cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2014.3.30.36 - Nicolas Coolman (30/03/2014)
~ Launched by a (01/04/2014 08:34:32 ص)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome

---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ System protection software
Kaspersky Internet Security 2013 v13.0.1.4190
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader X

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013.2 MB (5% free)
System Restore: Activé (Enable)
System drive C: has 48 GB (39%) free of 122 GB

---\\ Connection to the system mode
~ Computer Name: PETED04
~ User Name: a
~ All Users Names: Guest, fbwuser, Administrator, a,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\valentaine man\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\valentaine man\AppData\Roaming\
~ %Desktop% : C:\Users\valentaine man\Desktop\
~ %Favorites% : C:\Users\valentaine man\Favorites\
~ %LocalAppData% : C:\Users\valentaine man\AppData\Local\
~ %StartMenu% : C:\Users\valentaine man\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 48 Go of 122 Go)
D: Hard drive, Flash drive, Thumb drive (Free 121 Go of 122 Go)
E: Hard drive, Flash drive, Thumb drive (Free 122 Go of 122 Go)
F: Hard drive, Flash drive, Thumb drive (Free 99 Go of 100 Go)
G: CD-ROM drive (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 47 Legitimates Filtered in :0mn صs



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 08:30:54 ص.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 04:14:45 ص.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/03/2014 - 05:32:16 ص.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 03:17:54 م.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 03:21:24 م.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.08/12/2013 - 10:46:02 ص.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 04:26:15 ص.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 02:11:15 ص.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 11:38:10 ص.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 11:42:32 ص.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 12:59:29 م.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 02:11:24 ص.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 02:54:29 ص.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 05:17:22 ص.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 11:39:44 ص.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 04:45:29 م.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 02:45:35 ص.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 02:54:34 ص.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:46 م.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 02:53:41 ص.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 11:39:17 ص.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 03:30:16 م.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in :0mn صs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/18
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 1/254
~ Mon Bureau (My Desktop) : 1/12711
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in :1mn صs



---\\ Process running
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.2044]
[MD5.4B2A51F4B27381EB76106F16E60D9B8C] - (.Connectify - Connectify Hotspot.) -- C:\Program Files\Connectify\Connectify.exe [3755296] [PID.3228]
[MD5.BB3152BE7A21289456CB299175962EC8] - (...) -- C:\Program Files\Bench\BService\bservice.exe [49664] [PID.3248] =>PUP.GiganticSavings
[MD5.0ABEEA039C171D5DB4EF78BCE6BAB73D] - (...) -- C:\Program Files\Bench\Wd\wd.exe [60416] [PID.700] =>PUP.GiganticSavings
[MD5.6BDC6870E438E7AE807736C9CF585986] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3565432] [PID.3360]
[MD5.DF37DE4EB253CC67CB6B9D0B1BC69463] - (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files\Ralink\Common\RaUI.exe [11474272] [PID.3656]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [268248] [PID.3996]
[MD5.D1BF8A595AE16DA5CA45FA8980C78CD0] - (.AnchorFree Inc. - Hotspot Shield 3.25.) -- C:\Program Files\Hotspot Shield\bin\hsscp.exe [1805608] [PID.4624]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5456]
[MD5.A4B647D276EE444D35E15AA653963E7B] - (.AnchorFree Inc. - Hotspot Shield 3.25.) -- C:\Program Files\Hotspot Shield\bin\fbwmgr.exe [555816] [PID.4704]
[MD5.0CBFD8FCDE1A0E8AE5E0C4A477C0E063] - (.AnchorFree Inc. - Hotspot Shield 3.25.) -- C:\Program Files\Hotspot Shield\bin\fbw.exe [941352] [PID.5504]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5112]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.4300]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.6788]
[MD5.D54552AB3959781134E4AC273EC6CE6F] - (.No owner - FrameworkEngine.) -- C:\Program Files\Start Savin\FrameworkEngine.exe [247848] [PID.6684]
[MD5.8F266B9EF5C5614D88AD51820F18436E] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe [128440] [PID.2376]
[MD5.3A3BEA53F039CE2E997A918E26E30B1D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [808152] [PID.9980]
[MD5.4414FD10083ABCAEE2F66982BE0B4F3C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179712] [PID.8336]
[MD5.5FEAB868CAEDBBD1B7A145CA8261E4AA] - (.Microsoft Corporation - Windows Problem Reporting.) -- C:\Windows\system32\WerFault.exe [360448] [PID.9816]
~ Processes Running: Scanned in :0mn صs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=268&src=hmp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
~ IE Browser: 13 Legitimates Filtered in :0mn صs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in :0mn صs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in :0mn صs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in :0mn صs
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects (O2)
O2 - BHO: Start Savin BHO - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} . (.No owner - FrameworkBHO.) -- C:\Program Files\Start Savin\FrameworkBHO.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} . (.Funmoods BHO - No Comment.) -- C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll =>PUP.Funmoods
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Orphan key
O2 - BHO: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} . (.TODO: - TODO: .) -- C:\Program Files\PutLockerDownloader\smarterdownloader.dll =>Spyware.PutLocker
O2 - BHO: Value Apps plugin - {F63AAEDC-3602-49EF-AA45-262380A98980} . (...) -- C:\Users\valentaine man\AppData\Roaming\ValueApps\IE\MonPrx.dll (.not file.) =>Toolbar.Conduit
~ BHO: 30 Legitimates Filtered in :0mn صs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Funmoods Toolbar - [HKLM]{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} . (.Funmoods - No Comment.) -- C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll =>PUP.Funmoods
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in :0mn صs



