dois désinstaller tous les cr@cks que tu as téléchargés et installés

la série se trouve ici dans le rapport de zhpdiag>>---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)

je te conseille aussi de lire ceci sur le sujet (page 5)>>http://www.malekal.com/fichiers/projeta ... alware.pdf

ensuite fais ceci dans l'ordre inscrit et poste les rapports s'il te plaît

1)
  • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
    1. Choisis l'option Scanner
    2. Choisis l'option Nettoyer
  • Accepte l'avertissement en cliquant sur OK

    Image
  • Accepte les avertissements/informations en cliquant sur OK
  • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC
2)
  • Télécharge Junkware Removal Tool (de thisisu) sur ton bureau.
  • Lance Junkware Removal Tool, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Appuie sur n'importe quelle touche.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier JRT.txt à  été créé.
  • Héberge le rapport JRT.txt surSosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
3)
  • Télécharge MalwareBytes
  • Procède à  l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
  • Sélectionne Examen complet (tous les disques)
  • Clic sur Rechercher
  • Supprime tout les éléments trouvés(clic droit tout cocher avant de supprimer la sélection) !
  • Poste le rapport sur le forum

    Image
4)
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
:merci2:
Et pour l'autre alors je fais quoi ensuite?
je présume que tu veux parler de W8 :interro:

tu as déjà  exécuté usbfix en mode suppression pour l'os W8, on fera 1 diagnostic quand on aura fini avec le W7 ;)
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Januz's (Administrateur) # JANUZ
Mis à  jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à  11:11:08 | 29/11/2013

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Forum : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Micro-Star International Co., Ltd. (MS-16GN)
CPU: AMD E-450 APU with Radeon(tm) HD Graphics
RAM -> [Total : 2556 | Free : 1879]
Bios: American Megatrends Inc.
Boot: Fail-safe with network boot

OS: Microsoft Windows 8 Professionnel N (6.2.9200 32-Bit)
en attente de ta réponse et des rapports :P:

@+

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)