cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.4.28.44 - Nicolas Coolman (4/28/2015)
~ Launched by khim (4/29/2015 8:40:27 AM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox 21.0

---\\ Windows product information
~ Langage: Anglais
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ System protection software
Avira AntiVir Personal – Free Antivirus
McAfee Security Scan Plus v3.0.285.6

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 9 ActiveX

---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014.0 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (17%) free of 20 GB

---\\ Connection to the system mode
~ Computer Name: ME-7F76306ADB62
~ User Name: khim
~ All Users Names: SUPPORT_388945a0, khim, HelpAssistant, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\khim\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\khim\Application Data\
~ %Desktop% : C:\Documents and Settings\khim\Desktop\
~ %Favorites% : C:\Documents and Settings\khim\Favorites\
~ %LocalAppData% : C:\Documents and Settings\khim\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\khim\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 20 Go)
E: Hard drive, Flash drive, Thumb drive (Free 4 Go of 20 Go)
F: Hard drive, Flash drive, Thumb drive (Free 10 Go of 15 Go)
G: CD-ROM drive (Not Inserted)
J: CD-ROM drive (Free 0 Go of 3 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified
~ Security Center: 47 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.7A4F775ABB2F1C97DEF3E73AFA2FAEDD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\wininet.dll [666112]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Winlogon.exe [507904]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.4/14/2008 - 8:02:52 AM.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.4/14/2008 - 1:10:28 AM.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.4/14/2008 - 1:00:00 PM.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 3/8
~ Mes musiques (My Musics) : 1/67
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/337
~ Mon Bureau (My Desktop) : 0/205
~ Menu demarrer (Programs) : 1/61
~ Hidden Files: Scanned in 00mn AMs



---\\ Process running
[MD5.96A55CC44A967A5F9761E25B1F03BB02] - (.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753] [PID.1668]
[MD5.FEBC1C664C0F99CDCB0BC122F69E4A92] - (.Intel Corporation - Wireless Management Service.) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745] [PID.1708]
[MD5.1C51917C9B30530A781F438F6A4AC49F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [68865] [PID.384]
[MD5.A28534235CA8F716322B155476D836E8] - (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe [1988528] [PID.1032] =>PUP.YTDownloader
[MD5.E591AF1C633B0EB6794F478DFACA8B97] - (...) -- ystem32\rundll32.exe [0] [PID.1752]
[MD5.81EFD4630E4A2AF1B63522551A4B56EF] - (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe [186656] [PID.1808]
[MD5.557EED75CAEC97F9A828C595888AC54E] - (.OB - SavePass 1.1 exe.) -- C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-1-6.exe [1408512] [PID.376] =>PUP.CrossRider
[MD5.710DB52FF2EE9FD41D1B06FCB8CAA8C8] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [50176] [PID.792]
[MD5.55B976BE4236F13CAB1D83735EC56E8A] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [172032] [PID.800]
[MD5.15B8AE20F6B11BB00CA5685AA4A1C9FE] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [147456] [PID.1284]
[MD5.71720BB062CD8806D517CA781A99E817] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [188416] [PID.1936]
[MD5.A3F7DC5C695398ED0B6947FA1DD8D75B] - (...) -- C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560] [PID.0] =>PUP.YTDownloader
[MD5.F6D494D609D52A0E9596756C5540A978] - (.Microsoft Corporation - Media Center Scheduler Service.) -- C:\WINDOWS\ehome\ehSched.exe [84992] [PID.996]
[MD5.ABD1E2C0D91A3DE756D7BC84D32C6D5B] - (...) -- C:\Program Files\AMT Media Manager\AMTDeviceService.exe [184320] [PID.2092]
[MD5.21F09BB361D33881DD5B8016163AA679] - (.Mobogenie.com - MobogenieService.exe.) -- C:\Program Files\Mobogenie3\MobogenieService.exe [200896] [PID.2160] =>PUP.Mobogenie
[MD5.0FA44EA8B03ABA3E1D240B5A333D8E6A] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [171448] [PID.2324]
[MD5.873E5A7AA57B53FF1ABD29189A7A1E3D] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Documents and Settings\khim\Desktop\Internet Download Manager\IDMan.exe [3960400] [PID.2336]
[MD5.5855EE6FD18BD683398C597705B52E5C] - (.Oppoos.com - GenieFloater.) -- C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe [1850520] [PID.2392]
[MD5.5E9847165E4FE202ADA891DD6EE2FA24] - (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164] [PID.2436]
[MD5.0F128B84A9E1D88A688E2794DDA45ECD] - (.TODO: <公司名> - TODO: <文件说明>.) -- C:\Program Files\Blazers\Watsvc.exe [107160] [PID.2592]
[MD5.0618D602B5B4B3F465D7BC93828FD6E0] - (...) -- C:\Program Files\Blazers\wac.exe [240280] [PID.2640]
[MD5.A2C1288BD3DEDE03B2327E5972678C2E] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe [271808] [PID.2660]
[MD5.C43B27E06BF47173D95AC493A241CF04] - (...) -- C:\Documents and Settings\All Users\Application Data\{ee8d381d-43ae-ef29-ee8d-d381d43ae075}\shareit pc.exe [457728] [PID.2740]
[MD5.A9BF6E5F3A667DA088A6268EBC53DB63] - (...) -- C:\Program Files\Mobogenie3\MoboGenieHelper.exe [105152] [PID.2776] =>PUP.Mobogenie
[MD5.81663A8EA73256E47A5112530C180A5E] - (.Goobzo - Update Helper.) -- C:\Program Files\YTDownloader\BrowserHelper.exe [471984] [PID.3092] =>PUP.YTDownloader
[MD5.C91446D97C724F20E37C8C1AF2D1731F] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\ehome\ehmsas.exe [47104] [PID.3788]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Documents and Settings\khim\Desktop\Internet Download Manager\IEMonitor.exe [269848] [PID.3948]
[MD5.FE1431B53FA57CCA67DBF858CDAE1B46] - (.VideoLAN - VLC media player 2.1.0.) -- C:\Program Files\VideoLAN\VLC\vlc.exe [204288] [PID.4032]
[MD5.4B4C3A0278EF001B716DAFF1F0C20A94] - (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [680006] [PID.2548]
[MD5.F7069CA102C31AD8833AE9A40208B79B] - (.Intel Corporation - Intel 802.1x Server.) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe [471109] [PID.1548]
[MD5.610E21C38E9656B54692C6795E23567E] - (.OB - SavePass 1.1 exe.) -- C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-10.exe [1441792] [PID.1576] =>PUP.CrossRider
[MD5.5420880623BD70F2EB6BB62C43620590] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8204800] [PID.1800]
[MD5.0BADC6AE4853DD93DEF77779C11E6823] - (.Mozilla Corporation - Plugin Container for CometBird.) -- C:\Program Files\CometBird\plugin-container.exe [79360] [PID.4344]
~ Processes Running: Scanned in 02mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\prefs.js
M3 - MFPP: Plugins - [khim] -- C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [khim] -- C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [khim - 7sx7umlz.default] http://websearch.goodforsearch.info
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\EcnHuFq@N7T.org] [] SalePlluS v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\IG8KAd8q@t.edu] [] SSalePluS v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\LcNACqxB@B3M.edu] [] SallePPlus v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\N@qMzkT1.net] [] SaluePllus v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\toolbar@ask.com] [] Ask Toolbar v3.8.0.12304 (..) =>Toolbar.Ask
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\tqxmbv1m@T.edu] [] SSalePluS v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\Ze@cpwiZU.net] [] SalePlUUss v1.2 (..) =>PUP.SalePlus
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}] [] Shopper-Pro v1.0.0.4 (..) =>PUP.ShopperPro
M2 - MFEP: prefs.js [khim - 7sx7umlz.default\{b0a81eac-12f7-ac30-3ee2-53c071b392d6}] [] Zoom It v1.0.0.4 (..) =>PUP.ZoomIt
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml =>PUP.StartSearch
~ Firefox Browser: 29 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 12 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\HfGEiIuW\kecdcrme.exe
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn AMs