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Connectify Dispatch.lnk - Orphan key
O4 - GS\Desktop [Public]: Connectify Hotspot.lnk - Orphan key
O4 - GS\Desktop [Public]: Hotspot Shield.lnk . (.AnchorFree Inc. - Hotspot Shield 3.25.) -- C:\Program Files\Hotspot Shield\bin\HSSCP.exe
O4 - GS\Desktop [Public]: Kaspersky Internet Security 2013.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus Launcher.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
O4 - GS\Desktop [Public]: MATLAB R2010a.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) -- C:\Program Files\MATLAB\R2010a\bin\matlab.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ Global Startup: 45 Legitimates Filtered in :0mn صs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKLM\..\Run: [Connectify Hotspot] . (.Connectify - Connectify Hotspot.) -- C:\Program Files\Connectify\Connectify.exe
O4 - HKLM\..\Run: [Connectify Dispatch] . (.Connectify - Connectify Dispatch.) -- C:\Program Files\Connectify\DispatchUI.exe
O4 - HKLM\..\Run: [BService] . (...) -- C:\Program Files\Bench\BService\bservice.exe =>PUP.GiganticSavings
O4 - HKLM\..\Run: [Wd] . (...) -- C:\Program Files\Bench\Wd\wd.exe =>PUP.GiganticSavings
O4 - HKLM\..\RunOnce: [Start Savin-repairJob] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2831361249-1143636492-515754252-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in :0mn صs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in :0mn صs



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in :0mn صs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AB02E56-812B-4513-A61F-31BCE492D123}: NameServer = 91.106.32.27 172.16.32.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8515DB-4F4A-4DAB-92EA-EBCE8B9BF66F}: NameServer = 172.16.32.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{843E7D88-4DB9-41EB-A33B-CD2DF7635CE1}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8515DB-4F4A-4DAB-92EA-EBCE8B9BF66F}: DhcpNameServer = 10.0.5.5 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{9AB02E56-812B-4513-A61F-31BCE492D123}: NameServer = 91.106.32.27 172.16.32.230
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE8515DB-4F4A-4DAB-92EA-EBCE8B9BF66F}: NameServer = 172.16.32.230
O17 - HKLM\System\CS1\Services\Tcpip\..\{843E7D88-4DB9-41EB-A33B-CD2DF7635CE1}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE8515DB-4F4A-4DAB-92EA-EBCE8B9BF66F}: DhcpNameServer = 10.0.5.5 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE8515DB-4F4A-4DAB-92EA-EBCE8B9BF66F}: NameServer = 172.16.32.230
O17 - HKLM\System\CS2\Services\Tcpip\..\{843E7D88-4DB9-41EB-A33B-CD2DF7635CE1}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE8515DB-4F4A-4DAB-92EA-EBCE8B9BF66F}: DhcpNameServer = 91.106.32.27 172.16.32.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = baghdaduni.loc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
~ Domain: Scanned in :0mn صs



