Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
MD5.14F40DD115B9B55E34479D93F3C8EB5E] - (.No owner - FileHippo.AppManager.) -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136] [PID.6896]
[MD5.11A4C7DB8910DA8D82596E00FA7D6F51] - (...) -- C:\Program Files (x86)\EyeLeo\EyeLeo.exe [2667520] [PID.7764]
M2 - MFEP: prefs.js [ayoub - w4zew336.default\jid1-ieGDbvlarpkNNQ@jetpack] [] Cookie Cleaner v2.21 (..)
M2 - MFEP: prefs.js [ayoub - w4zew336.default\support@follow.net] [] Follow.net v2.2 (..)
M2 - MFEP: Extension [ayoub - w4zew336.default] {6bdc61ae-7b80-44a3-9476-e1d121ec2238}
M2 - MFEP: Extension [ayoub - w4zew336.default] {e968fc70-8f95-4ab9-9e79-304de2a71ee1}
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} Orphan key
O4 - HKCU\..\Run: [FileHippo.com] . (.No owner - FileHippo.AppManager.) -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
O4 - HKUS\S-1-5-21-2457737315-482997084-386271186-1000\..\Run: [FileHippo.com] . (.No owner - FileHippo.AppManager.) -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
[MD5.04FDA4A91964FFC6BD931142AB35B13C] [APT] [BOTREVOLT_STARTUP_TASK_918CB0F9_1EF8_4c60_8205_7AAB364CD162] (.BotRevolt.COM.) -- C:\Program Files\BotRevoltFree\botrevoltfree.exe [4770512]
[MD5.CCE6B3A2040D26BFFD00CAE539B72C15] [APT] [Malwarebytes Anti-Exploit] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [55608]
[MD5.3A2BDDBA52A87C9DDAEF3C8D341BEA38] [APT] [SPK] (...) -- C:\Users\ayoub\AppData\Roaming\SPK\SPK.exe [776640]
[MD5.08B621FA07BC1679ED99B30F7195F0BF] [APT] [{2F143148-D621-41CD-B4B0-B93BB866BBDD}] (.?. ???? ???? ????????.) -- C:\Users\ayoub\Downloads\AlKhawarizmiSetup.exe [2800089]
[MD5.92E7747669E3ECBDEE8C617C67B7D847] [APT] [{6E5BE0F1-7348-4790-A7C1-2C09C03B70A0}] (...) -- C:\Users\ayoub\Downloads\mmath1.2_install(1).exe [17188352]
[MD5.E3A108C9B17F3572E53C07F52D236481] [APT] [{AA06B2DA-080D-4C25-BCC9-74A9B7C33683}] (...) -- C:\Users\ayoub\programme d'instation d'ayoub\appserv-win32-2.6.0.exe [21786116]
[MD5.992F1F3CA1E6A172BEA54EE02B0A1A2E] [APT] [{B43EE667-3279-413C-83CC-423771381E1B}] (.Colorjinn.) -- C:\Users\ayoub\Downloads\calibrize_2_setup.exe [1212187]
[MD5.21F602EA1CB607661049ACFEEF0280D8] [APT] [{D2ABC63F-B57B-4C04-A6D7-2045527E5271}] (.Malwarebytes.) -- C:\Users\ayoub\Downloads\regassassin-setup-1.03.exe [65232]
[MD5.17A044E2CA64469F11E79EDA14415909] [APT] [{D7A524DD-8A87-413A-A0D7-F04D6F4BB014}] (...) -- C:\Program Files (x86)\Longman\NewSky3\New Sky 3 CD-ROM\Install.exe [3112960]
O42 - Logiciel: Brackets Sprint 32 - (.brackets.io.) [HKLM][64Bits] -- {494786F3-5CDA-41F4-8892-012382CBFFFC}
O42 - Logiciel: Cyotek WebCopy - (.Cyotek.) [HKLM][64Bits] -- {D5FAF1F8-C903-41b2-AC66-2682A02A78CB}_is1
O42 - Logiciel: Duplicate Finder - (.Ashisoft.) [HKLM][64Bits] -- {0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1
O42 - Logiciel: EmailSpider Gold 11 - (.Email-Business Software.) [HKLM][64Bits] -- EmailSpider Gold_is1
O42 - Logiciel: Express English - (.ONH1986.) [HKLM][64Bits] -- Express English3.9.1
O42 - Logiciel: Eye P.A. - (.MetaGeek, LLC.) [HKLM][64Bits] -- {7C712E84-A9C3-4D2B-AC56-879B3C1DA071}
O42 - Logiciel: EyeLeo - (...) [HKLM][64Bits] -- EyeLeo
O42 - Logiciel: Happy Wars - (.Toylogic inc..) [HKLM][64Bits] -- Steam App 246280
O42 - Logiciel: IEJet-Popup Killer & Ad Stopper (remove only) - (...) [HKLM][64Bits] -- Retsina IEJet
O42 - Logiciel: MD5Check 3.0 - (...) [HKLM][64Bits] -- MD5Check_is1
O42 - Logiciel: Manga Reader v1.5.6 - (.Manga Reader.) [HKLM][64Bits] -- {E6FE6139-8678-4DE9-9E76-0279B258BE35}
O42 - Logiciel: MangaBrowser for SHONEN JUMP - (.SHARP.) [HKLM][64Bits] -- {4E14E4A9-911C-47DF-9B26-4157E74F2F85}
O42 - Logiciel: Nidhogg - (...) [HKLM][64Bits] -- TmlkaG9nZw==_is1
O42 - Logiciel: QuickMark - (.SimpleAct.) [HKLM][64Bits] -- {53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4}
O42 - Logiciel: Registry Compare v1.1 - (...) [HKLM][64Bits] -- ST6UNST #1
O42 - Logiciel: Sakura2 - (.HMS.) [HKLM][64Bits] -- InstallShield_{1A7D43E8-AA5F-44CA-A4DB-AECBFABB9EEA}
O42 - Logiciel: Sakura2 - (.HMS.) [HKLM][64Bits] -- {1A7D43E8-AA5F-44CA-A4DB-AECBFABB9EEA}
O42 - Logiciel: Scribblenauts Unmasked A DC Comics Adventure - (...) [HKLM][64Bits] -- Scribblenauts Unmasked A DC Comics Adventure_is1
O42 - Logiciel: Subtitle Dawn version 2.0 - (.VCL Examples.) [HKLM][64Bits] -- {EE6B331A-C18D-446F-A760-5507024B7126}_is1
O42 - Logiciel: Telegram Win (Unofficial) version 0.3.9 - (.Telegram (Unofficial).) [HKCU][64Bits] -- {53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1
O42 - Logiciel: Thread Manager 2.4.0.0 - (.Digital Generation.) [HKLM][64Bits] -- {78F4E027-355C-45C0-90DC-F89DFC618761}_is1
O42 - Logiciel: UltraUXThemePatcher - (.Manuel Hoefs (Zottel).) [HKLM][64Bits] -- UltraUXThemePatcher
O42 - Logiciel: Xilisoft Multiple Desktops - (.Xilisoft.) [HKLM][64Bits] -- Xilisoft Multiple Desktops
O42 - Logiciel: ?????? ?????? ??????????? version 1.0 - (.?????? ?????? :: ?????? ????? - ?????? :: ??? ????.) [HKLM][64Bits] -- {7970E77E-C74F-497D-9CA3-7E99170BE10D}_is1
[HKCU\Software\100dof]
[HKCU\Software\Arlequin_P400xi]
[HKCU\Software\Bot Square Inc]
[HKCU\Software\Brackets Sprint 32]
[HKCU\Software\Cyotek]
[HKCU\Software\Demo Alpha - TARIK BOUCHIKHI]
[HKCU\Software\GameJam]
[HKCU\Software\HelpWithMath]
[HKCU\Software\JVCL]
[HKCU\Software\JoyBox]
[HKCU\Software\Juicy Beast Studio Ltd.]