---\\ Browser Helper Objects (O2)
O2 - BHO: SalePlUUss - {08092eb3-c9c7-459d-8ac1-931bfd449a2d} . (...) -- C:\Program Files\SalePlUUss\rbIHyuiENTEki5.dll =>PUP.SalePlus
O2 - BHO: SSalePluS - {68a3c8df-b266-4c95-87d9-a66dbe2fe5b4} . (...) -- C:\Program Files\SSalePluS\keu8refJbd6Gml.dll =>PUP.SalePlus
O2 - BHO: SalePlus - {68f64d4c-225b-4c4c-8b46-15bd79a2ef69} . (...) -- C:\Program Files\SalePlus\aOT7NfYas1KehH.dll =>PUP.SalePlus
O2 - BHO: SSalePluS - {86014e26-a5c9-470c-841b-06874493ef80} . (...) -- C:\Program Files\SSalePluS\lmHz8Mi0PvHkbw.dll =>PUP.SalePlus
O2 - BHO: SalePlluS - {90b936f6-682a-4ad5-b313-d0ec2f26e457} . (...) -- C:\Program Files\SalePlluS\aHav2pgzUDYBjc.dll =>PUP.SalePlus
O2 - BHO: SallePPlus - {93f138f3-b871-4f21-98a5-e88bfd7237d3} . (...) -- C:\Program Files\SallePPlus\yfbSIWzaY1YPCo.dll =>PUP.SalePlus
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} . (.Goobzo Ltd. - ShopperPro Extension.) -- C:\Documents and Settings\All Users\Application Data\ShopperPro\ShopperPro.dll =>PUP.ShopperPro
O2 - BHO: bestadblocker - {ce35ee8e-93ef-4925-8d4c-479e84aa9d36} . (...) -- C:\Program Files\bestadblocker\ebNjWgVziYXopY.dll =>PUP.Adblocker
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
~ BHO: 28 Legitimates Filtered in 01mn AMs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - [HKLM]{EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Orphan key
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: Mobogenie3.lnk . (.Mobogenie.com - Mobogenie.exe.) -- C:\Program Files\Mobogenie3\Mobogenie.exe =>PUP.Mobogenie
O4 - GS\Desktop [khim]: QQPlayer.lnk . (. Tencent Inc - QQ Player.) -- C:\Program Files\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
~ Global Startup: 2 Legitimates Filtered in 02mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [Home] regedit -s c:\home\home.reg (.not file.)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
O4 - HKLM\..\Run: [CodecDecoder_AutoUpdate] . (...) -- C:\Documents and Settings\khim\Local Settings\Application Data\CodecDecoder\AutoUpdate.exe
O4 - HKLM\..\Run: [AMTDeviceService] . (...) -- C:\Program Files\AMT Media Manager\AMTDeviceService.exe
O4 - HKLM\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKCU\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Documents and Settings\khim\Desktop\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [GenieFloater] . (.Oppoos.com - GenieFloater.) -- C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-436374069-1482476501-1606980848-1003\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-436374069-1482476501-1606980848-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-1482476501-1606980848-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-436374069-1482476501-1606980848-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Documents and Settings\khim\Desktop\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-436374069-1482476501-1606980848-1003\..\Run: [GenieFloater] . (.Oppoos.com - GenieFloater.) -- C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe
O4 - HKUS\S-1-5-21-436374069-1482476501-1606980848-1003\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn AMs



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
~ Objets ActiveX: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{398AC30B-F676-4D85-9696-61159A267A45}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B6410CC-EB69-41B1-93C4-689A0439C392}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{398AC30B-F676-4D85-9696-61159A267A45}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{7B6410CC-EB69-41B1-93C4-689A0439C392}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{398AC30B-F676-4D85-9696-61159A267A45}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{7B6410CC-EB69-41B1-93C4-689A0439C392}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3C21639-941B-4DE4-B558-C14964368812}: NameServer = 208.67.222.222 208.67.220.220
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: Antiwpa . (.Microsoft Corporation - Windows WPA Component.) -- C:\WINDOWS\system32\wpa.dll =>PUP.Wpakill
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn AMs