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in :0mn صs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~2\Wincert\WIN32C~1.dll
~ AppInit DLL: Scanned in :0mn صs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
O23 - Service: pcregservice Service (pcregservice) . (...) - C:\Program Files\pcreg\pcreg.exe
~ Services: 10 Legitimates Filtered in :3mn صs



---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files\Settings Manager\systemk\sysapcrt.dll
O36 - AppCertDlls: (x64) . (...) -- c:\program files\settings manager\systemk\x64\sysapcrt.dll
~ Keys: Scanned in :0mn صs



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-S-1-5-21-2831361249-1143636492-515754252-1000.job [324] =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [324] =>Hijacker.iHaveNet
[MD5.83F9FD1FD4B72219901CD9004AD06804] [APT] [bench-S-1-5-21-2831361249-1143636492-515754252-1000] (...) -- C:\Program Files\Bench\Updater\updater.exe [69120] =>PUP.GiganticSavings
[MD5.83F9FD1FD4B72219901CD9004AD06804] [APT] [bench-sys] (...) -- C:\Program Files\Bench\Updater\updater.exe [69120] =>PUP.GiganticSavings
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\a\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.70AB958586A6C7785C33D6A4FB68E133] [APT] [pcreg] (...) -- C:\Program Files\pcreg\service.exe [90192]
[MD5.00000000000000000000000000000000] [APT] [{793646F4-1327-4932-9726-95469E496DB8}] (...) -- C:\Users\a\Downloads\Programs\Charles Proxy_2.exe (.not file.) [0]
~ Scheduled Task: 23 Legitimates Filtered in :1mn صs



---\\ Drivers launched at startup (O41)
O41 - Driver: (cnnctfy3) . (.Connectify - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\cnnctfy3.sys
~ Drivers: 81 Legitimates Filtered in :1mn صs



