~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014) ~ Launched by mahdi (04/02/2014 22:13:50) ~ Web site address : http://nicolascoolman.webs.com ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows 7 Home Premium, 64-bit (Build 7600) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software avast! Free Antivirus v7.0.1426.0 Windows Defender W7 ---\\ System optimization software CCleaner v3.27 =>Piriform Ltd ---\\ Sharing software PeerToPeer µTorrent v3.3.0.29126 =>P2P.µTorrent ---\\ Surveillance software Adobe Flash Player 10 Plugin Adobe Reader 9 - Français ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4090 MB (66% free) System Restore: Activé (Enable) System drive C: has 32 GB (34%) free of 93 GB ---\\ Connection to the system mode ~ Computer Name: MAHDI-PC ~ User Name: mahdi ~ All Users Names: mahdi, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\mahdi\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\mahdi\AppData\Roaming\ ~ %Desktop% : C:\Users\mahdi\Desktop\ ~ %Favorites% : C:\Users\mahdi\Favorites\ ~ %LocalAppData% : C:\Users\mahdi\AppData\Local\ ~ %StartMenu% : C:\Users\mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 32 Go of 93 Go) D: Hard drive, Flash drive, Thumb drive (Free 36 Go of 93 Go) E: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Search Generic System Files [MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/10/2013 - 12:29:57.) -- C:\Windows\System32\wininet.dll [1389056] [MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:24:40.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936] [MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696] [MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072] [MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840] [MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 18:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792] ~ Generic Processes: Scanned in 00mn 01s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/340 ~ Mes musiques (My Musics) : 1/30 ~ Mes Favoris (My Favorites) : 1/220 ~ Mes Documents (My Documents) : 11/288 ~ Mon Bureau (My Desktop) : 1/5709 ~ Menu demarrer (Programs) : 1/49 ~ Hidden Files: Scanned in 00mn 14s ---\\ Process running [MD5.AF3DA0C60DE8A312328F247FF2FA6239] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [775968] [PID.2780] [MD5.574C7158E51A951CA457D4FA4E3EEF14] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344] [PID.3140] [MD5.E78FA80D4D7FD757A53781E17A3B7402] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3487128] [PID.3160] [MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4241512] [PID.3480] [MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4080] [MD5.A08A6D194884DFC35C619F8A5E1FFFBD] - (.No owner - Real-time Protector.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe [1120032] [PID.3724] [MD5.3F744D5BCEF935B32B43BF7F83098032] - (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe [508144] [PID.3412] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1856] [MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Users\mahdi\AppData\Local\Google\Chrome\Application\chrome.exe [866632] [PID.2452] [MD5.3AEF75E9EE6D6B34F90ED374B889860E] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [4410656] [PID.512] [MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4480] [MD5.3F98B594E5404311D464769733DF5125] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [658632] [PID.3944] [MD5.D8E53B433345091CFC1C13F2A20CFF11] - (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe [18708392] [PID.4792] [MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4308] [MD5.F5456293D2604BCE2BEC07FC6186A341] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440] [PID.812] [MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768] [PID.1224] [MD5.0E5B22DE32C7B388D254DD040E6630D3] - (.Spigot, Inc. - Application Updater.