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - UPNP Tray Monitor and Folder.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 5 Legitimates Filtered in 00mn AMs



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: SoftwareLite (a7339204) . (...) - c:\Program Files\SoftwareLite\SoftwareLite.dll
O23 - Service: (BrsHelper) . (...) - C:\Program Files\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
O23 - Service: MobogenieService (MobogenieService) . (.Mobogenie.com - MobogenieService.exe.) - C:\Program Files\Mobogenie3\MobogenieService.exe =>PUP.Mobogenie
O23 - Service: Watsvc (Watsvc) . (.TODO: <公司名> - TODO: <文件说明>.) - C:\Program Files\Blazers\Watsvc.exe
~ Services: 10 Legitimates Filtered in 03mn AMs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\khim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\khim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn AMs



---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-1-6.job [3106]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-1-7.job [3106]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-10_user.job [2080]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-4.job [4126] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-5.job [2414] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Bidaily Synchronize Task.job [408] =>PUP.BidailySync
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job [866] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job [870] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [232] =>Toolbar.Ask
O39 - APT: - (..) -- C:\WINDOWS\Tasks\ShopperPro.job [768] =>PUP.ShopperPro
O39 - APT: - (..) -- C:\WINDOWS\Tasks\ShopperProJSUpd.job [338] =>PUP.ShopperPro
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SMupdate1.job [428]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SMupdate2.job [428]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SMupdate3.job [428]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\YTDownloader.job [356] =>PUP.YTDownloader
O39 - APT: - (..) -- C:\WINDOWS\Tasks\YTDownloaderUpd.job [346] =>PUP.YTDownloader
~ Scheduled Task: 18 Legitimates Filtered in 00mn AMs



---\\ Drivers launched at startup (O41)
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: (sbmntr) . (.YTDownloader - YTDownloader Driver.) - C:\Program Files\YTDOWN~1\sbmntr.sys =>PUP.YTDownloader
~ Drivers: 78 Legitimates Filtered in 00mn AMs