[HKCU\Software\Lisisoft]
[HKCU\Software\Luminitix]
[HKCU\Software\MED7]
[HKCU\Software\Mask Surf]
[HKCU\Software\Red Dot Games]
[HKCU\Software\Rmatey]
[HKCU\Software\Sakura2]
[HKCU\Software\SimpleAct]
[HKCU\Software\WED7]
[HKLM\Software\Bitcoin Core (64-bit)]
[HKLM\Software\BotRevolt]
[HKLM\Software\Wow6432Node\Brackets Sprint 32]
[HKLM\Software\Wow6432Node\Deimaging]
[HKLM\Software\Wow6432Node\Monect]
[HKLM\Software\Wow6432Node\ONH1986]
[HKLM\Software\Wow6432Node\Retsina Software]
O43 - CFD: 17/11/2013 - 01:55:25 - [] ----D C:\Program Files (x86)\5th Cell Media
O43 - CFD: 04/10/2014 - 16:35:11 - [] ----D C:\Program Files (x86)\Aqsa Electronic Encyclopedi
O43 - CFD: 17/10/2013 - 22:42:11 - [] ----D C:\Program Files (x86)\Brackets Sprint 32
O43 - CFD: 16/03/2013 - 18:36:36 - [] ----D C:\Program Files (x86)\cyotek
O43 - CFD: 18/08/2014 - 18:46:51 - [0] ----D C:\Program Files (x86)\Daygames
O43 - CFD: 24/10/2012 - 22:21:17 - [] ----D C:\Program Files (x86)\Deimaging
O43 - CFD: 06/04/2013 - 22:31:44 - [] ----D C:\Program Files (x86)\Duplicate Finder
O43 - CFD: 24/09/2014 - 19:18:25 - [] ----D C:\Program Files (x86)\Email-Business
O43 - CFD: 09/08/2012 - 01:58:38 - [] ----D C:\Program Files (x86)\EyeLeo
O43 - CFD: 27/09/2014 - 23:19:03 - [] ----D C:\Program Files (x86)\Inexistence
O43 - CFD: 30/12/2013 - 18:00:31 - [] ----D C:\Program Files (x86)\Manga Reader
O43 - CFD: 05/02/2013 - 20:55:30 - [] ----D C:\Program Files (x86)\Mask Surf
O43 - CFD: 15/08/2013 - 20:00:22 - [] ----D C:\Program Files (x86)\MD5Check
O43 - CFD: 22/01/2014 - 22:55:10 - [] ----D C:\Program Files (x86)\Nidhogg
O43 - CFD: 27/01/2014 - 00:15:01 - [] ----D C:\Program Files (x86)\ONH1986
O43 - CFD: 22/12/2012 - 22:20:46 - [] ----D C:\Program Files (x86)\Registry Compare v1.1
O43 - CFD: 29/07/2012 - 13:41:30 - [] ----D C:\Program Files (x86)\Retsina Software
O43 - CFD: 26/01/2013 - 20:33:08 - [] ----D C:\Program Files (x86)\SimpleAct
O43 - CFD: 29/01/2014 - 14:18:42 - [] ----D C:\Program Files (x86)\Subtitle Dawn
O43 - CFD: 29/09/2014 - 20:40:31 - [] ----D C:\Program Files (x86)\Thief
O43 - CFD: 01/07/2013 - 01:44:30 - [] ----D C:\Program Files (x86)\Thread Manager
O43 - CFD: 16/10/2013 - 17:42:00 - [] ----D C:\Program Files (x86)\UltraUXThemePatcher
O43 - CFD: 10/06/2013 - 19:42:15 - [0] ----D C:\Program Files (x86)\Wifi Protector Extension
O43 - CFD: 16/07/2014 - 03:15:21 - [] ----D C:\ProgramData\chocolatey
O43 - CFD: 18/08/2014 - 18:39:54 - [] ----D C:\ProgramData\Daygames
O43 - CFD: 07/04/2013 - 14:59:39 - [] ----D C:\ProgramData\hya5HOh
O43 - CFD: 16/07/2014 - 03:29:34 - [] ----D C:\ProgramData\shimgen
O43 - CFD: 03/07/2013 - 16:37:09 - [] --H-D C:\ProgramData\{4D790C15-A3FF-476F-9F6C-FA6FF12EFFC3}
O43 - CFD: 03/07/2013 - 16:38:44 - [] --H-D C:\ProgramData\{63B3AF69-722B-4FA9-965F-94DEB1E78796}
O43 - CFD: 03/07/2013 - 16:36:54 - [] --H-D C:\ProgramData\{682FE305-7958-4875-9B95-34673E7151AD}
O43 - CFD: 03/07/2013 - 16:38:30 - [] --H-D C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
O43 - CFD: 03/07/2013 - 16:54:01 - [] --H-D C:\ProgramData\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}
O43 - CFD: 03/07/2013 - 16:53:49 - [] --H-D C:\ProgramData\{E6AF2639-F710-4F5B-8830-95A396FB523F}
O43 - CFD: 28/07/2013 - 05:43:56 - [] ----D C:\Users\ayoub\AppData\Roaming\.mono
O43 - CFD: 26/07/2014 - 02:42:04 - [] ----D C:\Users\ayoub\AppData\Roaming\.pokepack
O43 - CFD: 16/07/2014 - 02:35:00 - [] ----D C:\Users\ayoub\AppData\Roaming\Atom
O43 - CFD: 16/03/2013 - 18:36:37 - [] ----D C:\Users\ayoub\AppData\Roaming\Cyotek
O43 - CFD: 09/08/2012 - 01:58:43 - [] ----D C:\Users\ayoub\AppData\Roaming\EyeLeo
O43 - CFD: 07/01/2014 - 22:13:46 - [] ----D C:\Users\ayoub\AppData\Roaming\NetGuard
O43 - CFD: 27/04/2014 - 19:21:45 - [] ----D C:\Users\ayoub\AppData\Roaming\Nidhogg
O43 - CFD: 02/09/2014 - 23:31:43 - [] ----D C:\Users\ayoub\AppData\Roaming\rickos
O43 - CFD: 02/09/2014 - 23:31:49 - [] ----D C:\Users\ayoub\AppData\Roaming\SPK
O43 - CFD: 03/03/2014 - 22:55:04 - [] ----D C:\Users\ayoub\AppData\Roaming\Telegram Win (Unofficial)
O43 - CFD: 14/10/2013 - 22:41:34 - [] ----D C:\Users\ayoub\AppData\Roaming\www.kiwix.org
O43 - CFD: 23/09/2012 - 17:08:07 - [] ----D C:\Users\ayoub\AppData\Local\ayour_boy2011
O43 - CFD: 16/03/2013 - 19:55:22 - [] ----D C:\Users\ayoub\AppData\Local\Cyotek
O43 - CFD: 12/01/2014 - 23:10:50 - [] ----D C:\Users\ayoub\AppData\Local\Forward
O43 - CFD: 18/08/2014 - 18:32:39 - [] ----D C:\Users\ayoub\AppData\Local\Mike_Hall
O43 - CFD: 18/08/2014 - 22:37:48 - [] ----D C:\Users\ayoub\AppData\Local\Stickmen_Element_Masters
O43 - CFD: 28/07/2013 - 05:43:47 - [] ----D C:\Users\ayoub\AppData\Local\UWebKit
O43 - CFD: 14/10/2013 - 22:41:34 - [] ----D C:\Users\ayoub\AppData\Local\www.kiwix.org
O43 - CFD: 09/08/2012 - 01:58:38 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EyeLeo
O43 - CFD: 29/07/2012 - 13:41:31 - [0] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IEJet
O43 - CFD: 27/01/2014 - 00:15:10 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ONH1986
O43 - CFD: 22/12/2012 - 22:20:45 - [0] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Compare v1.1
O43 - CFD: 03/03/2014 - 22:54:38 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
O43 - CFD: 16/10/2013 - 17:42:01 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
O44 - LFC:[MD5.E81805C002393071902DE645BB1086A5] - 05/10/2014 - 18:02:34 ---A- . (.Hewlett-Packard Company - HP Mobile Data Protection CoInstaller.) -- C:\Windows\System32\HPMDPCoInst12.dll [18240]
O53 - SMSR:HKLM\...\startupreg\Flutter [Key] . (.Bot Square Inc - Flutter.) -- C:\Users\ayoub\AppData\Local\Flutter\Flutter.exe
O53 - SMSR:HKLM\...\startupreg\ThreadManager.exe [Key] . (.Digital Generation Inc. - ThreadManager.) -- C:\Program Files (x86)\Thread Manager\ThreadManager.exe
O58 - SDL:23/03/2012 - 11:54:38 ---A- . (.Ekahau Inc. - Ekahau User mode I/O Driver.) -- C:\Windows\System32\Drivers\ekaprot6.sys [27288]
[MD5.A472ABB8BFE579D9346594E9EA3C20B6] [SPRF][01/05/2013] (...) -- C:\Users\ayoub\AppData\Roaming\pdfdrawcodec.dll [8]
[MD5.962ED1CBA16925E65F92FD4330FABBB7] [SPRF][04/03/2014] (...) -- C:\Program Files (x86)\update-southpark.bat [226]
SR - | Auto 10/07/1658 0 | (mysql) . (...) - C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql
HKCU\Software\DefaultCompany]
[HKCU\Software\Safe Browser]
[HKCU\Software\Stoff]
O43 - CFD: 29/06/2014 - 15:37:37 - [0] ----D C:\Program Files (x86)\SiteLookup
O43 - CFD: 05/11/2013 - 22:53:56 - [] ----D C:\Users\ayoub\AppData\Roaming\Reg
O43 - CFD: 18/08/2014 - 19:35:49 - [] ----D C:\Users\ayoub\AppData\Local\data
O43 - CFD: 13/03/2014 - 01:12:54 - [0] ----D C:\Users\ayoub\AppData\Local\Zame
M0 - MFSP: prefs.js [ayoub - w4zew336.default] http://www.arabyonline.com
M0 - MFSP: user.js [ayoub - w4zew336.default] http://www.arabyonline.com
M2 - MFEP: prefs.js [ayoub - w4zew336.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v3.4.1 (..) =>Hijacker.Proxy
M2 - MFEP: prefs.js [ayoub - w4zew336.default\matchersitepro@matchersitepro.com] [] Site Matcher Pro v2.21 (..) =>Adware.SiteMatcher
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9050 =>Hijacker.Proxy
O2 - BHO: (no name) [64Bits] - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Orphan key
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
O42 - Logiciel: Topaz Detail 2 - (.Topaz Labs.) [HKLM][64Bits] -- Topaz Detail 2 =>PUP.TopDeal
O42 - Logiciel: Topaz Detail 2 - (.Topaz Labs.) [HKLM][64Bits] -- {C921D7C4-24D7-4210-AEE9-DFC5DDC78428} =>PUP.TopDeal
[HKCU\Software\ARHome] =>Trojan.Vonteera
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera
[HKCU\Software\PCCleaners] =>Rogue.PCCleanerPro
[HKCU\Software\Popper] =>Rogue.Vonteera
[HKCU\Software\SpeedyPC Software] =>PUP.SpeedyPC