---\\ Software installed (O42)
O42 - Logiciel: Didger 4 - (.Golden Software, Inc..) [HKLM] -- {92B03523-95ED-4E6F-A380-638EF1ED7CE3}
O42 - Logiciel: Start Savin - (.Smart Apps.) [HKLM] -- 35450_Start Savin
O42 - Logiciel: ValueApps - (.Conduit LTD.) [HKLM] -- ValueApps =>Toolbar.Conduit
O42 - Logiciel: Version Checker for Funmoods - (...) [HKCU] -- Funmoods =>PUP.Funmoods
~ Logic: 22 Legitimates Filtered in :0mn صs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\Petroleum Experts]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\SystemK]
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKCU\Software\pcreg]
[HKLM\Software\Funmoods] =>PUP.Funmoods
[HKLM\Software\Hi]
[HKLM\Software\ICSDHCP]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Linkey]
[HKLM\Software\ParadigmGeo]
[HKLM\Software\Petroleum Experts]
[HKLM\Software\Start Savin]
[HKLM\Software\SystemK]
[HKLM\Software\iLividSRTB] =>Adware.Bandoo
[HKLM\Software\pcreg]
~ Key Software: 181 Legitimates Filtered in :0mn صs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 25/04/2012 - 07:54:35 ص - [1.864] ----D C:\Program Files\Funmoods =>PUP.Funmoods
O43 - CFD: 08/01/2013 - 11:00:52 ص - [0] ----D C:\Program Files\Hi
O43 - CFD: 18/02/2014 - 11:56:13 ص - [0] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 24/02/2014 - 08:20:20 ص - [2.542] ----D C:\Program Files\Linkey
O43 - CFD: 24/02/2014 - 08:19:33 ص - [0.110] ----D C:\Program Files\pcreg
O43 - CFD: 14/04/2013 - 07:41:10 ص - [0.276] ----D C:\Program Files\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 02/03/2014 - 08:20:45 ص - [2.294] ----D C:\Program Files\runonce
O43 - CFD: 24/02/2014 - 08:19:27 ص - [14.255] ----D C:\Program Files\Settings Manager
O43 - CFD: 02/03/2014 - 08:21:16 ص - [1.037] ----D C:\Program Files\Start Savin
O43 - CFD: 18/02/2014 - 12:08:46 م - [0] ----D C:\Program Files\TornTV.com =>Hijacker.TornTV
O43 - CFD: 24/02/2014 - 09:01:32 ص - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 08/01/2013 - 11:05:31 ص - [0.000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 24/02/2014 - 09:01:32 ص - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 24/02/2014 - 09:01:33 ص - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 04/03/2013 - 10:56:41 ص - [0] ----D C:\ProgramData\FNP
O43 - CFD: 27/05/2013 - 07:04:12 ص - [0] ----D C:\ProgramData\Hi
O43 - CFD: 04/03/2013 - 10:45:19 ص - [28.795] ----D C:\ProgramData\pdgm
O43 - CFD: 01/04/2014 - 08:39:55 ص - [0.013] ----D C:\ProgramData\systemk
O43 - CFD: 23/03/2014 - 08:04:47 ص - [0.029] ----D C:\ProgramData\ValueApps =>Toolbar.Conduit
O43 - CFD: 08/01/2013 - 11:01:38 ص - [0.035] ----D C:\Users\valentaine man\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 26/02/2013 - 07:13:06 ص - [0.090] ----D C:\Users\valentaine man\AppData\Roaming\Funmoods =>PUP.Funmoods
O43 - CFD: 18/02/2014 - 11:44:48 ص - [0.829] ----D C:\Users\valentaine man\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 22/01/2014 - 12:22:19 م - [0.009] ----D C:\Users\valentaine man\AppData\Roaming\Petroleum Experts
O43 - CFD: 23/03/2014 - 08:04:42 ص - [1.230] ----D C:\Users\valentaine man\AppData\Roaming\ValueApps =>Toolbar.Conduit
O43 - CFD: 09/12/2013 - 11:35:58 ص - [0] ----D C:\Users\valentaine man\AppData\Roaming\{64821D16-105C-4C7A-A89C-36AA41BD65F7}
O43 - CFD: 14/04/2013 - 07:41:16 ص - [0.001] ----D C:\Users\valentaine man\AppData\Local\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 02/03/2014 - 08:21:22 ص - [1.070] ----D C:\Users\valentaine man\AppData\Local\Start Savin
O43 - CFD: 14/04/2013 - 07:40:38 ص - [0.002] ----D C:\Users\valentaine man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com =>Spyware.PutLocker
~ Program Folder: 162 Legitimates Filtered in :0mn صs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.FF314EB3C72735431D0C9963E5F7C950] - 01/04/2014 - 08:40:04 ص --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [23504]
O44 - LFC:[MD5.FF314EB3C72735431D0C9963E5F7C950] - 01/04/2014 - 08:40:04 ص --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [23504]
~ Files: 15 Legitimates Filtered in :2mn صs



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in :0mn صs



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
~ IFEO: Scanned in :0mn صs



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{0214e3a3-9043-11e2-9857-00241dca7f1a}\AutoRun\command. (...) -- H:\autorunner.exe (.not file.)
~ Keys: Scanned in :0mn صs