---\\ Software installed (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Codec Decoder Pack - (.Codec Decoder.) [HKLM] -- Codec Decoder Pack
O42 - Logiciel: SSalePluS - (...) [HKLM] -- {B696F285-F54E-2524-58B1-E06A70ABE6BE} =>PUP.SalePlus
O42 - Logiciel: SUPERFileRecover - (.SUPERFileRecover.com.) [HKLM] -- {F9CEA5FA-211D-4975-8DD8-EB3102CDC640}
O42 - Logiciel: Shopper-Pro - (...) [HKLM] -- ShopperPro =>PUP.ShopperPro
O42 - Logiciel: Simple Highlighter - (...) [HKLM] -- {AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
O42 - Logiciel: SweetIM for Messenger 2.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {EC6BD2CC-2DCF-4AD8-A8DD-DF89D29EEF3F} =>PUP.SweetIM
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM] -- YTDownloader =>PUP.YTDownloader
O42 - Logiciel: bestadblocker - (...) [HKLM] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.Adblocker
O42 - Logiciel: ãÔÛá ÇáÝáÇÔ ÇáÚÑÈí - (...) [HKLM] -- ãÔÛá ÇáÝáÇÔ ÇáÚÑÈí
~ Logic: 46 Legitimates Filtered in 01mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Aekc]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Kromtech]
[HKCU\Software\OB]
[HKCU\Software\OperaOB]
[HKCU\Software\SUPERFileRecover.com]
[HKCU\Software\SavePass 1.1-nv-ie] =>PUP.CrossRider
[HKCU\Software\SavePass 1.1] =>PUP.CrossRider
[HKCU\Software\SavePass1.1] =>PUP.CrossRider
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKCU\Software\TrinityAYB]
[HKCU\Software\YTDownloader] =>PUP.YTDownloader
[HKCU\Software\_CrossriderRegNamePlaceHolder_] =>PUP.CrossRider
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01] =>PUP.CrossRider
[HKLM\Software\AIM Toolbar]
[HKLM\Software\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\SavePass 1.1-nv-ie] =>PUP.CrossRider
[HKLM\Software\SavePass 1.1] =>PUP.CrossRider
[HKLM\Software\SiteSee]
[HKLM\Software\SpeedBit]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tencent] =>Adware.TencentAddressBar
~ Key Software: 342 Legitimates Filtered in 01mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 4/26/2015 - 4:31:17 PM - [0] ----D C:\Program Files\AppendRunner
O43 - CFD: 4/18/2015 - 3:28:20 PM - [] ----D C:\Program Files\Ask.com
O43 - CFD: 4/26/2015 - 4:24:31 PM - [] ----D C:\Program Files\bestadblocker =>PUP.Adblocker
O43 - CFD: 4/26/2015 - 10:37:18 AM - [] ----D C:\Program Files\Blazers
O43 - CFD: 11/16/2006 - 6:09:34 AM - [] ----D C:\Program Files\HfGEiIuW
O43 - CFD: 4/26/2015 - 4:33:07 PM - [] ----D C:\Program Files\SalePlluS =>PUP.SalePlus
O43 - CFD: 4/26/2015 - 4:23:23 PM - [] ----D C:\Program Files\SalePlus =>PUP.SalePlus
O43 - CFD: 4/26/2015 - 4:30:14 PM - [] ----D C:\Program Files\SalePlUUss =>PUP.SalePlus
O43 - CFD: 4/26/2015 - 4:34:34 PM - [] ----D C:\Program Files\SallePPlus =>PUP.SalePlus
O43 - CFD: 4/26/2015 - 4:22:09 PM - [] ----D C:\Program Files\SaluePllus =>PUP.SalePlus
O43 - CFD: 4/28/2015 - 8:13:48 AM - [] ----D C:\Program Files\SavePass 1.1 =>PUP.CrossRider
O43 - CFD: 4/28/2015 - 8:15:37 AM - [] ----D C:\Program Files\ShopperPro =>PUP.ShopperPro
O43 - CFD: 4/26/2015 - 4:24:51 PM - [] ----D C:\Program Files\Simple Highlighter
O43 - CFD: 4/28/2015 - 2:33:31 PM - [] ----D C:\Program Files\SSalePluS =>PUP.SalePlus
O43 - CFD: 11/11/2006 - 7:00:49 AM - [] ----D C:\Program Files\SUPERFileRecover
O43 - CFD: 10/1/2008 - 2:36:39 AM - [] ----D C:\Program Files\SweetIM =>PUP.SweetIM
O43 - CFD: 4/28/2015 - 2:34:29 PM - [0] ----D C:\Program Files\SystemPlus
O43 - CFD: 4/26/2015 - 4:33:26 PM - [0] ----D C:\Program Files\SystemUp
O43 - CFD: 2/14/2008 - 9:48:33 AM - [] ----D C:\Program Files\Tencent =>Adware.TencentAddressBar
O43 - CFD: 4/28/2015 - 8:17:00 AM - [] ----D C:\Program Files\YTDownloader =>PUP.YTDownloader
O43 - CFD: 3/22/2015 - 10:48:12 PM - [] ----D C:\Program Files\ãÔÛá ÇáÝáÇÔ ÇáÚÑÈí
O43 - CFD: 4/28/2015 - 2:33:32 PM - [] ----D C:\Documents and Settings\All Users\Application Data\12296872677470415669
O43 - CFD: 4/29/2015 - 8:40:03 AM - [0] ----D C:\Documents and Settings\All Users\Application Data\boost_interprocess
O43 - CFD: 4/28/2015 - 8:15:38 AM - [] ----D C:\Documents and Settings\All Users\Application Data\ShopperPro =>PUP.ShopperPro
O43 - CFD: 10/1/2008 - 2:36:41 AM - [] ----D C:\Documents and Settings\All Users\Application Data\SweetIM =>PUP.SweetIM
O43 - CFD: 4/28/2015 - 4:02:14 PM - [] ----D C:\Documents and Settings\All Users\Application Data\{35a34ae7-4a56-08a7-35a3-34ae74a52b9d}
O43 - CFD: 4/26/2015 - 3:13:00 PM - [] ----D C:\Documents and Settings\All Users\Application Data\{69c145ae-92cc-9878-69c1-145ae92c16ba}
O43 - CFD: 4/26/2015 - 3:17:31 PM - [] ----D C:\Documents and Settings\All Users\Application Data\{ec37973a-3347-e1bf-ec37-7973a3345ce8}
O43 - CFD: 4/27/2015 - 1:40:00 AM - [] ----D C:\Documents and Settings\All Users\Application Data\{ee8d381d-43ae-ef29-ee8d-d381d43ae075}
O43 - CFD: 11/11/2006 - 7:00:50 AM - [] ----D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERFileRecover
O43 - CFD: 2/14/2008 - 9:49:03 AM - [] ----D C:\Documents and Settings\khim\Application Data\Tencent =>Adware.TencentAddressBar
O43 - CFD: 4/28/2015 - 8:14:41 AM - [] ----D C:\Documents and Settings\khim\Local Settings\Application Data\AskToolbar
O43 - CFD: 4/26/2015 - 3:30:38 PM - [] ----D C:\Documents and Settings\khim\Local Settings\Application Data\CodecDecoder
O43 - CFD: 4/26/2015 - 10:37:20 AM - [0] ----D C:\Documents and Settings\khim\Local Settings\Application Data\gic
O43 - CFD: 11/18/2006 - 6:41:46 AM - [] ----D C:\Documents and Settings\khim\Start Menu\Programs\Codec Decoder Pack
O43 - CFD: 2/14/2008 - 9:48:49 AM - [] ----D C:\Documents and Settings\khim\Start Menu\Programs\Tencent =>Adware.TencentAddressBar
O43 - CFD: 4/28/2015 - 8:17:00 AM - [] ----D C:\Documents and Settings\khim\Start Menu\Programs\YTDownloader =>PUP.YTDownloader
O43 - CFD: 3/22/2015 - 10:48:12 PM - [] ----D C:\Documents and Settings\khim\Start Menu\Programs\ãÔÛá ÇáÝáÇÔ ÇáÚÑÈí
~ Program Folder: 226 Legitimates Filtered in 01mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.403C4EE9D604A94F844A5BF912136A38] - 4/19/2015 - 2:20:02 AM ---A- . (...) -- C:\WINDOWS\system.ini [285]
O44 - LFC:[MD5.0584A995E1C9952C453A408DA9ED66BE] - 4/19/2015 - 2:20:02 AM ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1789]
O44 - LFC:[MD5.591D2A037E1071520AF99838CF1A33BD] - 4/19/2015 - 5:56:31 PM ---A- . (...) -- C:\TP-LINK_D7D62C.p10 [2609]
O44 - LFC:[MD5.EB01D7D00A41E9CBBAFC76A1BA90A1FA] - 4/21/2015 - 9:15:06 AM ---A- . (...) -- C:\BERANI.p10 [2608]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 4/26/2015 - 2:04:18 PM ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 4/26/2015 - 3:31:36 PM --HA- . (...) -- C:\WINDOWS\QTFont.qfn [54156]
O44 - LFC:[MD5.BF82D7BEC3F97A6F53D3D9B5C6EFCA33] - 4/27/2015 - 8:04:55 AM ----- . (...) -- C:\WINDOWS\Golden Al-Wafi Translator.CAB [16466167]
O44 - LFC:[MD5.E7738879F0CEC9EA9BABCE73E60267B3] - 4/27/2015 - 8:04:55 AM ---A- . (...) -- C:\WINDOWS\ST6UNST.000 [1602]
O44 - LFC:[MD5.40BEA9A235C84C8AA9746FD4716EF8BB] - 4/27/2015 - 8:13:02 AM ---A- . (...) -- C:\DJAWEB_MOUSTACH.p10 [2621]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 4/29/2015 - 7:41:01 AM ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.3390F6E26F1F7AC7F5E967CC29B29811] - 4/29/2015 - 7:41:07 AM ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.1FDAB036C121584682224DC2A4C29146] - 4/29/2015 - 7:41:07 AM ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.D687D84F7C87B6CEBC125903739EE657] - 4/29/2015 - 7:41:30 AM ---A- . (...) -- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt [3990]
O44 - LFC:[MD5.30B7EB4F9023657449FB57AF0CFC72F4] - 4/29/2015 - 8:13:02 AM ---A- . (...) -- C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 [4]
~ Files: 28 Legitimates Filtered in 03mn AMs