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp
[HKCU\Software\f578adde668b941] =>Hijacker.Eazel
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\Wow6432Node\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\f578adde668b941] =>Hijacker.Eazel
O43 - CFD: 18/03/2013 - 00:03:58 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 23/08/2013 - 16:12:20 - [0] ----D C:\ProgramData\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 01/09/2013 - 01:35:00 - [] ----D C:\ProgramData\SpeedyPC Software =>PUP.SpeedyPC
O43 - CFD: 18/03/2013 - 22:44:34 - [] ----D C:\Users\ayoub\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 27/09/2012 - 18:33:26 - [] ----D C:\Users\ayoub\AppData\Roaming\PC Cleaners =>Rogue.PCCleanerPro
O43 - CFD: 07/09/2014 - 22:04:32 - [0] ----D C:\Users\ayoub\AppData\Roaming\Popper =>Rogue.Vonteera
O43 - CFD: 25/01/2013 - 16:33:48 - [] ----D C:\Users\ayoub\AppData\Roaming\SpeedyPC Software =>PUP.SpeedyPC
O43 - CFD: 07/09/2014 - 23:25:18 - [] ----D C:\Users\ayoub\AppData\Roaming\VolIE =>Trojan.Vonteera
O43 - CFD: 19/09/2013 - 20:52:15 - [0] ----D C:\Users\ayoub\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
[HKCU\Software\f578adde668b941\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\f578adde668b941\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\f578adde668b941] =>PUP.Babylon^
[HKCU\Software\f578adde668b941]:version="2.6.1339.144" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\f578adde668b941]:version="2.6.1339.144" =>Hijacker.Eazel
[MD5.22C9E7805145D0A0C4C62DDB591D2DAE] [WIS][27/06/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\3dde35.msi [353280] =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCCleaners_RASAPI32 =>Rogue.PCCleanerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCCleaners_RASMANCS =>Rogue.PCCleanerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_RASAPI32 =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_RASMANCS =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_Update3_RASAPI32 =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_Update3_RASMANCS =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1198_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1198_RASMANCS =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate] =>Adware.ExpressFiles^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup] =>PUP.JDIBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Topaz Detail 2] =>PUP.TopDeal^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}] =>PUP.TopDeal^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111261187}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111261187}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111261187}] =>PUP.CrossRider
C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\extensions\foxyproxy@eric.h.jung =>Hijacker.Proxy^
C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\extensions\matchersitepro@matchersitepro.com =>Adware.SiteMatcher^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BrowserDefender =>Hijacker.Eazel^
C:\ProgramData\SpeedyPC Software =>PUP.SpeedyPC^
C:\Users\ayoub\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^
C:\Users\ayoub\AppData\Roaming\PC Cleaners =>Rogue.PCCleanerPro^
C:\Users\ayoub\AppData\Roaming\Popper =>Rogue.Vonteera^
C:\Users\ayoub\AppData\Roaming\SpeedyPC Software =>PUP.SpeedyPC^
C:\Users\ayoub\AppData\Roaming\VolIE =>Trojan.Vonteera^
C:\Users\ayoub\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch^
[HKCU\Software\ARHome] =>Trojan.Vonteera^
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera^
[HKCU\Software\PCCleaners] =>Rogue.PCCleanerPro^
[HKCU\Software\Popper] =>Rogue.Vonteera^
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport^
[HKCU\Software\f578adde668b941\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\f578adde668b941] =>PUP.Babylon^^
C:\Windows\Installer\3dde35.msi =>PUP.Babylon^
O42 - Logiciel: Java 6 Update 4 - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {3248F0A8-6813-11D6-A77B-00B0D0160040}
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
O23 - Service: MonectServerService (MonectServerService) . (...) - C:\Users\ayoub\AppData\Local\Temp\Rar$EXa0.679\MonectServerService.exe (.not file.)
O23 - Service: mysql (mysql) . (...) - C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{05044A1E-0693-4BC3-AA22-DAB8352B9C58}] (...) -- C:\Users\ayoub\New Folder (2)\Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{15AEF852-9536-490C-A454-AE7CB0213B2A}] (...) -- C:\Users\ayoub\Downloads\wlsetup-web(3).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{181E3637-90B8-424D-B24A-93CDE5422B54}] (...) -- C:\Users\ayoub\hhhhhhhhh\GoogleEarthWin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E0C8C5B-7CEC-4C54-A308-CB9AC9F451CC}] (...) -- F:\abs\absel\acrobat\ACRD4FRA.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{56D5A04F-9FD1-4E02-B1B8-7CABE2DA4B1C}] (...) -- C:\Users\ayoub\hhhh\Fighter FX 7.2\Status Checker.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5C9E89D2-8A34-4890-B41C-C1FAFB0E7A01}] (...) -- C:\Users\ayoub\Desktop\New Folder\Install_Win7_7065_11232012\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{744EFECE-1AC6-4AE1-BC74-2911BC087729}] (...) -- C:\Users\ayoub\Desktop\New Folder\Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{878F6FC3-1B5D-44A6-AAD1-7FD71FB9F420}] (...) -- C:\Users\ayoub\New Folder (4)\VB-VanToM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B0A4B244-38B6-4562-9AA9-344C0A0ECCFC}] (...) -- G:\Office Setup Controller\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B529E7C2-1A7C-4609-BC0B-D4403FD0810B}] (...) -- C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\setuplauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CE5FA563-1DF1-46B4-8696-852F38833D6E}] (...) -- F:\splash\demo32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D50C3BC7-6BD6-4634-8104-70BAE5BC71CA}] (...) -- C:\Users\ayoub\Downloads\wlsetup-web(2).exe (.not file.) [0]
O41 - Driver: (klhk) . (. - .) - C:\Windows\System32\DRIVERS\klhk.sys (.not file.)
O41 - Driver: (KLIF) . (. - .) - C:\Windows\System32\DRIVERS\klif.sys (.not file.)
O41 - Driver: (KLIM6) . (. - .) - C:\Windows\System32\DRIVERS\klim6.sys (.not file.)
O41 - Driver: (klpd) . (. - .) - C:\Windows\System32\DRIVERS\klpd.sys (.not file.)
O41 - Driver: (kltdi) . (. - .) - C:\Windows\System32\DRIVERS\kltdi.sys (.not file.)
O41 - Driver: (kneps) . (. - .) - C:\Windows\System32\DRIVERS\kneps.sys (.not file.)
[HKCU\Software\Hoolapp]
O43 - CFD: 26/01/2013 - 00:29:05 - [] ----D C:\ProgramData\C__Users_ayoub_Crack_real hid ip_diziro_RealHideIP.exe
O43 - CFD: 17/07/2013 - 04:49:15 - [] ----D C:\Users\ayoub\AppData\Roaming\HoolappForAndroid
O43 - CFD: 19/06/2014 - 16:15:58 - [0] ----D C:\Users\ayoub\AppData\Local\diag
O43 - CFD: 19/06/2013 - 22:25:35 - [0] -SH-D C:\Users\ayoub\AppData\Local\icsxml
O43 - CFD: 07/04/2013 - 18:22:24 - [0] -SH-D C:\Users\ayoub\AppData\Local\ms-drivers
O43 - CFD: 03/07/2013 - 16:36:37 - [0] ----D C:\Users\ayoub\AppData\Local\PackageAware
O43 - CFD: 04/07/2013 - 20:14:56 - [0] --HAD C:\Users\ayoub\AppData\Local\YKpc7KDZZU3
O44 - LFC:[MD5.C7FD70F69C7792256EED17FBDD83484F] - 04/10/2014 - 12:34:53 --HA- . (...) -- C:\bdr-bz01 [3271472]
O44 - LFC:[MD5.91DECAE7268AD708B276EE9A3DFEB4FC] - 04/10/2014 - 12:34:53 --HA- . (...) -- C:\bdr-im01.gz [49563064]
O44 - LFC:[MD5.8E83A0EAB3AD8599EA4CC21F18564B2D] - 04/10/2014 - 23:05:55 --HA- . (...) -- C:\bdr-ld01 [253404]
O44 - LFC:[MD5.0F6AA65A6E1037C915DD38A8109ACAFE] - 04/10/2014 - 23:05:56 --HA- . (...) -- C:\bdr-ld01.mbr [9216]
O44 - LFC:[MD5.ADD5B5284FEE4C709E1B0F14807429A8] - 04/10/2014 - 23:17:22 --HA- . (...) -- C:\bdr-cf01 [682]
O51 - MPSK:{326eb273-d04d-11e1-a5cc-9cb70d836151}\AutoRun\command. (...) -- G:\Syst�me_Windows\Installer.exe (.not file.)