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [807800] [PID.1572] =>PUP.Dealio [MD5.A065F048E9E23E6C026A7BB548D126A7] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [345376] [PID.1772] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1888] [MD5.50536335D8C6E7CFCE2F3E93FFF57E6E] - (.Bandoo Media Inc. - Datamngr Coordinator.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3445248] [PID.2004] =>PUP.Datamngr [MD5.00907C94641E14F3ADBB2A533EFD8BF3] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304] [PID.1304] [MD5.13AA3C457294711EC1484277759CF251] - (.Bandoo Media Inc. - Data Manager.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe [3605504] [PID.1516] =>PUP.Datamngr [MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1820] [MD5.72CC4D52ECED3A4536238CAC2F28575C] - (.No owner - PluginProtect.) -- C:\Users\mahdi\AppData\Roaming\okitspace\protect\PluginProtect.exe [123904] [PID.2148] =>PUP.Onekit [MD5.352761BE30E0DD24B509EF2C0CCFA72E] - (.TorchMedia Inc. - TorchCrashHandler.) -- C:\Users\mahdi\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205760] [PID.2444] [MD5.468AEC7534B7B0A66AC5FE9A2C0020E4] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3784704] [PID.2600] [MD5.1D283DD3AE2312EEE624E8B8C46F6ADB] - (...) -- c:\programdata\setapp\ws-enabler\WS-Enabler.exe [729600] [PID.3008] [MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.3352] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://ww G2 - GCE: Preference [User Data\Default] [jbpkiefagocgkmemidfngdkamloieekf] Torntv v.1.1 (Activé) =>Hijacker.TornTV G2 - GCE: Preference [User Data\Default] [niapdbllcanepiiimjjndipklodoedlc] Yontoo v.1.0.2 (Activé) =>Adware.Yontoo ~ Google Browser: 8 Legitimates Filtered in 00mn 07s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\prefs.js C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\user.js M3 - MFPP: Plugins - [mahdi] -- C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\searchplugins\01netcom-main-customized-web-search.xml =>Toolbar.Conduit M3 - MFPP: Plugins - [mahdi] -- C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\searchplugins\Ask.xml M3 - MFPP: Plugins - [mahdi] -- C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\searchplugins\myplaycity.xml M3 - MFPP: Plugins - [mahdi] -- C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\searchplugins\search-with-eazelbar.xml =>Hijacker.Eazel M3 - MFPP: Plugins - [mahdi] -- C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\searchplugins\WebSearch.xml M3 - MFPP: Plugins - [mahdi] -- C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\searchplugins\yahoo_ff.xml M3 - MFPP: Plugins - [mahdi] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Ask.xml M3 - MFPP: Plugins - [mahdi] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\1irmvbscl@lzdl-eo.net] [] ShoppingChip v1.1 (..) =>Adware.ShoppingChip M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com] [] Torntv V6.0 v1.1 (..) =>Hijacker.TornTV M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\plugin@yontoo.com] [] Yontoo v1.20.02 (..) =>Adware.Yontoo M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\savingsslider@mybrowserbar.com] [] Slick Savings v2.9 (..) =>PUP.Dealio M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}] [] Movies Toolbar (Dist. by Bandoo Media, Inc.) v1.6.2.0 (..) =>PUP.MoviesToolbar M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\{58d2a791-6199-482f-a9aa-9b725ec61362}] [] Start Page v2.0 (..) M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\{6F977649-B06D-7809-9725-1FCFD3AC8308}] [] New tab v5.0.0.10569 (..) M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\{CA32D3EC-15C8-DDAC-3280-BA6A760926AD}] [] New tab v5.0.0.9602 (..) M2 - MFEP: prefs.js [mahdi - 46kxjsey.default\{f531b93a-b50b-4ff1-8288-404c881ac4da}] [] 01NET.com Main v10.23.0.822 (..) ~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchinweb.info R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchinweb.info R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve R3 - URLSearchHook: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (8, 6, 0, 3) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll =>PUP.Dealio R3 - URLSearchHook: (no name) [64Bits] - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (No version) -- (.not file.) =>PUP.Dealio ~ IE Browser: 21 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects (O2) O2 - BHO: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll =>PUP.Dealio O2 - BHO: CrossriderApp0045960 [64Bits] - {11111111-1111-1111-1111-110411591160} . (.installdaddy - Torntv V6.0 BHO.) -- C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho.dll =>PUP.CrossRider O2 - BHO: BetterSrf [64Bits] - {1824FF90-C98E-48A6-838F-E3B6572B0C77} . (.No owner - Making web browsing more enjoyable.) -- C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll =>PUP.BetterSurf O2 - BHO: Slick Savings [64Bits] - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} . (.Spigot, Inc. - Slick Savings for Internet Explorer.) -- C:\Users\mahdi\AppData\Roaming\Slick Savings\Coupons.dll =>PUP.Dealio O2 - BHO: OKitSpace Ads [64Bits] - {3543619C-D563-43f7-95EA-4DA7E1CC396A} . (...) -- C:\Users\mahdi\AppData\Roaming\okitSpace\IE\OkitSpace.dll =>PUP.Onekit O2 - BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) [64Bits] - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} . (.No owner - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRToolBar\IE\searchresultsDx.dll =>PUP.Datamngr O2 - BHO: MediaPlayerV1alpha840 [64Bits] - {6da7c53d-633c-477f-ba57-9d35b43acb3a} . (.No owner - Media Player.) -- C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha840\ie\MediaPlayerV1alpha840.dll O2 - BHO: VideoPlayerV3beta375 [64Bits] - {80950b40-137a-4b9e-877c-b87403937865} . (.No owner - Video Player.) -- C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta375\ie\VideoPlayerV3beta375.dll O2 - BHO: BetterSrf [64Bits] - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} . (.No owner - Making web browsing more enjoyable.) -- C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll =>PUP.BetterSurf O2 - BHO: ShoppingChip [64Bits] - {92DDDB5A-9412-5910-185B-DDE0D81072B6} . (...) -- C:\ProgramData\ShoppingChip\wwko4G.dll =>Adware.ShoppingChip O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Orphan key O2 - BHO: (no name) [64Bits] - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} Orphan key O2 - BHO: (no name) [64Bits] - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Orphan key ~ BHO: 22 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: IObit Apps Toolbar - [HKLM]{03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll =>PUP.Dealio O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key O3 - Toolbar\WebBrowser: (no name) - [HKCU]{5348442D-5637-006A-76A7-7A786E7484D7} Orphan key ~ Toolbar: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: AntiLogger.lnk . (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe O4 - GS\Desktop [Public]: Cartoon Maker.lnk . (...) -- C:\Program Files (x86)\Cartoon Maker\Cartoon_Maker.exe =>PUP.Babylon O4 - GS\Desktop [Public]: Deluge.lnk . (...) -- C:\Program Files (x86)\Deluge\deluge.exe O4 - GS\Desktop [Public]: Epson Easy Photo Print.lnk . (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe O4 - GS\Desktop [Public]: EPSON SX218 Series Manuel.lnk . (...) -- C:\Program Files (x86)\epson\TpManual\EPSON SX218 Series\fr\Useg\index.htm O4 - GS\Desktop [Public]: EZDownloader.lnk . (.EZDownloader - EZDownloader.) -- C:\Program Files (x86)\EZDownloader\EZDownloader.exe O4 - GS\Desktop [Public]: IObit Uninstaller.lnk . (.IObit - IObit Uninstaller.) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe O4 - GS\Desktop [Public]: LBP2900 Online-Handbücher.lnk . (...) -- C:\Program Files (x86)\Canon\LBP2900\Manuals\Index.pdf O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Trojan Killer.lnk . (.GridinSoft LLC. - Trojan Killer.) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe O4 - GS\Desktop [Public]: Web Navigation.lnk . (...) -- C:\Program Files (x86)\USB Disk Security\linkzb.exe O4 - GS\Desktop [Public]: Webplayer.lnk . (...) -- C:\Program Files (x86)\Webplayer\Webplayer.exe =>Adware.SocialSkinz O4 - GS\Desktop [Public]: Who Is On My Wifi.lnk . (...) -- C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\mahdi\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Webplayer.lnk . (...) -- C:\Program Files (x86)\Webplayer\Webplayer.exe =>Adware.SocialSkinz O4 - GS\QuickLaunch [mahdi]: Farm Frenzy 2.lnk . (...) -- C:\Program Files (x86)\MyPlayCity.com\Farm Frenzy 2\Farm Frenzy 2.exe O4 - GS\QuickLaunch [mahdi]: Farm Frenzy 3.lnk . (...) -- C:\Program Files (x86)\MyPlayCity.com\Farm Frenzy 3\Farm Frenzy 3.exe O4 - GS\QuickLaunch [mahdi]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [mahdi]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [mahdi]: Torch.lnk . (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe O4 - GS\QuickLaunch [mahdi]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\mahdi\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [mahdi]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [mahdi]: Mobogenie.lnk . (...) -- C:\Program Files (x86)\Mobogenie\Mobogenie.exe =>PUP.Mobogenie O4 - GS\TaskBar [mahdi]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar [mahdi]: RealDownloader.lnk . (...) -- C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe (.not file.) O4 - GS\TaskBar [mahdi]: Torch.lnk . (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe O4 - GS\Program [mahdi]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [mahdi]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [mahdi]: Torch.lnk . (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe O4 - GS\SystemTools [mahdi]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [mahdi]: DllSuite.lnk . (...) -- C:\Program Files (x86)\DLLSuite\2013\DLLSuite.exe O4 - GS\Desktop [mahdi]: DSC00313.JPG.lnk . (...) -- D:\NEW\mahdi\mahdi\DSC00313.JPG O4 - GS\Desktop [mahdi]: Facebook.lnk . (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe http://www.facebook.com O4 - GS\Desktop [mahdi]: Farm Frenzy 2.lnk . (...) -- C:\Program Files (x86)\MyPlayCity.com\Farm Frenzy 2\Farm Frenzy 2.exe O4 - GS\Desktop [mahdi]: Farm Frenzy 3.lnk . (...) -- C:\Program Files (x86)\MyPlayCity.com\Farm Frenzy 3\Farm Frenzy 3.exe O4 - GS\Desktop [mahdi]: game.exe.lnk . (.JoWooD Studio Vienna - game Application.) -- C:\Users\mahdi\Downloads\Neighbours from Hell\V. 1\bin\game.exe O4 - GS\Desktop [mahdi]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\mahdi\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [mahdi]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [mahdi]: MaskMyIP.exe (2).lnk . (.Mask My IP - Mask My IP.) -- C:\Program Files (x86)\MaskMyIP\MaskMyIP.exe O4 - GS\Desktop [mahdi]: Mobogenie.lnk . (...) -- C:\Program Files (x86)\Mobogenie\Mobogenie.exe =>PUP.Mobogenie O4 - GS\Desktop [mahdi]: Neighbours From Hell 5.lnk . (...) -- C:\Program Files (x86)\Neighbours From Hell 5\game.exe O4 - GS\Desktop [mahdi]: Torch.lnk . (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe O4 - GS\Desktop [mahdi]: YouTube Downloader.lnk . (...) -- C:\Program Files (x86)\YouTube Downloader\YouTubeDownloader.exe =>PUP.Dealio O4 - GS\Desktop [mahdi]: Youtube.lnk . (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe http://www.youtube.com ~ Global Startup: 101 Legitimates Filtered in 00mn 02s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mahdi\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [crypted] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\keyscrambler.exe O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe O4 - HKLM\..\Wow6432Node\Run: [AntiLogger] . (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1541914478-1416254235-3002556401-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mahdi\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-1541914478-1416254235-3002556401-1000\..