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn AMs



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "E:\Recupération\pen-drive-data-recovery-demo.exe" [Enabled] .(.Pro Data Doctor Pvt. Ltd..) -- E:\Recupération\pen-drive-data-recovery-demo.exe
O47 - AAKE:Key Export SP - "H:\xfmp.exe" [Enabled] .(...) -- H:\xfmp.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\khim\Local Settings\Application Data\CodecDecoder\AutoUpdate.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\khim\Local Settings\Application Data\CodecDecoder\AutoUpdate.exe
O47 - AAKE:Key Export SP - "C:\DOCUME~1\khim\LOCALS~1\Temp\qkqhf.exe" [Enabled] .(...) -- C:\DOCUME~1\khim\LOCALS~1\Temp\qkqhf.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\WinRAR\WinRAR.exe" [Enabled] .(.No owner.) -- C:\Program Files\WinRAR\WinRAR.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HfGEiIuW\kecdcrme.exe" [Enabled] .(.No owner.) -- C:\Program Files\HfGEiIuW\kecdcrme.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Mobogenie3\mobogenieP2sp.exe" [Enabled] .(.mobogenie.com.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe =>PUP.Mobogenie
O47 - AAKE:Key Export SP - "C:\Program Files\YTDownloader\Updater.exe" [Enabled] .(.Goobzo.) -- C:\Program Files\YTDownloader\Updater.exe =>PUP.YTDownloader
O47 - AAKE:Key Export SP - "C:\Program Files\CometBird\cometbird.exe" [Enabled] .(.CometNetwork.) -- C:\Program Files\CometBird\cometbird.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ShopperPro\Updater.exe" [Enabled] .(.Goobzo.) -- C:\Program Files\ShopperPro\Updater.exe =>PUP.ShopperPro
O47 - AAKE:Key Export SP - "C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-4.exe" [Enabled] .(.OB.) -- C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-4.exe =>PUP.CrossRider
O47 - AAKE:Key Export SP - "C:\Program Files\Blazers\blazers.exe" [Enabled] .(.TODO: <公司名>.) -- C:\Program Files\Blazers\blazers.exe
O47 - AAKE:Key Export SP - "C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-5.exe" [Enabled] .(.OB.) -- C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-5.exe =>PUP.CrossRider
~ Keys Export: 58 Legitimates Filtered in 00mn AMs