O51 - MPSK:{5355cc68-cec0-11e1-ab1f-9cb70d836151}\AutoRun\command. (...) -- G:\Syst�me_Windows\Installer.exe (.not file.)
O51 - MPSK:{af5a2b2b-ce9b-11e1-a7f1-9cb70d83abb1}\AutoRun\command. (...) -- G:\Syst�me_Windows\Installer.exe (.not file.)
O61 - LFC: 06/10/2014 - 15:11:53 ---A- . (...) -- C:\Users\ayoub\AppData\Local\Temp\BullseyeCoverage-2-x86.dll [7224]
O69 - SBI: prefs.js [ayoub - w4zew336.default] user_pref("plugin.state.npconduitfirefuser_pref("plugin.state.nponlinebanking", 2);
[MD5.4815524D1FA8B1407A9D097710C8887E] [SPRF][04/10/2014] (...) -- C:\ProgramData\1412380047.bdinstall.bin [962586]
SS - | Auto 10/07/1658 0 | (MonectServerService) . (...) - C:\Users\ayoub\AppData\Local\Temp\Rar$EXa0.679\MonectServerService.exe
MD5.00000000000000000000000000000000] [APT] [{0A54E98A-884A-453B-80B4-6F15C418FECB}] (...) -- F:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{54412675-951D-45C2-B3E4-6B2305F6C459}] (...) -- F:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DDAD52F1-A151-4450-AB31-9757F0DE567A}] (...) -- F:\Install.exe (.not file.) [0]
[HKLM\Software\Wow6432Node\Delta]
O43 - CFD: 04/07/2013 - 23:24:53 - [] ----D C:\Program Files (x86)\Delta
[MD5.608BCDFD89DC6D80C7F20DE0CFC02BA7] - (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe [1416016] [PID.6128] =>P2P.BitTorrent
[MD5.CD44C70D28D593846B5B75440D1373B0] - (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [2758656] [PID.5360]
O4 - GS\Desktop [Public]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [ayoub]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [ayoub]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [ayoub]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2457737315-482997084-386271186-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2457737315-482997084-386271186-1000\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O42 - Logiciel: Ares 2.3.0 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: BitTorrent Sync - (...) [HKLM][64Bits] -- BitTorrent Sync =>P2P.BitTorrent
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
[HKCU\Software\Ares]
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
O43 - CFD: 25/04/2013 - 22:08:46 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 05/04/2014 - 17:41:41 - [] ----D C:\Program Files (x86)\BitTorrent Sync =>P2P.BitTorrent
O43 - CFD: 05/04/2014 - 20:11:55 - [] ----D C:\Users\ayoub\AppData\Roaming\BitTorrent Sync =>P2P.BitTorrent
O43 - CFD: 06/10/2014 - 15:08:31 - [] ----D C:\Users\ayoub\AppData\Roaming\uTorrent =>P2P.�Torrent
O43 - CFD: 25/04/2013 - 22:31:28 - [] ----D C:\Users\ayoub\AppData\Local\Ares
O45 - LFCP:[MD5.2AF167855C2878F718C6C1A69384F20F] - 05/10/2014 - 22:52:19 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-5B43FB03.pf =>P2P.�Torrent
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O87 - FAEL: "{EEDC13E1-302C-4371-9353-7E3C0A859173}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{18FEB522-A4A9-446D-A0A1-2F311B71DB24}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5E17088A-7FDA-4AA7-961C-00B1F021DDB1}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O87 - FAEL: "{C1C8EF02-8A58-4344-94D5-B4C97018C351}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O87 - FAEL: "{8D1982B5-9C1A-494D-89A2-0A4ADEF8EF98}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{96428995-0197-4636-8001-108D7C27119A}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent-3_RASAPI32 =>P2P.�Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent-3_RASMANCS =>P2P.�Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.�Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.�Torrent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent Sync] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\BitTorrent Sync =>P2P.BitTorrent^
C:\Users\ayoub\AppData\Roaming\BitTorrent Sync =>P2P.BitTorrent^
C:\Users\ayoub\AppData\Roaming\uTorrent =>P2P.�Torrent^
C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O61 - LFC: 01/10/2014 - 15:14:30 ---A- . (.Resplendence Software Projects Sp..) -- C:\Users\ayoub\Downloads\whocrashedSetup.exe [2707808]
O61 - LFC: 01/10/2014 - 15:14:30 ---A- . (.Resplendence Software Projects Sp..) -- C:\Users\ayoub\Downloads\whocrashed_5-02_fr_317674.exe [2707808]
O61 - LFC: 02/10/2014 - 15:12:44 ---A- . (.AMD Inc..) -- C:\Users\ayoub\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe [286582040]
O61 - LFC: 02/10/2014 - 15:12:45 ---A- . (...) -- C:\Users\ayoub\Downloads\AppManagerSetup_1.43.exe [499838]
O61 - LFC: 02/10/2014 - 15:13:47 ---A- . (.Microsoft Corporation.) -- C:\Users\ayoub\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe [69999448]
O61 - LFC: 03/10/2014 - 15:12:45 ---A- . (...) -- C:\Users\ayoub\Downloads\AppManagerSetup_1.44.exe [499976]
O61 - LFC: 03/10/2014 - 15:12:54 ---A- . (...) -- C:\Users\ayoub\Downloads\bitdefender_tsecurity.exe [6770080]
O61 - LFC: 03/10/2014 - 15:13:18 ---A- . (...) -- C:\Users\ayoub\Downloads\FixitCenter_2012.exe [348143]
O61 - LFC: 03/10/2014 - 15:13:18 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\ayoub\Downloads\flashplayer15_install_win_pi.exe [17937584]
O61 - LFC: 03/10/2014 - 15:14:26 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\ayoub\Downloads\uninstall_flash_player.exe [854704]
O61 - LFC: 03/10/2014 - 15:14:32 ---A- . (.Microsoft Corporation.) -- C:\Users\ayoub\Downloads\wlsetup-web(1).exe [1239752]
O61 - LFC: 03/10/2014 - 15:14:32 ---A- . (.Microsoft Corporation.) -- C:\Users\ayoub\Downloads\wlsetup-web.exe [1239752]
O61 - LFC: 04/10/2014 - 15:14:11 ---A- . (.Skype Technologies S.A..) -- C:\Users\ayoub\Downloads\SkypeSetup.exe [1678440]
O61 - LFC: 05/10/2014 - 15:13:07 ---A- . (.IObit.) -- C:\Users\ayoub\Downloads\driver_booster_setup.exe [21053120]
O61 - LFC: 05/10/2014 - 15:14:13 ---A- . (.BrightFort LLC.) -- C:\Users\ayoub\Downloads\spywareblastersetup50(1).exe [4095448]
[MD5.7DB85B78309C05C9F06F469ED976DC9E] - (.No owner - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112] [PID.3784]
M3 - MFPP: Plugins - [ayoub] -- C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\searchplugins\zonealarm.xml
O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (...) -- "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (.not file.)
O2 - BHO: Freemake.YoutubeButton [64Bits] - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} . (...) -- mscoree.dll (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
O23 - Service: (vToolbarUpdater13.2.0) . (.No owner - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0]
O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKLM\Software\Wow6432Node\PIP]
O43 - CFD: 17/05/2014 - 16:16:31 - [] ----D C:\Program Files (x86)\Common Files\AVG Secure Search
O43 - CFD: 10/06/2013 - 20:00:46 - [] ----D C:\ProgramData\APN
O43 - CFD: 06/07/2013 - 17:26:27 - [] ----D C:\Users\ayoub\AppData\Local\CRE
O69 - SBI: SearchScopes [HKCU] {79EECDAB-96F8-4AEC-8E3F-DBAC78335463} - (Search By ZoneAlarm) - http://search.zonealarm.com
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
O90 - PUC: "95731AF9B2C57714D9CD00838F5BEBDF" . (.Bing Bar.) -- C:\Windows\Installer\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}\icon_installer_ico
[MD5.BA2D7263C40AA719B7DFD61A4BC736C8] [WIS][01/08/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\1785c.msi [4746240]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_cheat-engine_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_cheat-engine_RASMANCS
SS - | Demand 01/08/2011 195320 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 20/07/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SR - | Auto 25/10/2012 711112 | (vToolbarUpdater13.2.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}]
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater13.2.0]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}]
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKLM\Software\Classes\AppID\ScriptHelper.EXE]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasmancs]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
[HKCU\Software\APN PIP]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasapi32]
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitUninstaller_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitUninstaller_RASMANCS]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\ayoub\AppData\LocalLow\Conduit
C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\SearchPlugins\zonealarm.xml
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
[HKCU\Software\AppDataLow\Software\Conduit]
C:\Windows\Installer\1785c.msi
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d�affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d�espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d�espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.d
O10 - WLSP:\000000000008\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft� Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000010\Winsock LSP File . (.Microsoft Corp. - Microsoft� Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
ShortcutFix
FirewallRaz
EmptyTemp
EmptyFlash
Proxyfix
Sysrestore
MD5.14F40DD115B9B55E34479D93F3C8EB5E] - (.No owner - FileHippo.AppManager.) -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136] [PID.6896]
[MD5.11A4C7DB8910DA8D82596E00FA7D6F51] - (...) -- C:\Program Files (x86)\EyeLeo\EyeLeo.exe [2667520] [PID.7764]
M2 - MFEP: prefs.js [ayoub - w4zew336.default\jid1-ieGDbvlarpkNNQ@jetpack] [] Cookie Cleaner v2.21 (..)