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Browser companion helper [Key] . (...) -- C:\Program Files\BrowserCompanion\BCHelper.exe (.not file.) =>PUP.Blabbers
O53 - SMSR:HKLM\...\startupreg\DATAMNGR [Key] . (...) -- C:\Program Files\SEARCH~1\Datamngr\DATAMN~1.exe (.not file.) =>PUP.Datamngr
O53 - SMSR:HKLM\...\startupreg\HiMEDIA [Key] . (...) -- C:\Program Files\Hi\HiPlayer\1.18.0.44\HiPlayer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\pcreg [Key] . (...) -- C:\Program Files\pcreg\service.exe
O53 - SMSR:HKLM\...\startupreg\USB Security [Key] . (...) -- C:\Program Files\USB Disk Security\USBGuard.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Users\valentaine man\AppData\Roaming\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
O53 - SMSR:HKLM\...\startupreg\WindowMessenger [Key] . (...) -- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Windows Alerter [Key] . (...) -- C:\Program Files\Windows Alerter\WinAlert.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Windows Common Files Manager [Key] . (...) -- C:\Program Files\Windows Common Files\Commgr.exe (.not file.)
~ SMSR Keys: 20 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 16 Legitimates Filtered in :0mn صs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HideSCAHealth"=1
~ MWPE Keys: 3 Legitimates Filtered in :0mn صs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.CB98B2A1C836F2FAD0DA5E3EE5539A81] - 23/01/2014 - 12:08:56 م ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [29672]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 04:20:28 ص ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 01:54:14 ص ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.FBA46D822CF3ED2F43197702E3D091B7] - 19/03/2014 - 08:50:02 م ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [49352]
O58 - SDL:[MD5.2AA2C79B9E39C2FCBE0670AECC5B4361] - 27/06/2013 - 12:57:42 م ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [104928]
O58 - SDL:[MD5.AA2AE0AEEF021018C9A00E9E5CB66DDA] - 23/03/2009 - 10:25:54 ص ---A- . (.Kerio Technologies Inc. - Kerio Virtual Network Adapter (Vista x86).) -- C:\Windows\System32\Drivers\kvnet.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 04:19:04 ص ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.13FE4F5046B8D27052255D0D68CB563D] - 19/03/2014 - 08:53:50 م ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [37064]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 14/07/2009 - 12:40:41 ص ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/07/2009 - 12:40:44 ص ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 14/07/2009 - 12:40:40 ص ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 14/07/2009 - 12:40:43 ص ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/07/2009 - 12:40:43 ص ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 14/07/2009 - 12:40:23 ص ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/07/2009 - 12:40:31 ص ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/07/2009 - 12:40:35 ص ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/07/2009 - 12:40:39 ص ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/07/2009 - 12:40:27 ص ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 14/07/2009 - 12:40:11 ص ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 14/07/2009 - 12:40:15 ص ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 14/07/2009 - 12:40:17 ص ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 14/07/2009 - 12:40:19 ص ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 14/07/2009 - 12:40:13 ص ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in :0mn صs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in :0mn صs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 23/01/2014 - C:\Windows\System32\DRIVERS\cnnctfy3.sys (cnnctfy3) .(.Connectify - NDISRD helper driver.) - LEGACY_CNNCTFY3