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn AMs



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{209f2815-1759-11dd-97db-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-0-1-81-0682664326-1016124612-001325002-2835\JOHcsthB.exe (.not file.)
O51 - MPSK:{220bcf30-8a8e-11db-96e1-0016d4e4989e}\AutoRun\command. (...) -- H:\qjymyc.exe (.not file.)
O51 - MPSK:{2c9e622e-216e-11dc-9722-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-8-5-38-1745822657-7464658111-031248614-5208\qbomoXYK.exe (.not file.)
O51 - MPSK:{3ba0a019-74e2-11db-96be-0016d4e4989e}\AutoRun\command. (...) -- H:\khowa.exe (.not file.)
O51 - MPSK:{50dc412b-6246-11db-9664-0016d4e4989e}\AutoRun\command. (...) -- I:\afufbc.pif (.not file.)
O51 - MPSK:{623685c8-0b7e-11de-986a-0016d4e4989e}\AutoRun\command. (...) -- H:\wusvku.cmd (.not file.)
O51 - MPSK:{63cdcd0c-7885-11dc-9754-0016d4e4989e}\AutoRun\command. (...) -- H:\sskhbu.pif (.not file.)
O51 - MPSK:{6afe0e7c-76f3-11dc-9750-0016d4e4989e}\AutoRun\command - Orphan key
O51 - MPSK:{6f054de0-03b7-11dd-97cd-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-6-1-31-6384016341-2687130767-614716535-2882\NQEwxMib.exe (.not file.)
O51 - MPSK:{73ea9091-a046-11db-9701-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-2-2-41-5716758800-1175217621-033506337-6126\qCTVMFvm.exe (.not file.)
O51 - MPSK:{8f0b3530-dc37-11db-9715-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-2-4-31-8703432423-3034602220-006634053-3048\kffbiXgQ.exe (.not file.)
O51 - MPSK:{9cdcbd98-72bf-11db-96b0-0016d4e4989e}\AutoRun\command. (...) -- H:\rjjn.pif (.not file.)
O51 - MPSK:{9cdcbd99-72bf-11db-96b0-0016d4e4989e}\AutoRun\command. (...) -- I:\ncxp.pif (.not file.)
O51 - MPSK:{a5098b86-b9d4-11dc-9782-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-3-0-83-4036746813-5614781476-564258352-2012\QTAOWnTE.exe (.not file.)
O51 - MPSK:{b0c9426d-8e34-11dd-90ad-806d6172696f}\AutoRun\command. (.Microsoft Corporation - Windows XP Version Checking Program.) -- E:\setupSNK.exe
O51 - MPSK:{b0c9426e-8e34-11dd-90ad-806d6172696f}\AutoRun\command. (.Microsoft Corporation - Windows XP Version Checking Program.) -- F:\setupSNK.exe
O51 - MPSK:{b3d50e8a-8f53-11dd-87a7-0016d4e4989e}\AutoRun\command. (.Autodesk, Inc. - Autodesk component.) -- J:\Setup.exe
O51 - MPSK:{b7fd7e6e-0192-11dc-971e-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-2-8-58-5710102315-2810633064-578337386-2024\PQlpOEGl.exe (.not file.)
O51 - MPSK:{cf44430e-7bc3-11dc-975c-0016d4e4989e}\AutoRun\command. (...) -- H:\jnyjar.pif (.not file.)
O51 - MPSK:{f2a51e14-d38a-11e4-987a-0016d4e4989e}\AutoRun\command. (...) -- H:\setup.exe (.not file.)
O51 - MPSK:{fbac628e-02bc-11dd-97cc-0016d4e4989e}\AutoRun\command. (...) -- C:\WINDOWS\system32\RECYCLER\S-1-0-18-1142870660-0555273761-002875206-6621\DxkhMItf.exe (.not file.)
~ Keys: Scanned in 00mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 8 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:1/22/2008 - 2:12:56 AM ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\Drivers\avgntdd.sys [41792]
O58 - SDL:1/22/2008 - 2:11:28 AM ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\Drivers\avgntmgr.sys [22336] =>PUP.DriverManager
O58 - SDL:3/4/2008 - 9:28:53 PM ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\Drivers\avipbb.sys [79424]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:6/17/2006 - 3:17:36 AM R--A- . (.ENE Technology Inc. - ENE PCI Memory Stick Card Reader Driver.) -- C:\WINDOWS\system32\Drivers\EMS7SK.sys [61056]
O58 - SDL:6/17/2006 - 3:17:38 AM R--A- . (.ENE Technology Inc. - ENE PCI Secure Digital / MMC Card Reader Driver.) -- C:\WINDOWS\system32\Drivers\ESD7SK.sys [40064]
O58 - SDL:6/17/2006 - 3:17:38 AM R--A- . (.ENE Technology Inc. - ENE PCI SmartMedia / XD Card Reader Driver.) -- C:\WINDOWS\system32\Drivers\ESM7SK.sys [74752]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:3/17/2015 - 1:53:14 PM ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [126072]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:4/9/2007 - 1:27:07 PM ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\WINDOWS\system32\Drivers\scdemu.sys [31548]
O58 - SDL:1/2/1601 - 11:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [639224]
O58 - SDL:3/1/2007 - 6:34:22 PM ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28352]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:4/14/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 59 Legitimates Filtered in 02mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 4/28/2015 - c:\Program Files\SoftwareLite\SoftwareLite.dll (a7339204) .(...) - LEGACY_A7339204
O64 - Services: CurCS - 1/10/1746 - C:\WINDOWS\system32\drivers\iprqm.sys (amsint32) .(...) - LEGACY_AMSINT32
O64 - Services: CurCS - 4/22/2015 - C:\Program Files\YTDownloader\BrowserHelperSrv.exe (BrsHelper) .(...) - LEGACY_BRSHELPER =>PUP.YTDownloader
O64 - Services: CurCS - 2/3/2015 - C:\Program Files\Mobogenie3\MobogenieService.exe (MobogenieService) .(.Mobogenie.com - MobogenieService.exe.) - LEGACY_MOBOGENIESERVICE =>PUP.Mobogenie
O64 - Services: CurCS - 4/22/2015 - C:\Program Files\YTDOWN~1\sbmntr.sys (sbmntr) .(.YTDownloader - YTDownloader Driver.) - LEGACY_SBMNTR =>PUP.YTDownloader
O64 - Services: CurCS - 4/16/2015 - C:\Program Files\Blazers\Watsvc.exe (Watsvc) .(.TODO: <公司名> - TODO: <文件说明>.) - LEGACY_WATSVC
~ Legacy: 138 Legitimates Filtered in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [khim - 7sx7umlz.default] user_pref("extensions.crossrider.bic", "14cfee980d4377ffd3a3cb9a659dc3c8"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} [DefaultScope] - (WebSearch) - http://websearch.goodforsearch.info
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.4CEBA338550CD2CEF0FE25C80512AA78] [SPRF][11/14/2011] (...) -- C:\Documents and Settings\khim\Desktop\Codec_DecoderPack.exe [16460994]
[MD5.CB72C0D5E9937B14898FD3D229B70E4C] [SPRF][9/30/2006] (.No owner - Foxit Reader, Best Reader for Everyday Use!.) -- C:\Documents and Settings\khim\Desktop\FoxitReader.exe [3865856]
[MD5.0683C5FFD26FBA45C0E4DB12543DCF37] [SPRF][2/23/2011] (.No owner - QT Lite Setup.) -- C:\Documents and Settings\khim\Desktop\QT_Lite_410.exe [18206297]
[MD5.0BCC82A44E02A30F965E5F96A0B6BF93] [SPRF][9/23/2008] (.No owner - ALWIL Software Setup Engine.) -- C:\Documents and Settings\khim\Desktop\setupfre.exe [27660584]
[MD5.C6D23D758328EA17DB656E7E307DA1C8] [SPRF][10/18/2012] (...) -- C:\Documents and Settings\khim\Desktop\vlc-2.0.4-win32.exe [24104593]
[MD5.F81451331134A2AC6DEA03EACF691C8A] [SPRF][9/27/2013] (...) -- C:\Documents and Settings\khim\Desktop\vlc-2.1.0-win32.exe [24356473]
[MD5.50EB7761BC4504505848252E3252518F] [SPRF][9/28/2013] (...) -- C:\Documents and Settings\khim\Desktop\winbox.exe [196096]
[MD5.E6B3B9E70F8FAA2F1D00D5277451A117] [SPRF][7/17/2008] (...) -- C:\Documents and Settings\khim\Desktop\XP_FR_BISSM.exe [938642]
[MD5.151DBA980FD8392EE727BDECA817AE76] [SPRF][5/25/2014] (...) -- C:\Documents and Settings\khim\Desktop\الجرائد.exe [2733056]
~ Files: 11 Legitimates Filtered in 07mn AMs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "97D1799511182C24E90488A3C072E787" . (.SweetIM Toolbar for Internet Explorer 3.1.) -- C:\WINDOWS\Installer\{59971D79-8111-42C2-9E40-883A0C277E78}\ARPPRODUCTICON.exe =>PUP.SweetIM
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- c:\program files\ask.com\fv_65.ico =>Toolbar.Ask
O90 - PUC: "CC2DB6CEFCD28DA48ADDFD982DE9FEF3" . (.SweetIM for Messenger 2.5.) -- C:\WINDOWS\Installer\{EC6BD2CC-2DCF-4AD8-A8DD-DF89D29EEF3F}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 3 Legitimates Filtered in 00mn AMs