M2 - MFEP: prefs.js [ayoub - w4zew336.default\support@follow.net] [] Follow.net v2.2 (..)
M2 - MFEP: Extension [ayoub - w4zew336.default] {6bdc61ae-7b80-44a3-9476-e1d121ec2238}
M2 - MFEP: Extension [ayoub - w4zew336.default] {e968fc70-8f95-4ab9-9e79-304de2a71ee1}
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} Orphan key
O4 - HKCU\..\Run: [FileHippo.com] . (.No owner - FileHippo.AppManager.) -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
O4 - HKUS\S-1-5-21-2457737315-482997084-386271186-1000\..\Run: [FileHippo.com] . (.No owner - FileHippo.AppManager.) -- C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
[MD5.04FDA4A91964FFC6BD931142AB35B13C] [APT] [BOTREVOLT_STARTUP_TASK_918CB0F9_1EF8_4c60_8205_7AAB364CD162] (.BotRevolt.COM.) -- C:\Program Files\BotRevoltFree\botrevoltfree.exe [4770512]
[MD5.CCE6B3A2040D26BFFD00CAE539B72C15] [APT] [Malwarebytes Anti-Exploit] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [55608]
[MD5.3A2BDDBA52A87C9DDAEF3C8D341BEA38] [APT] [SPK] (...) -- C:\Users\ayoub\AppData\Roaming\SPK\SPK.exe [776640]
[MD5.08B621FA07BC1679ED99B30F7195F0BF] [APT] [{2F143148-D621-41CD-B4B0-B93BB866BBDD}] (.?. ???? ???? ????????.) -- C:\Users\ayoub\Downloads\AlKhawarizmiSetup.exe [2800089]
[MD5.92E7747669E3ECBDEE8C617C67B7D847] [APT] [{6E5BE0F1-7348-4790-A7C1-2C09C03B70A0}] (...) -- C:\Users\ayoub\Downloads\mmath1.2_install(1).exe [17188352]
[MD5.E3A108C9B17F3572E53C07F52D236481] [APT] [{AA06B2DA-080D-4C25-BCC9-74A9B7C33683}] (...) -- C:\Users\ayoub\programme d'instation d'ayoub\appserv-win32-2.6.0.exe [21786116]
[MD5.992F1F3CA1E6A172BEA54EE02B0A1A2E] [APT] [{B43EE667-3279-413C-83CC-423771381E1B}] (.Colorjinn.) -- C:\Users\ayoub\Downloads\calibrize_2_setup.exe [1212187]
[MD5.21F602EA1CB607661049ACFEEF0280D8] [APT] [{D2ABC63F-B57B-4C04-A6D7-2045527E5271}] (.Malwarebytes.) -- C:\Users\ayoub\Downloads\regassassin-setup-1.03.exe [65232]
[MD5.17A044E2CA64469F11E79EDA14415909] [APT] [{D7A524DD-8A87-413A-A0D7-F04D6F4BB014}] (...) -- C:\Program Files (x86)\Longman\NewSky3\New Sky 3 CD-ROM\Install.exe [3112960]
O42 - Logiciel: Brackets Sprint 32 - (.brackets.io.) [HKLM][64Bits] -- {494786F3-5CDA-41F4-8892-012382CBFFFC}
O42 - Logiciel: Cyotek WebCopy - (.Cyotek.) [HKLM][64Bits] -- {D5FAF1F8-C903-41b2-AC66-2682A02A78CB}_is1
O42 - Logiciel: Duplicate Finder - (.Ashisoft.) [HKLM][64Bits] -- {0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1
O42 - Logiciel: EmailSpider Gold 11 - (.Email-Business Software.) [HKLM][64Bits] -- EmailSpider Gold_is1
O42 - Logiciel: Express English - (.ONH1986.) [HKLM][64Bits] -- Express English3.9.1
O42 - Logiciel: Eye P.A. - (.MetaGeek, LLC.) [HKLM][64Bits] -- {7C712E84-A9C3-4D2B-AC56-879B3C1DA071}
O42 - Logiciel: EyeLeo - (...) [HKLM][64Bits] -- EyeLeo
O42 - Logiciel: Happy Wars - (.Toylogic inc..) [HKLM][64Bits] -- Steam App 246280
O42 - Logiciel: IEJet-Popup Killer & Ad Stopper (remove only) - (...) [HKLM][64Bits] -- Retsina IEJet
O42 - Logiciel: MD5Check 3.0 - (...) [HKLM][64Bits] -- MD5Check_is1
O42 - Logiciel: Manga Reader v1.5.6 - (.Manga Reader.) [HKLM][64Bits] -- {E6FE6139-8678-4DE9-9E76-0279B258BE35}
O42 - Logiciel: MangaBrowser for SHONEN JUMP - (.SHARP.) [HKLM][64Bits] -- {4E14E4A9-911C-47DF-9B26-4157E74F2F85}
O42 - Logiciel: Nidhogg - (...) [HKLM][64Bits] -- TmlkaG9nZw==_is1
O42 - Logiciel: QuickMark - (.SimpleAct.) [HKLM][64Bits] -- {53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4}
O42 - Logiciel: Registry Compare v1.1 - (...) [HKLM][64Bits] -- ST6UNST #1
O42 - Logiciel: Sakura2 - (.HMS.) [HKLM][64Bits] -- InstallShield_{1A7D43E8-AA5F-44CA-A4DB-AECBFABB9EEA}
O42 - Logiciel: Sakura2 - (.HMS.) [HKLM][64Bits] -- {1A7D43E8-AA5F-44CA-A4DB-AECBFABB9EEA}
O42 - Logiciel: Scribblenauts Unmasked A DC Comics Adventure - (...) [HKLM][64Bits] -- Scribblenauts Unmasked A DC Comics Adventure_is1
O42 - Logiciel: Subtitle Dawn version 2.0 - (.VCL Examples.) [HKLM][64Bits] -- {EE6B331A-C18D-446F-A760-5507024B7126}_is1
O42 - Logiciel: Telegram Win (Unofficial) version 0.3.9 - (.Telegram (Unofficial).) [HKCU][64Bits] -- {53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1
O42 - Logiciel: Thread Manager 2.4.0.0 - (.Digital Generation.) [HKLM][64Bits] -- {78F4E027-355C-45C0-90DC-F89DFC618761}_is1
O42 - Logiciel: UltraUXThemePatcher - (.Manuel Hoefs (Zottel).) [HKLM][64Bits] -- UltraUXThemePatcher
O42 - Logiciel: Xilisoft Multiple Desktops - (.Xilisoft.) [HKLM][64Bits] -- Xilisoft Multiple Desktops
O42 - Logiciel: ?????? ?????? ??????????? version 1.0 - (.?????? ?????? :: ?????? ????? - ?????? :: ??? ????.) [HKLM][64Bits] -- {7970E77E-C74F-497D-9CA3-7E99170BE10D}_is1
[HKCU\Software\100dof]
[HKCU\Software\Arlequin_P400xi]
[HKCU\Software\Bot Square Inc]
[HKCU\Software\Brackets Sprint 32]
[HKCU\Software\Cyotek]
[HKCU\Software\Demo Alpha - TARIK BOUCHIKHI]
[HKCU\Software\GameJam]
[HKCU\Software\HelpWithMath]
[HKCU\Software\JVCL]
[HKCU\Software\JoyBox]
[HKCU\Software\Juicy Beast Studio Ltd.]