O64 - Services: CurCS - 27/06/2013 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 122 Legitimates Filtered in :0mn صs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\peted04\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Torch Media Inc. - Torch.) -- C:\Users\valentaine man\AppData\Local\Torch\Application\torch.exe
~ Keys: Scanned in :0mn صs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net
~ Keys: Scanned in :0mn صs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{FFD295D4-6D9F-4FB9-8E34-DF60594D457C}C:\program files\charles\charles.exe" | In - Domain - P6 - TRUE | .(.XK72 Ltd - Charles Web Debugging Proxy.) -- C:\program files\charles\charles.exe
O87 - FAEL: "UDP Query User{6DA34F5F-714B-4EC7-A04A-8351B83344D6}C:\program files\charles\charles.exe" | In - Domain - P17 - TRUE | .(.XK72 Ltd - Charles Web Debugging Proxy.) -- C:\program files\charles\charles.exe
O87 - FAEL: "TCP Query User{E497CB8A-9AA1-4BC6-88CE-1A4F669D2BD0}C:\users\peted04\documents\downloads\compressed\u1201.exe" | In - Domain - P6 - TRUE | .(...) -- C:\users\peted04\documents\downloads\compressed\u1201.exe
O87 - FAEL: "UDP Query User{35EE1DAE-5485-4BF9-BCDB-167F38526595}C:\users\peted04\documents\downloads\compressed\u1201.exe" | In - Domain - P17 - TRUE | .(...) -- C:\users\peted04\documents\downloads\compressed\u1201.exe
O87 - FAEL: "{47248EFA-2516-4479-9804-36913D7D4525}" | In - None - P17 - TRUE | .(.Torch Media Inc. - Torch Torrent.) -- C:\Users\valentaine man\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
O87 - FAEL: "TCP Query User{2B676F86-20B7-495E-8F45-E9557DA5F8C1}H:\ipm 6\pxls.exe" |In - Public - P6 - TRUE | .(...) -- H:\ipm 6\pxls.exe (.not file.)
O87 - FAEL: "UDP Query User{ACF8918F-6831-4E28-804C-4BC07BD49C92}H:\ipm 6\pxls.exe" |In - Public - P17 - TRUE | .(...) -- H:\ipm 6\pxls.exe (.not file.)
O87 - FAEL: "{843DE059-11FB-41B0-AC48-B7FC90478C9D}" | Out - None - P17 - TRUE | .(...) -- c:\program files\pcreg\pcreg.exe
O87 - FAEL: "{7999DCBF-8404-4279-9CEA-ED85517743D7}" | In - None - P17 - TRUE | .(...) -- c:\program files\pcreg\pcreg.exe
O87 - FAEL: "{BDF1E8B6-1204-4003-BC50-A3FD9CF86836}" | In - None - P17 - TRUE | .(...) -- c:\program files\pcreg\service.exe
O87 - FAEL: "{55200472-3BA0-4B69-A660-50E41C66F228}" | Out - None - P17 - TRUE | .(...) -- c:\program files\pcreg\service.exe
O87 - FAEL: "TCP Query User{21F206F7-68B8-40F3-8127-698FD5FE0E1F}D:\reservior mangement\ipm 6\pxls.exe" | In - Public - P6 - TRUE | .(.Petroleum Experts - Petroleum Experts License Server program.) -- D:\reservior mangement\ipm 6\pxls.exe
O87 - FAEL: "UDP Query User{B90CC5D4-2EB9-400F-BAAD-DB7C6450E415}D:\reservior mangement\ipm 6\pxls.exe" | In - Public - P17 - TRUE | .(.Petroleum Experts - Petroleum Experts License Server program.) -- D:\reservior mangement\ipm 6\pxls.exe
O87 - FAEL: "{CBE4B84B-8D9D-45C9-BDF1-B65CCD928524}" | Out - None - P17 - TRUE | .(...) -- C:\Windows\TEMP\file_to_run55843.exe
O87 - FAEL: "{D95445C2-AF14-45D3-B022-B2FB16BF8662}" | In - None - P17 - TRUE | .(...) -- C:\Windows\TEMP\file_to_run55843.exe
~ Firewall: 268 Legitimates Filtered in :1mn صs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.4EB026B6ADDE1C6741F01A08B0510779] [WIS][23/04/2012] (.XK72 Ltd - Charles 3.6.5 Installer.) -- C:\Windows\Installer\2f92c0.msi [7778304]
~ WIS: 30 Legitimates Filtered in :0mn صs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 12/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 78512 | (HssTrayService) . (...) - C:\Program Files\Hotspot Shield\bin\HssTrayService.exe
SS - | Demand 30/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 31/12/2010 619872 | (RaMediaServer) . (...) - C:\Program Files\Ralink\Common\RaMediaServer.exe

SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/10/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 23/12/2013 487936 | (Connectify) . (.Connectify.) - C:\Program Files\Connectify\ConnectifyService.exe
SR - | Auto 20/03/2014 925480 | (hshld) . (.AnchorFree Inc..) - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
SR - | Auto 15/03/2014 555304 | (HssWd) . (...) - C:\Program Files\Hotspot Shield\bin\hsswd.exe
SR - | Auto 31/05/2010 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SR - | Auto 21/01/2014 25600 | (pcregservice) . (...) - C:\Program Files\pcreg\pcreg.exe
SR - | Auto 11/11/2010 374112 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe
SR - | Auto 06/02/2014 3448848 | (SystemkService) . (.Aztec Media Inc..) - C:\Program Files\Settings Manager\systemk\SystemkService.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in :1mn صs



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in :0mn صs



---\\ Scan Additionnel (O88)
Database Version : 13031 - (30/03/2014)
Clés trouvées (Keys found) : 141
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 18
Fichiers trouvés (Files found) : 19

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}] =>Spyware.PutLocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}] =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Browser companion helper] =>PUP.Blabbers^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR] =>PUP.Datamngr^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.µTorrent^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKLM\Software\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}] =>PUP.Datamngr
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Classes\f] =>PUP.Funmoods
[HKLM\Software\Classes\funmoods.dskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\funmoods.dskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKCU\Software\funmoods] =>PUP.Funmoods
[HKLM\Software\funmoods] =>PUP.Funmoods
[HKLM\Software\iLividSRTB] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion] =>PUP.Blabbers
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}] =>PUP.Funmoods
[HKLM\Software\Classes\PutLockerDownloader] =>Spyware.PutLocker
[HKLM\Software\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt
[HKLM\Software\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej] =>PUP.Blabbers
[HKLM\Software\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje] =>Hijacker.TornTV
[HKLM\Software\Classes\funmoods.funmoodsHlpr] =>PUP.Funmoods
[HKLM\Software\Classes\funmoods.funmoodsHlpr.1] =>PUP.Funmoods
[HKLM\Software\Classes\funmoodsApp.appCore] =>PUP.Funmoods
[HKLM\Software\Classes\funmoodsApp.appCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods] =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} =>PUP.Funmoods^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BService =>PUP.GiganticSavings^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Program Files\Funmoods =>PUP.Funmoods^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Program Files\PutLockerDownloader =>Spyware.PutLocker^
C:\Program Files\TornTV.com =>Hijacker.TornTV^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\BrowserProtect =>Hijacker.Eazel^
C:\ProgramData\ValueApps =>Toolbar.Conduit^
C:\Users\valentaine man\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\valentaine man\AppData\Roaming\Funmoods =>PUP.Funmoods^
C:\Users\valentaine man\AppData\Roaming\ValueApps =>Toolbar.Conduit^
C:\Users\valentaine man\AppData\Local\PutLockerDownloader =>Spyware.PutLocker^
C:\Users\valentaine man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com =>Spyware.PutLocker^
C:\Program Files\vGrabber-software =>PUP.vGrabber
C:\Program Files\Gophoto.it =>Spyware.GophotoIt
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\Users\valentaine man\AppData\LocalLow\searchresultstb =>Toolbar.Agent
C:\Users\valentaine man\AppData\LocalLow\Funmoods =>PUP.Funmoods
C:\Users\valentaine man\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Program Files\Bench\BService\bservice.exe =>PUP.GiganticSavings^
C:\Program Files\Bench\Wd\wd.exe =>PUP.GiganticSavings^
C:\Windows\Tasks\bench-S-1-5-21-2831361249-1143636492-515754252-1000.job =>PUP.GiganticSavings^
C:\Windows\Tasks\bench-sys.job =>Hijacker.iHaveNet^
C:\Program Files\Bench\Updater\updater.exe =>PUP.GiganticSavings^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Datamngr] =>PUP.Datamngr^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Funmoods] =>PUP.Funmoods^
C:\Windows\KMService.exe =>Hijacker.Windows
C:\Users\valentaine man\AppData\Local\Temp\BundleSweetIMSetup.exe =>PUP.SweetIM
C:\Users\valentaine man\AppData\Local\Temp\MybabylonTB.exe =>PUP.SweetIM
C:\Users\valentaine man\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit
C:\Users\valentaine man\AppData\Local\Temp\GCVerifier.dll =>Toolbar.Conduit
C:\Users\valentaine man\AppData\Local\Temp\Umbrella.exe39ea5f =>Adware.IMBooster
~ Additionnel Scan: 397997 Items scanned in :1mn صs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/37514218-pup-giganticsavings =>PUP.GiganticSavings
http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
http://nicolascoolman.webs.com/apps/blog/show/29580507-spyware-putlocker =>Spyware.PutLocker
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
http://nicolascoolman.webs.com/apps/blog/show/33336602-hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser =>Trojan.Staser
http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/27280149-pup-blabbers =>PUP.Blabbers
http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults =>PUP.SearchResults
http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/27793524-spyware-gophotoit =>Spyware.GophotoIt
http://nicolascoolman.webs.com/apps/blog/show/27632288-toolbar-vgrabber =>PUP.vGrabber
http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows
~ MSI: 31 link(s) detected in :0mn صs



~ 1091 Legitimates filtered by white list
End of the scan (803 lines in :2mn صs)(0)

Publicité


Signaler le contenu de ce document

Publicité