---\\ Random Export Key (REK) (O91)
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:0c230bcb="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:2e22d94e="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:3c09c42b="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:414bc593="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:51d2f2ea="PPAf/XJ/blAK/Y//GlAf/XD/G/Au/YZ////%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:65114b36="Vl/l////"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:72758a5d="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:7367429f="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:a2e3b941="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:bbf88800="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:e46c271e="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01\49863538728707340\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.99A3C18BDD1297C43CDC29C371EEBA9B] [WIS][10/1/2008] (.SweetIM Technologies Ltd. - SweetIM for Messenger 2.5.) -- C:\Windows\Installer\23c122.msi [3126272] =>PUP.SweetIM
[MD5.DD1EBF969E9DA6EBEC9F5866CF782ACB] [WIS][10/1/2008] (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer 3.1.) -- C:\Windows\Installer\23c12a.msi [707072] =>PUP.SweetIM
~ WIS: 2 Legitimates Filtered in 10mn AMs



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] (Web Browser Applet Control) =>PUP.CrossRider
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial) =>PUP.SpeedDial
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate
[HKCR\CLSID\{68a3c8df-b266-4c95-87d9-a66dbe2fe5b4}] (SSalePluS) =>PUP.SalePlus
[HKCR\CLSID\{68f64d4c-225b-4c4c-8b46-15bd79a2ef69}] (SalePlus) =>PUP.SalePlus
[HKCR\CLSID\{86014e26-a5c9-470c-841b-06874493ef80}] (SSalePluS) =>PUP.SalePlus
[HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{ce35ee8e-93ef-4925-8d4c-479e84aa9d36}] (bestadblocker) =>PUP.Adblocker
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask
[HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}] (SweetIM Toolbar for Internet Explorer) =>PUP.SweetIM
[HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}] (SweetIM Toolbar Helper) =>PUP.SweetIM
[HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}] (SweetIM ToolbarURLSearchHook Class) =>PUP.SweetIM
~ BCK: 5653 Legitimates Filtered in 21mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 4/18/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 3/26/2008 147201 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
SS - | Demand 10/3/2008 158824 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 4/14/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 4/28/2015 150528 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Demand 4/28/2015 150528 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Demand 7/22/1658 0 | (gusvc) . (...) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 9/5/2012 308504 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
SS - | Demand 5/11/2013 190872 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 6/11/2012 798104 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 4/28/2015 1589248 | (a7339204) . (...) - c:\Program Files\SoftwareLite\SoftwareLite.dll
SR - | Auto 3/7/2008 68865 | (AntiVirScheduler) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
SR - | Auto 4/22/2015 112560 | (BrsHelper) . (...) - C:\Program Files\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader
SR - | Auto 4/14/2006 114753 | (EvtEng) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
SR - | Auto 2/3/2015 200896 | (MobogenieService) . (.Mobogenie.com.) - C:\Program Files\Mobogenie3\MobogenieService.exe =>PUP.Mobogenie
SR - | Auto 4/14/2006 217164 | (RegSrvc) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
SR - | Auto 4/14/2006 540745 | (S24EventMonitor) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SR - | Auto 4/16/2015 107160 | (Watsvc) . (.TODO: <公司名>.) - C:\Program Files\Blazers\Watsvc.exe
~ Services: Scanned in 23mn AMs



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:1/2/1601 - 11:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [639224]
~ Emulateurs: Scanned in 23mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13008 - (4/28/2015)
Clés trouvées (Keys found) : 148
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 28
Fichiers trouvés (Files found) : 45