[HKCU\Software\Lisisoft]
[HKCU\Software\Luminitix]
[HKCU\Software\MED7]
[HKCU\Software\Mask Surf]
[HKCU\Software\Red Dot Games]
[HKCU\Software\Rmatey]
[HKCU\Software\Sakura2]
[HKCU\Software\SimpleAct]
[HKCU\Software\WED7]
[HKLM\Software\Bitcoin Core (64-bit)]
[HKLM\Software\BotRevolt]
[HKLM\Software\Wow6432Node\Brackets Sprint 32]
[HKLM\Software\Wow6432Node\Deimaging]
[HKLM\Software\Wow6432Node\Monect]
[HKLM\Software\Wow6432Node\ONH1986]
[HKLM\Software\Wow6432Node\Retsina Software]
O43 - CFD: 17/11/2013 - 01:55:25 - [] ----D C:\Program Files (x86)\5th Cell Media
O43 - CFD: 04/10/2014 - 16:35:11 - [] ----D C:\Program Files (x86)\Aqsa Electronic Encyclopedi
O43 - CFD: 17/10/2013 - 22:42:11 - [] ----D C:\Program Files (x86)\Brackets Sprint 32
O43 - CFD: 16/03/2013 - 18:36:36 - [] ----D C:\Program Files (x86)\cyotek
O43 - CFD: 18/08/2014 - 18:46:51 - [0] ----D C:\Program Files (x86)\Daygames
O43 - CFD: 24/10/2012 - 22:21:17 - [] ----D C:\Program Files (x86)\Deimaging
O43 - CFD: 06/04/2013 - 22:31:44 - [] ----D C:\Program Files (x86)\Duplicate Finder
O43 - CFD: 24/09/2014 - 19:18:25 - [] ----D C:\Program Files (x86)\Email-Business
O43 - CFD: 09/08/2012 - 01:58:38 - [] ----D C:\Program Files (x86)\EyeLeo
O43 - CFD: 27/09/2014 - 23:19:03 - [] ----D C:\Program Files (x86)\Inexistence
O43 - CFD: 30/12/2013 - 18:00:31 - [] ----D C:\Program Files (x86)\Manga Reader
O43 - CFD: 05/02/2013 - 20:55:30 - [] ----D C:\Program Files (x86)\Mask Surf
O43 - CFD: 15/08/2013 - 20:00:22 - [] ----D C:\Program Files (x86)\MD5Check
O43 - CFD: 22/01/2014 - 22:55:10 - [] ----D C:\Program Files (x86)\Nidhogg
O43 - CFD: 27/01/2014 - 00:15:01 - [] ----D C:\Program Files (x86)\ONH1986
O43 - CFD: 22/12/2012 - 22:20:46 - [] ----D C:\Program Files (x86)\Registry Compare v1.1
O43 - CFD: 29/07/2012 - 13:41:30 - [] ----D C:\Program Files (x86)\Retsina Software
O43 - CFD: 26/01/2013 - 20:33:08 - [] ----D C:\Program Files (x86)\SimpleAct
O43 - CFD: 29/01/2014 - 14:18:42 - [] ----D C:\Program Files (x86)\Subtitle Dawn
O43 - CFD: 29/09/2014 - 20:40:31 - [] ----D C:\Program Files (x86)\Thief
O43 - CFD: 01/07/2013 - 01:44:30 - [] ----D C:\Program Files (x86)\Thread Manager
O43 - CFD: 16/10/2013 - 17:42:00 - [] ----D C:\Program Files (x86)\UltraUXThemePatcher
O43 - CFD: 10/06/2013 - 19:42:15 - [0] ----D C:\Program Files (x86)\Wifi Protector Extension
O43 - CFD: 16/07/2014 - 03:15:21 - [] ----D C:\ProgramData\chocolatey
O43 - CFD: 18/08/2014 - 18:39:54 - [] ----D C:\ProgramData\Daygames
O43 - CFD: 07/04/2013 - 14:59:39 - [] ----D C:\ProgramData\hya5HOh
O43 - CFD: 16/07/2014 - 03:29:34 - [] ----D C:\ProgramData\shimgen
O43 - CFD: 03/07/2013 - 16:37:09 - [] --H-D C:\ProgramData\{4D790C15-A3FF-476F-9F6C-FA6FF12EFFC3}
O43 - CFD: 03/07/2013 - 16:38:44 - [] --H-D C:\ProgramData\{63B3AF69-722B-4FA9-965F-94DEB1E78796}
O43 - CFD: 03/07/2013 - 16:36:54 - [] --H-D C:\ProgramData\{682FE305-7958-4875-9B95-34673E7151AD}
O43 - CFD: 03/07/2013 - 16:38:30 - [] --H-D C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
O43 - CFD: 03/07/2013 - 16:54:01 - [] --H-D C:\ProgramData\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}
O43 - CFD: 03/07/2013 - 16:53:49 - [] --H-D C:\ProgramData\{E6AF2639-F710-4F5B-8830-95A396FB523F}
O43 - CFD: 28/07/2013 - 05:43:56 - [] ----D C:\Users\ayoub\AppData\Roaming\.mono
O43 - CFD: 26/07/2014 - 02:42:04 - [] ----D C:\Users\ayoub\AppData\Roaming\.pokepack
O43 - CFD: 16/07/2014 - 02:35:00 - [] ----D C:\Users\ayoub\AppData\Roaming\Atom
O43 - CFD: 16/03/2013 - 18:36:37 - [] ----D C:\Users\ayoub\AppData\Roaming\Cyotek
O43 - CFD: 09/08/2012 - 01:58:43 - [] ----D C:\Users\ayoub\AppData\Roaming\EyeLeo
O43 - CFD: 07/01/2014 - 22:13:46 - [] ----D C:\Users\ayoub\AppData\Roaming\NetGuard
O43 - CFD: 27/04/2014 - 19:21:45 - [] ----D C:\Users\ayoub\AppData\Roaming\Nidhogg
O43 - CFD: 02/09/2014 - 23:31:43 - [] ----D C:\Users\ayoub\AppData\Roaming\rickos
O43 - CFD: 02/09/2014 - 23:31:49 - [] ----D C:\Users\ayoub\AppData\Roaming\SPK
O43 - CFD: 03/03/2014 - 22:55:04 - [] ----D C:\Users\ayoub\AppData\Roaming\Telegram Win (Unofficial)
O43 - CFD: 14/10/2013 - 22:41:34 - [] ----D C:\Users\ayoub\AppData\Roaming\www.kiwix.org
O43 - CFD: 23/09/2012 - 17:08:07 - [] ----D C:\Users\ayoub\AppData\Local\ayour_boy2011
O43 - CFD: 16/03/2013 - 19:55:22 - [] ----D C:\Users\ayoub\AppData\Local\Cyotek
O43 - CFD: 12/01/2014 - 23:10:50 - [] ----D C:\Users\ayoub\AppData\Local\Forward
O43 - CFD: 18/08/2014 - 18:32:39 - [] ----D C:\Users\ayoub\AppData\Local\Mike_Hall
O43 - CFD: 18/08/2014 - 22:37:48 - [] ----D C:\Users\ayoub\AppData\Local\Stickmen_Element_Masters
O43 - CFD: 28/07/2013 - 05:43:47 - [] ----D C:\Users\ayoub\AppData\Local\UWebKit
O43 - CFD: 14/10/2013 - 22:41:34 - [] ----D C:\Users\ayoub\AppData\Local\www.kiwix.org
O43 - CFD: 09/08/2012 - 01:58:38 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EyeLeo
O43 - CFD: 29/07/2012 - 13:41:31 - [0] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IEJet
O43 - CFD: 27/01/2014 - 00:15:10 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ONH1986
O43 - CFD: 22/12/2012 - 22:20:45 - [0] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Compare v1.1
O43 - CFD: 03/03/2014 - 22:54:38 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Win (Unofficial)
O43 - CFD: 16/10/2013 - 17:42:01 - [] ----D C:\Users\ayoub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
O44 - LFC:[MD5.E81805C002393071902DE645BB1086A5] - 05/10/2014 - 18:02:34 ---A- . (.Hewlett-Packard Company - HP Mobile Data Protection CoInstaller.) -- C:\Windows\System32\HPMDPCoInst12.dll [18240]
O53 - SMSR:HKLM\...\startupreg\Flutter [Key] . (.Bot Square Inc - Flutter.) -- C:\Users\ayoub\AppData\Local\Flutter\Flutter.exe
O53 - SMSR:HKLM\...\startupreg\ThreadManager.exe [Key] . (.Digital Generation Inc. - ThreadManager.) -- C:\Program Files (x86)\Thread Manager\ThreadManager.exe
O58 - SDL:23/03/2012 - 11:54:38 ---A- . (.Ekahau Inc. - Ekahau User mode I/O Driver.) -- C:\Windows\System32\Drivers\ekaprot6.sys [27288]
[MD5.A472ABB8BFE579D9346594E9EA3C20B6] [SPRF][01/05/2013] (...) -- C:\Users\ayoub\AppData\Roaming\pdfdrawcodec.dll [8]
[MD5.962ED1CBA16925E65F92FD4330FABBB7] [SPRF][04/03/2014] (...) -- C:\Program Files (x86)\update-southpark.bat [226]
SR - | Auto 10/07/1658 0 | (mysql) . (...) - C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql
HKCU\Software\DefaultCompany]
[HKCU\Software\Safe Browser]
[HKCU\Software\Stoff]
O43 - CFD: 29/06/2014 - 15:37:37 - [0] ----D C:\Program Files (x86)\SiteLookup
O43 - CFD: 05/11/2013 - 22:53:56 - [] ----D C:\Users\ayoub\AppData\Roaming\Reg
O43 - CFD: 18/08/2014 - 19:35:49 - [] ----D C:\Users\ayoub\AppData\Local\data
O43 - CFD: 13/03/2014 - 01:12:54 - [0] ----D C:\Users\ayoub\AppData\Local\Zame
M0 - MFSP: prefs.js [ayoub - w4zew336.default] http://www.arabyonline.com
M0 - MFSP: user.js [ayoub - w4zew336.default] http://www.arabyonline.com
M2 - MFEP: prefs.js [ayoub - w4zew336.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v3.4.1 (..) =>Hijacker.Proxy
M2 - MFEP: prefs.js [ayoub - w4zew336.default\matchersitepro@matchersitepro.com] [] Site Matcher Pro v2.21 (..) =>Adware.SiteMatcher
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9050 =>Hijacker.Proxy
O2 - BHO: (no name) [64Bits] - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Orphan key
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
O42 - Logiciel: Topaz Detail 2 - (.Topaz Labs.) [HKLM][64Bits] -- Topaz Detail 2 =>PUP.TopDeal
O42 - Logiciel: Topaz Detail 2 - (.Topaz Labs.) [HKLM][64Bits] -- {C921D7C4-24D7-4210-AEE9-DFC5DDC78428} =>PUP.TopDeal
[HKCU\Software\ARHome] =>Trojan.Vonteera
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera
[HKCU\Software\PCCleaners] =>Rogue.PCCleanerPro
[HKCU\Software\Popper] =>Rogue.Vonteera
[HKCU\Software\SpeedyPC Software] =>PUP.SpeedyPC
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp
[HKCU\Software\f578adde668b941] =>Hijacker.Eazel
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\Wow6432Node\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\f578adde668b941] =>Hijacker.Eazel
O43 - CFD: 18/03/2013 - 00:03:58 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 23/08/2013 - 16:12:20 - [0] ----D C:\ProgramData\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 01/09/2013 - 01:35:00 - [] ----D C:\ProgramData\SpeedyPC Software =>PUP.SpeedyPC
O43 - CFD: 18/03/2013 - 22:44:34 - [] ----D C:\Users\ayoub\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 27/09/2012 - 18:33:26 - [] ----D C:\Users\ayoub\AppData\Roaming\PC Cleaners =>Rogue.PCCleanerPro
O43 - CFD: 07/09/2014 - 22:04:32 - [0] ----D C:\Users\ayoub\AppData\Roaming\Popper =>Rogue.Vonteera
O43 - CFD: 25/01/2013 - 16:33:48 - [] ----D C:\Users\ayoub\AppData\Roaming\SpeedyPC Software =>PUP.SpeedyPC
O43 - CFD: 07/09/2014 - 23:25:18 - [] ----D C:\Users\ayoub\AppData\Roaming\VolIE =>Trojan.Vonteera
O43 - CFD: 19/09/2013 - 20:52:15 - [0] ----D C:\Users\ayoub\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
[HKCU\Software\f578adde668b941\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\f578adde668b941\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\f578adde668b941] =>PUP.Babylon^
[HKCU\Software\f578adde668b941]:version="2.6.1339.144" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\f578adde668b941]:version="2.6.1339.144" =>Hijacker.Eazel
[MD5.22C9E7805145D0A0C4C62DDB591D2DAE] [WIS][27/06/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\3dde35.msi [353280] =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biclient_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bi_client_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCCleaners_RASAPI32 =>Rogue.PCCleanerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCCleaners_RASMANCS =>Rogue.PCCleanerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_RASAPI32 =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_RASMANCS =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_Update3_RASAPI32 =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeedyPC_Update3_RASMANCS =>PUP.SpeedyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1198_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1198_RASMANCS =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate] =>Adware.ExpressFiles^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup] =>PUP.JDIBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Topaz Detail 2] =>PUP.TopDeal^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}] =>PUP.TopDeal^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\SpeedyPC Software] =>PUP.SpeedyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111261187}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111261187}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111261187}] =>PUP.CrossRider
C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\extensions\foxyproxy@eric.h.jung =>Hijacker.Proxy^
C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\extensions\matchersitepro@matchersitepro.com =>Adware.SiteMatcher^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BrowserDefender =>Hijacker.Eazel^
C:\ProgramData\SpeedyPC Software =>PUP.SpeedyPC^
C:\Users\ayoub\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^
C:\Users\ayoub\AppData\Roaming\PC Cleaners =>Rogue.PCCleanerPro^
C:\Users\ayoub\AppData\Roaming\Popper =>Rogue.Vonteera^
C:\Users\ayoub\AppData\Roaming\SpeedyPC Software =>PUP.SpeedyPC^
C:\Users\ayoub\AppData\Roaming\VolIE =>Trojan.Vonteera^
C:\Users\ayoub\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch^
[HKCU\Software\ARHome] =>Trojan.Vonteera^
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera^
[HKCU\Software\PCCleaners] =>Rogue.PCCleanerPro^
[HKCU\Software\Popper] =>Rogue.Vonteera^
[HKCU\Software\TheSeaApp] =>Adware.TheSeaApp^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport^
[HKCU\Software\f578adde668b941\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\f578adde668b941] =>PUP.Babylon^^
C:\Windows\Installer\3dde35.msi =>PUP.Babylon^
O42 - Logiciel: Java 6 Update 4 - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {3248F0A8-6813-11D6-A77B-00B0D0160040}
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
O23 - Service: MonectServerService (MonectServerService) . (...) - C:\Users\ayoub\AppData\Local\Temp\Rar$EXa0.679\MonectServerService.exe (.not file.)
O23 - Service: mysql (mysql) . (...) - C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{05044A1E-0693-4BC3-AA22-DAB8352B9C58}] (...) -- C:\Users\ayoub\New Folder (2)\Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{15AEF852-9536-490C-A454-AE7CB0213B2A}] (...) -- C:\Users\ayoub\Downloads\wlsetup-web(3).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{181E3637-90B8-424D-B24A-93CDE5422B54}] (...) -- C:\Users\ayoub\hhhhhhhhh\GoogleEarthWin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E0C8C5B-7CEC-4C54-A308-CB9AC9F451CC}] (...) -- F:\abs\absel\acrobat\ACRD4FRA.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{56D5A04F-9FD1-4E02-B1B8-7CABE2DA4B1C}] (...) -- C:\Users\ayoub\hhhh\Fighter FX 7.2\Status Checker.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5C9E89D2-8A34-4890-B41C-C1FAFB0E7A01}] (...) -- C:\Users\ayoub\Desktop\New Folder\Install_Win7_7065_11232012\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{744EFECE-1AC6-4AE1-BC74-2911BC087729}] (...) -- C:\Users\ayoub\Desktop\New Folder\Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{878F6FC3-1B5D-44A6-AAD1-7FD71FB9F420}] (...) -- C:\Users\ayoub\New Folder (4)\VB-VanToM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B0A4B244-38B6-4562-9AA9-344C0A0ECCFC}] (...) -- G:\Office Setup Controller\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B529E7C2-1A7C-4609-BC0B-D4403FD0810B}] (...) -- C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\setuplauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CE5FA563-1DF1-46B4-8696-852F38833D6E}] (...) -- F:\splash\demo32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D50C3BC7-6BD6-4634-8104-70BAE5BC71CA}] (...) -- C:\Users\ayoub\Downloads\wlsetup-web(2).exe (.not file.) [0]
O41 - Driver: (klhk) . (. - .) - C:\Windows\System32\DRIVERS\klhk.sys (.not file.)
O41 - Driver: (KLIF) . (. - .) - C:\Windows\System32\DRIVERS\klif.sys (.not file.)
O41 - Driver: (KLIM6) . (. - .) - C:\Windows\System32\DRIVERS\klim6.sys (.not file.)
O41 - Driver: (klpd) . (. - .) - C:\Windows\System32\DRIVERS\klpd.sys (.not file.)
O41 - Driver: (kltdi) . (. - .) - C:\Windows\System32\DRIVERS\kltdi.sys (.not file.)
O41 - Driver: (kneps) . (. - .) - C:\Windows\System32\DRIVERS\kneps.sys (.not file.)
[HKCU\Software\Hoolapp]
O43 - CFD: 26/01/2013 - 00:29:05 - [] ----D C:\ProgramData\C__Users_ayoub_Crack_real hid ip_diziro_RealHideIP.exe
O43 - CFD: 17/07/2013 - 04:49:15 - [] ----D C:\Users\ayoub\AppData\Roaming\HoolappForAndroid
O43 - CFD: 19/06/2014 - 16:15:58 - [0] ----D C:\Users\ayoub\AppData\Local\diag
O43 - CFD: 19/06/2013 - 22:25:35 - [0] -SH-D C:\Users\ayoub\AppData\Local\icsxml
O43 - CFD: 07/04/2013 - 18:22:24 - [0] -SH-D C:\Users\ayoub\AppData\Local\ms-drivers
O43 - CFD: 03/07/2013 - 16:36:37 - [0] ----D C:\Users\ayoub\AppData\Local\PackageAware
O43 - CFD: 04/07/2013 - 20:14:56 - [0] --HAD C:\Users\ayoub\AppData\Local\YKpc7KDZZU3
O44 - LFC:[MD5.C7FD70F69C7792256EED17FBDD83484F] - 04/10/2014 - 12:34:53 --HA- . (...) -- C:\bdr-bz01 [3271472]
O44 - LFC:[MD5.91DECAE7268AD708B276EE9A3DFEB4FC] - 04/10/2014 - 12:34:53 --HA- . (...) -- C:\bdr-im01.gz [49563064]
O44 - LFC:[MD5.8E83A0EAB3AD8599EA4CC21F18564B2D] - 04/10/2014 - 23:05:55 --HA- . (...) -- C:\bdr-ld01 [253404]
O44 - LFC:[MD5.0F6AA65A6E1037C915DD38A8109ACAFE] - 04/10/2014 - 23:05:56 --HA- . (...) -- C:\bdr-ld01.mbr [9216]
O44 - LFC:[MD5.ADD5B5284FEE4C709E1B0F14807429A8] - 04/10/2014 - 23:17:22 --HA- . (...) -- C:\bdr-cf01 [682]
O51 - MPSK:{326eb273-d04d-11e1-a5cc-9cb70d836151}\AutoRun\command. (...) -- G:\Syst�me_Windows\Installer.exe (.not file.)