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08092EB3-C9C7-459D-8AC1-931BFD449A2D}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68A3C8DF-B266-4C95-87D9-A66DBE2FE5B4}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F64D4C-225B-4C4C-8B46-15BD79A2EF69}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86014E26-A5C9-470C-841B-06874493EF80}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B936F6-682A-4AD5-B313-D0EC2F26E457}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93F138F3-B871-4F21-98A5-E88BFD7237D3}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE35EE8E-93EF-4925-8D4C-479E84AA9D36}] =>PUP.Adblocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\SYSTEM\CurrentControlSet\Services\BrsHelper] =>PUP.YTDownloader^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\SYSTEM\CurrentControlSet\Services\MobogenieService] =>PUP.Mobogenie^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}] =>PUP.SalePlus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EC6BD2CC-2DCF-4AD8-A8DD-DF89D29EEF3F}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.Adblocker^
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}] =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc}] =>Spyware.AdaEbook
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe] =>PUP.SweetIM
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\AskToolbarInfo] =>Toolbar.AskTBar
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8] =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils] =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1] =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator] =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM
[HKLM\Software\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM
[HKLM\Software\Classes\SWEETIE.SWEETIE] =>PUP.SweetIM
[HKLM\Software\Classes\SWEETIE.SWEETIE.3] =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{EEE6C35B-6118-11DC-9C72-001320C79847} =>PUP.SweetIM^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\EcnHuFq@N7T.org =>PUP.SalePlus^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\IG8KAd8q@t.edu =>PUP.SalePlus^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\LcNACqxB@B3M.edu =>PUP.SalePlus^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\N@qMzkT1.net =>PUP.SalePlus^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\toolbar@ask.com =>Toolbar.Ask^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\tqxmbv1m@T.edu =>PUP.SalePlus^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\Ze@cpwiZU.net =>PUP.SalePlus^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} =>PUP.ShopperPro^
C:\Documents and Settings\khim\Application Data\Mozilla\Firefox\Profiles\7sx7umlz.default\extensions\{b0a81eac-12f7-ac30-3ee2-53c071b392d6} =>PUP.ZoomIt^
C:\Program Files\bestadblocker =>PUP.Adblocker^
C:\Program Files\SalePlluS =>PUP.SalePlus^
C:\Program Files\SalePlus =>PUP.SalePlus^
C:\Program Files\SalePlUUss =>PUP.SalePlus^
C:\Program Files\SallePPlus =>PUP.SalePlus^
C:\Program Files\SaluePllus =>PUP.SalePlus^
C:\Program Files\SavePass 1.1 =>PUP.CrossRider^
C:\Program Files\ShopperPro =>PUP.ShopperPro^
C:\Program Files\SSalePluS =>PUP.SalePlus^
C:\Program Files\SweetIM =>PUP.SweetIM^
C:\Program Files\Tencent =>Adware.TencentAddressBar^
C:\Program Files\YTDownloader =>PUP.YTDownloader^
C:\Documents and Settings\All Users\Application Data\ShopperPro =>PUP.ShopperPro^
C:\Documents and Settings\All Users\Application Data\SweetIM =>PUP.SweetIM^
C:\Documents and Settings\khim\Application Data\Tencent =>Adware.TencentAddressBar^
C:\Documents and Settings\khim\Start Menu\Programs\Tencent =>Adware.TencentAddressBar^
C:\Documents and Settings\khim\Start Menu\Programs\YTDownloader =>PUP.YTDownloader^
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Documents and Settings\khim\Local Settings\Application Data\AskToolbar =>Toolbar.AskTBar
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files\YTDownloader\YTDownloader.exe =>PUP.YTDownloader^
C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-1-6.exe =>PUP.CrossRider^
C:\Program Files\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader^
C:\Program Files\Mobogenie3\MobogenieService.exe =>PUP.Mobogenie^
C:\Program Files\Mobogenie3\MoboGenieHelper.exe =>PUP.Mobogenie^
C:\Program Files\YTDownloader\BrowserHelper.exe =>PUP.YTDownloader^
C:\Program Files\SavePass 1.1\49c3d4c0-10f4-4402-908d-74bf2d917a08-10.exe =>PUP.CrossRider^
C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-4.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\49c3d4c0-10f4-4402-908d-74bf2d917a08-5.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\Bidaily Synchronize Task.job =>PUP.BidailySync^
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job =>Toolbar.Ask^
C:\WINDOWS\Tasks\ShopperPro.job =>PUP.ShopperPro^
C:\WINDOWS\Tasks\ShopperProJSUpd.job =>PUP.ShopperPro^
C:\WINDOWS\Tasks\YTDownloader.job =>PUP.YTDownloader^
C:\WINDOWS\Tasks\YTDownloaderUpd.job =>PUP.YTDownloader^
[HKCU\Software\SavePass 1.1-nv-ie] =>PUP.CrossRider^
[HKCU\Software\SavePass 1.1] =>PUP.CrossRider^
[HKCU\Software\SavePass1.1] =>PUP.CrossRider^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
[HKCU\Software\YTDownloader] =>PUP.YTDownloader^
[HKCU\Software\_CrossriderRegNamePlaceHolder_] =>PUP.CrossRider^
[HKLM\Software\88d19f13-5369-0364-798c-72ecd2b15c01] =>PUP.CrossRider^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\SavePass 1.1-nv-ie] =>PUP.CrossRider^
[HKLM\Software\SavePass 1.1] =>PUP.CrossRider^
[HKLM\Software\Tencent] =>Adware.TencentAddressBar^
C:\Windows\Installer\23c122.msi =>PUP.SweetIM^
C:\Windows\Installer\23c12a.msi =>PUP.SweetIM^
[HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] (Web Browser Applet Control) =>PUP.CrossRider^
[HKCR\CLSID\{30E7F2A0-EC4C-11ce-8865-00805F742EF6}] (SpeedDial) =>PUP.SpeedDial^
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate^
[HKCR\CLSID\{68a3c8df-b266-4c95-87d9-a66dbe2fe5b4}] (SSalePluS) =>PUP.SalePlus^
[HKCR\CLSID\{68f64d4c-225b-4c4c-8b46-15bd79a2ef69}] (SalePlus) =>PUP.SalePlus^
[HKCR\CLSID\{86014e26-a5c9-470c-841b-06874493ef80}] (SSalePluS) =>PUP.SalePlus^
[HKCR\CLSID\{9f16ef61-b17a-408c-ac1c-d9347ce4531f}] (SectionViewpointCmd Object) =>Adware.MetaStream^
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{ce35ee8e-93ef-4925-8d4c-479e84aa9d36}] (bestadblocker) =>PUP.Adblocker^
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask^
[HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}] (SweetIM Toolbar for Internet Explorer) =>PUP.SweetIM^
[HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}] (SweetIM Toolbar Helper) =>PUP.SweetIM^
[HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}] (SweetIM ToolbarURLSearchHook Class) =>PUP.SweetIM^
~ Additionnel Scan: 211671 Items scanned in 49mn AMs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn AMs



---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://www.nicolascoolman.fr/blog/ =>PUP.SalePlus
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://www.nicolascoolman.fr/blog/ =>PUP.ZoomIt
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/adware-tencentaddressbar =>Adware.TencentAddressBar
http://nicolascoolman.fr/33243679-pup-wpakill =>PUP.Wpakill
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.DriverManager
http://nicolascoolman.fr/32720552-pup-speeddial =>PUP.SpeedDial
http://nicolascoolman.fr/adware-metastream =>Adware.MetaStream
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskTBar
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://www.nicolascoolman.fr/blog/ =>Spyware.AdaEbook
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://www.nicolascoolman.fr/blog/ =>Adware.ShopperReports
~ MSI: 28 link(s) detected in 00mn AMs



~ 1063 Legitimates filtered by white list
End of the scan (1044 lines in 08mn AMs)(0.4)

Publicité


Signaler le contenu de ce document

Publicité