O51 - MPSK:{5355cc68-cec0-11e1-ab1f-9cb70d836151}\AutoRun\command. (...) -- G:\Syst�me_Windows\Installer.exe (.not file.)
O51 - MPSK:{af5a2b2b-ce9b-11e1-a7f1-9cb70d83abb1}\AutoRun\command. (...) -- G:\Syst�me_Windows\Installer.exe (.not file.)
O61 - LFC: 06/10/2014 - 15:11:53 ---A- . (...) -- C:\Users\ayoub\AppData\Local\Temp\BullseyeCoverage-2-x86.dll [7224]
O69 - SBI: prefs.js [ayoub - w4zew336.default] user_pref("plugin.state.npconduitfirefuser_pref("plugin.state.nponlinebanking", 2);
[MD5.4815524D1FA8B1407A9D097710C8887E] [SPRF][04/10/2014] (...) -- C:\ProgramData\1412380047.bdinstall.bin [962586]
SS - | Auto 10/07/1658 0 | (MonectServerService) . (...) - C:\Users\ayoub\AppData\Local\Temp\Rar$EXa0.679\MonectServerService.exe
MD5.00000000000000000000000000000000] [APT] [{0A54E98A-884A-453B-80B4-6F15C418FECB}] (...) -- F:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{54412675-951D-45C2-B3E4-6B2305F6C459}] (...) -- F:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DDAD52F1-A151-4450-AB31-9757F0DE567A}] (...) -- F:\Install.exe (.not file.) [0]
[HKLM\Software\Wow6432Node\Delta]
O43 - CFD: 04/07/2013 - 23:24:53 - [] ----D C:\Program Files (x86)\Delta
[MD5.608BCDFD89DC6D80C7F20DE0CFC02BA7] - (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe [1416016] [PID.6128] =>P2P.BitTorrent
[MD5.CD44C70D28D593846B5B75440D1373B0] - (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [2758656] [PID.5360]
O4 - GS\Desktop [Public]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [ayoub]: BitTorrent Sync.lnk . (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [ayoub]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [ayoub]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2457737315-482997084-386271186-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2457737315-482997084-386271186-1000\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O42 - Logiciel: Ares 2.3.0 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: BitTorrent Sync - (...) [HKLM][64Bits] -- BitTorrent Sync =>P2P.BitTorrent
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
[HKCU\Software\Ares]
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
O43 - CFD: 25/04/2013 - 22:08:46 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 05/04/2014 - 17:41:41 - [] ----D C:\Program Files (x86)\BitTorrent Sync =>P2P.BitTorrent
O43 - CFD: 05/04/2014 - 20:11:55 - [] ----D C:\Users\ayoub\AppData\Roaming\BitTorrent Sync =>P2P.BitTorrent
O43 - CFD: 06/10/2014 - 15:08:31 - [] ----D C:\Users\ayoub\AppData\Roaming\uTorrent =>P2P.�Torrent
O43 - CFD: 25/04/2013 - 22:31:28 - [] ----D C:\Users\ayoub\AppData\Local\Ares
O45 - LFCP:[MD5.2AF167855C2878F718C6C1A69384F20F] - 05/10/2014 - 22:52:19 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-5B43FB03.pf =>P2P.�Torrent
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O87 - FAEL: "{EEDC13E1-302C-4371-9353-7E3C0A859173}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{18FEB522-A4A9-446D-A0A1-2F311B71DB24}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5E17088A-7FDA-4AA7-961C-00B1F021DDB1}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O87 - FAEL: "{C1C8EF02-8A58-4344-94D5-B4C97018C351}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Program Files (x86)\BitTorrent Sync\BTSync.exe =>P2P.BitTorrent
O87 - FAEL: "{8D1982B5-9C1A-494D-89A2-0A4ADEF8EF98}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{96428995-0197-4636-8001-108D7C27119A}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent-3_RASAPI32 =>P2P.�Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent-3_RASMANCS =>P2P.�Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.�Torrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.�Torrent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent Sync] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\BitTorrent Sync =>P2P.BitTorrent^
C:\Users\ayoub\AppData\Roaming\BitTorrent Sync =>P2P.BitTorrent^
C:\Users\ayoub\AppData\Roaming\uTorrent =>P2P.�Torrent^
C:\Users\ayoub\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O61 - LFC: 01/10/2014 - 15:14:30 ---A- . (.Resplendence Software Projects Sp..) -- C:\Users\ayoub\Downloads\whocrashedSetup.exe [2707808]
O61 - LFC: 01/10/2014 - 15:14:30 ---A- . (.Resplendence Software Projects Sp..) -- C:\Users\ayoub\Downloads\whocrashed_5-02_fr_317674.exe [2707808]
O61 - LFC: 02/10/2014 - 15:12:44 ---A- . (.AMD Inc..) -- C:\Users\ayoub\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe [286582040]
O61 - LFC: 02/10/2014 - 15:12:45 ---A- . (...) -- C:\Users\ayoub\Downloads\AppManagerSetup_1.43.exe [499838]
O61 - LFC: 02/10/2014 - 15:13:47 ---A- . (.Microsoft Corporation.) -- C:\Users\ayoub\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe [69999448]
O61 - LFC: 03/10/2014 - 15:12:45 ---A- . (...) -- C:\Users\ayoub\Downloads\AppManagerSetup_1.44.exe [499976]
O61 - LFC: 03/10/2014 - 15:12:54 ---A- . (...) -- C:\Users\ayoub\Downloads\bitdefender_tsecurity.exe [6770080]
O61 - LFC: 03/10/2014 - 15:13:18 ---A- . (...) -- C:\Users\ayoub\Downloads\FixitCenter_2012.exe [348143]
O61 - LFC: 03/10/2014 - 15:13:18 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\ayoub\Downloads\flashplayer15_install_win_pi.exe [17937584]
O61 - LFC: 03/10/2014 - 15:14:26 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\ayoub\Downloads\uninstall_flash_player.exe [854704]
O61 - LFC: 03/10/2014 - 15:14:32 ---A- . (.Microsoft Corporation.) -- C:\Users\ayoub\Downloads\wlsetup-web(1).exe [1239752]
O61 - LFC: 03/10/2014 - 15:14:32 ---A- . (.Microsoft Corporation.) -- C:\Users\ayoub\Downloads\wlsetup-web.exe [1239752]
O61 - LFC: 04/10/2014 - 15:14:11 ---A- . (.Skype Technologies S.A..) -- C:\Users\ayoub\Downloads\SkypeSetup.exe [1678440]
O61 - LFC: 05/10/2014 - 15:13:07 ---A- . (.IObit.) -- C:\Users\ayoub\Downloads\driver_booster_setup.exe [21053120]
O61 - LFC: 05/10/2014 - 15:14:13 ---A- . (.BrightFort LLC.) -- C:\Users\ayoub\Downloads\spywareblastersetup50(1).exe [4095448]
[MD5.7DB85B78309C05C9F06F469ED976DC9E] - (.No owner - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112] [PID.3784]
M3 - MFPP: Plugins - [ayoub] -- C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\searchplugins\zonealarm.xml
O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (...) -- "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (.not file.)
O2 - BHO: Freemake.YoutubeButton [64Bits] - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} . (...) -- mscoree.dll (.not file.)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
O23 - Service: (vToolbarUpdater13.2.0) . (.No owner - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0]
O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKLM\Software\Wow6432Node\PIP]
O43 - CFD: 17/05/2014 - 16:16:31 - [] ----D C:\Program Files (x86)\Common Files\AVG Secure Search
O43 - CFD: 10/06/2013 - 20:00:46 - [] ----D C:\ProgramData\APN
O43 - CFD: 06/07/2013 - 17:26:27 - [] ----D C:\Users\ayoub\AppData\Local\CRE
O69 - SBI: SearchScopes [HKCU] {79EECDAB-96F8-4AEC-8E3F-DBAC78335463} - (Search By ZoneAlarm) - http://search.zonealarm.com
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
O90 - PUC: "95731AF9B2C57714D9CD00838F5BEBDF" . (.Bing Bar.) -- C:\Windows\Installer\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}\icon_installer_ico
[MD5.BA2D7263C40AA719B7DFD61A4BC736C8] [WIS][01/08/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\1785c.msi [4746240]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_cheat-engine_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_cheat-engine_RASMANCS
SS - | Demand 01/08/2011 195320 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 20/07/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SR - | Auto 25/10/2012 711112 | (vToolbarUpdater13.2.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}]
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater13.2.0]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}]
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKLM\Software\Classes\AppID\ScriptHelper.EXE]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasmancs]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
[HKCU\Software\APN PIP]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasapi32]
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitUninstaller_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitUninstaller_RASMANCS]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\ayoub\AppData\LocalLow\Conduit
C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\w4zew336.default\SearchPlugins\zonealarm.xml
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
[HKCU\Software\AppDataLow\Software\Conduit]
C:\Windows\Installer\1785c.msi
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d�affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d�espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d�espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.d
O10 - WLSP:\000000000008\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft� Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000010\Winsock LSP File . (.Microsoft Corp. - Microsoft� Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
ShortcutFix
FirewallRaz
EmptyTemp
EmptyFlash
Proxyfix
Sysrestore