\Run: [crypted] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKUS\S-1-5-21-1541914478-1416254235-3002556401-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe O4 - HKUS\S-1-5-21-1541914478-1416254235-3002556401-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe ~ Application: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{D7C4D6F4-C351-4C36-B08E-92A405AC71A0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{D7C4D6F4-C351-4C36-B08E-92A405AC71A0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{D7C4D6F4-C351-4C36-B08E-92A405AC71A0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\win64cert.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Application Updater (Application Updater) . (.Spigot, Inc. - Application Updater.) - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe =>PUP.Dealio O23 - Service: WS-Supporter (cfb41c29) . (...) - C:\Program Files (x86)\ws-enabler\assistantSvc.dll O23 - Service: Datamngr Coordinator (DatamngrCoordinator) . (.Bandoo Media Inc. - Datamngr Coordinator.) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>PUP.Datamngr O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Protect your browser's extensions (srvPlgProtect) . (.No owner - PluginProtect.) - C:\Users\mahdi\AppData\Roaming\okitspace\protect\PluginProtect.exe =>PUP.Onekit O23 - Service: Torch Crash Handler (TorchCrashHandler) . (.TorchMedia Inc. - TorchCrashHandler.) - C:\Users\mahdi\AppData\Local\Torch\Update\TorchCrashHandler.exe O23 - Service: Yontoo Desktop Updater (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (.not file.) =>Adware.Yontoo ~ Services: 13 Legitimates Filtered in 00mn 18s ---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36) O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll =>PUP.Datamngr O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll =>PUP.Datamngr ~ Keys: Scanned in 00mn 00s ---\\ Task Planned Automatically (039) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [356] =>PUP.Software.Updater O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job [2168] =>Hijacker.TornTV O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Torntv V6.0-codedownloader.job [1452] =>Hijacker.TornTV O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Torntv V6.0-enabler.job [1340] =>Hijacker.TornTV O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job [2424] =>Hijacker.TornTV O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Torntv V6.0-updater.job [1514] =>Hijacker.TornTV O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WS-Enabler-S-1404196680.job [436] [MD5.2166FC04E714171C9F9FBB52F036086B] [APT] [AmiUpdXp] (.Amonetizé Ltd.) -- C:\Users\mahdi\AppData\Local\SwvUpdater\Updater.exe [290344] =>PUP.Software.Updater [MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.98A5082AEC6DAF3F389972D1118D170B] [APT] [Torntv V6.0-chromeinstaller] (.installdaddy.) -- C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-chromeinstaller.exe [969728] =>Hijacker.TornTV [MD5.1B1AC33E2FF73F370CE2E1A97241109A] [APT] [Torntv V6.0-codedownloader] (.installdaddy.) -- C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-codedownloader.exe [553984] =>Hijacker.TornTV [MD5.7FFCBDCF0965C02B21DB06C2C5DB9D34] [APT] [Torntv V6.0-enabler] (.installdaddy.) -- C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-enabler.exe [399360] =>Hijacker.TornTV [MD5.33AC18797F30D9DC87FD318D4F680108] [APT] [Torntv V6.0-firefoxinstaller] (.installdaddy.) -- C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe [932352] =>Hijacker.TornTV [MD5.A6CCE7F873CC3FCB2F3D9AAD3AA57C19] [APT] [Torntv V6.0-updater] (.installdaddy.) -- C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe [379392] =>Hijacker.TornTV [MD5.87948212C71A773AEF4C68029BFAE924] [APT] [wp_update] (...) -- C:\Users\mahdi\AppData\Roaming\~ndolgte.exe [493272] =>PUP.WpManager [MD5.1D283DD3AE2312EEE624E8B8C46F6ADB] [APT] [WS-Enabler-S-1404196680] (...) -- c:\programdata\setapp\ws-enabler\WS-Enabler.exe [729600] ~ Scheduled Task: 59 Legitimates Filtered in 00mn 07s ---\\ Software installed (O42) O42 - Logiciel: Better Surf Plus - (.Better Surf.) [HKLM][64Bits] -- Better Surf Plus O42 - Logiciel: Cartoon Maker 3.0 - (.LiangzhuSoftware.) [HKLM][64Bits] -- Cartoon Maker_is1 =>PUP.Babylon O42 - Logiciel: Mask My IP - (...) [HKLM][64Bits] -- MaskMyIP O42 - Logiciel: Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) - (.APN LLC.) [HKLM][64Bits] -- ilividmoviestoolbarhaFF =>PUP.MoviesToolbar O42 - Logiciel: Neighbours From Hell 5 - (...) [HKLM][64Bits] -- Neighbours From Hell 5 O42 - Logiciel: Product Support 1.74.b1377 - (...) [HKLM][64Bits] -- SP_963508d2 O42 - Logiciel: ShoppingChip - (.ShoppingChip.) [HKLM][64Bits] -- {1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA} =>Adware.ShoppingChip O42 - Logiciel: Slick Savings - (.Spigot, Inc..) [HKLM][64Bits] -- {3A787631-66A2-4634-B928-A37E73B58FB6} =>PUP.Dealio O42 - Logiciel: Torntv V6.0 - (.installdaddy.) [HKLM][64Bits] -- Torntv V6.0 =>Hijacker.TornTV O42 - Logiciel: WS-Enabler - (.PremiumSoft.) [HKLM][64Bits] -- S-1404196680 O42 - Logiciel: WS-Supporter 1.80 - (.Verified Publisher.) [HKLM][64Bits] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{cfb41c29} O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- Webplayer =>Adware.SocialSkinz O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {F750DB0E-D452-3108-63C9-FE16BC686741} =>Adware.SocialSkinz O42 - Logiciel: Who Is On My Wifi version 2.1.2 - (.IO3O LLC.) [HKLM][64Bits] -- {010D45A1-093D-4534-8147-4E10E80F81CC}_is1 ~ Logic: 18 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\APN DTX] [HKCU\Software\APN PIP] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Datamngr] =>PUP.Datamngr [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\RED ZION] [HKCU\Software\Search Settings] =>Adware.SearchSettings [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\iLivid] =>Adware.Bandoo [HKLM\Software\Liangzhu] [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf [HKLM\Software\Wow6432Node\BetterSurf] =>PUP.BetterSurf [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Wow6432Node\Liangzhu] [HKLM\Software\Wow6432Node\MediaPlayerV1] [HKLM\Software\Wow6432Node\OKitSpace] =>PUP.Onekit [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix [HKLM\Software\Wow6432Node\Search Settings] =>Adware.SearchSettings [HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia [HKLM\Software\Wow6432Node\WS-Enabler] [HKLM\Software\Wow6432Node\Zwinky_5qEI] =>Adware.MyClearSearch ~ Key Software: 314 Legitimates Filtered in 00mn 01s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 13/01/2013 - 20:35:30 - [5,129] ----D C:\Program Files (x86)\Beauty Guide O43 - CFD: 27/11/2013 - 14:48:39 - [0,090] ----D C:\Program Files (x86)\Better-Surf =>PUP.BetterSurf O43 - CFD: 11/12/2013 - 12:23:39 - [0,622] ----D C:\Program Files (x86)\BetterSurf =>PUP.BetterSurf O43 - CFD: 13/01/2013 - 21:41:05 - [2,071] ----D C:\Program Files (x86)\Cartoon Maker =>PUP.Babylon O43 - CFD: 15/03/2013 - 19:32:37 - [0,609] ----D C:\Program Files (x86)\Conduit O43 - CFD: 30/01/2014 - 11:53:36 - [0,597] ----D C:\Program Files (x86)\MediaPlayerV1 O43 - CFD: 10/10/2013 - 14:30:40 - [26,198] ----D C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar O43 - CFD: 25/02/2013 - 17:51:00 - [684,238] ----D C:\Program Files (x86)\Neighbours From Hell 5 O43 - CFD: 27/10/2013 - 12:32:13 - [1,316] ----D C:\Program Files (x86)\PSupport O43 - CFD: 24/01/2014 - 19:44:21 - [9,363] ----D C:\Program Files (x86)\Torntv V6.0 =>Hijacker.TornTV O43 - CFD: 28/01/2014 - 20:32:10 - [8,124] ----D C:\Program Files (x86)\WS-Enabler O43 - CFD: 13/10/2013 - 15:30:02 - [0,053] ----D C:\Program Files (x86)\Zwinky_5qEI =>Adware.MyClearSearch O43 - CFD: 30/01/2014 - 14:28:23 - [2,747] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio O43 - CFD: 30/09/2013 - 18:48:27 - [0] ----D C:\ProgramData\APN O43 - CFD: 16/01/2013 - 16:24:13 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 10/10/2013 - 15:23:29 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard O43 - CFD: 10/10/2013 - 15:23:29 - [0] ----D C:\ProgramData\Browser Manager O43 - CFD: 10/10/2013 - 15:23:29 - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel O43 - CFD: 04/02/2014 - 22:15:00 - [0,026] ----D C:\ProgramData\Datamngr =>PUP.Datamngr O43 - CFD: 28/01/2014 - 20:39:27 - [2,183] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 30/01/2014 - 14:27:25 - [0] ----D C:\ProgramData\ProductData O43 - CFD: 28/01/2014 - 20:39:27 - [0,701] ----D C:\ProgramData\SetApp O43 - CFD: 27/10/2013 - 12:31:42 - [0,587] ----D C:\ProgramData\ShoppingChip =>Adware.ShoppingChip O43 - CFD: 26/10/2013 - 18:25:23 - [2,718] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 04/02/2014 - 21:15:18 - [0,004] ----D C:\ProgramData\TorchCrashHandler O43 - CFD: 30/01/2014 - 14:27:18 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} O43 - CFD: 04/02/2014 - 21:56:43 - [32,145] --H-D C:\ProgramData\{492EBBD4-E9BF-4990-93B7-BA313CF7EB4B} O43 - CFD: 16/01/2013 - 16:24:13 - [0,047] ----D C:\Users\mahdi\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 13/01/2013 - 20:37:37 - [0,001] ----D C:\Users\mahdi\AppData\Roaming\BeautyGuide O43 - CFD: 27/10/2013 - 12:29:59 - [0,002] ----D C:\Users\mahdi\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles O43 - CFD: 01/02/2014 - 19:55:43 - [1,228] ----D C:\Users\mahdi\AppData\Roaming\newnext.me =>PUP.NextLive O43 - CFD: 18/12/2013 - 16:07:26 - [2,075] ----D C:\Users\mahdi\AppData\Roaming\okitspace =>PUP.Onekit O43 - CFD: 17/03/2013 - 23:30:29 - [0] ----D C:\Users\mahdi\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 30/01/2014 - 14:28:36 - [2,118] ----D C:\Users\mahdi\AppData\Roaming\Slick Savings =>PUP.Dealio O43 - CFD: 04/02/2014 - 21:18:07 - [0] ----D C:\Users\mahdi\AppData\Roaming\wp_update =>PUP.WpManager O43 - CFD: 16/01/2013 - 18:26:44 - [2,779] ----D C:\Users\mahdi\AppData\Local\Babylon =>PUP.Babylon O43 - CFD: 15/03/2013 - 19:32:26 - [0,080] ----D C:\Users\mahdi\AppData\Local\Conduit O43 - CFD: 21/01/2014 - 12:27:44 - [1,224] ----D C:\Users\mahdi\AppData\Local\genienext O43 - CFD: 27/01/2014 - 19:45:19 - [0,001] ----D C:\Users\mahdi\AppData\Local\RED_ZION_d.o.o O43 - CFD: 30/01/2014 - 14:28:37 - [0,021] ----D C:\Users\mahdi\AppData\Local\Slick Savings =>PUP.Dealio O43 - CFD: 27/10/2013 - 12:32:20 - [0,278] ----D C:\Users\mahdi\AppData\Local\SwvUpdater =>PUP.Software.Updater O43 - CFD: 15/12/2013 - 16:32:19 - [0,895] ----D C:\Users\mahdi\AppData\Local\TBHostSupport O43 - CFD: 15/11/2013 - 16:14:22 - [0,185] ----D C:\Users\mahdi\AppData\Local\WhiteListing O43 - CFD: 30/01/2014 - 14:45:18 - [0] ----D C:\Users\mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cookbook O43 - CFD: 13/01/2013 - 20:42:08 - [0,001] ----D C:\Users\mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\دليل الانترنت 2.6 O43 - CFD: 05/02/2013 - 13:03:44 - [0,001] ----D C:\Users\mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\مشغل الفلاش العربي ~ Program Folder: 238 Legitimates Filtered in 00mn 41s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.B36375B1FF99CCB8F3D69D49A12E3BC0] - 29/01/2014 - 19:07:37 ---A- . (...) -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [112456] ~ Files: 15 Legitimates Filtered in 00mn 07s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe ~ IFEO: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\DrvUpdater [Key] . (.No owner - DRP Su Updater.) -- C:\Users\mahdi\AppData\Roaming\DRPSu\DrvUpdater.exe O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie O53 - SMSR:HKLM\...\startupreg\NextLive [Key] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\mahdi\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive O53 - SMSR:HKLM\...\startupreg\SearchProtect [Key] . (...) -- C:\Users\mahdi\AppData\Roaming\SearchProtect\bin\cltmng.exe (.not file.) =>Toolbar.Conduit O53 - SMSR:HKLM\...\startupreg\SearchProtectAll [Key] . (...) -- C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (.not file.) =>Toolbar.Conduit O53 - SMSR:HKLM\...\startupreg\SearchSettings [Key] . (.Spigot, Inc. - Search Settings.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe =>PUP.Dealio O53 - SMSR:HKLM\...\startupreg\Slick Savings [Key] . (.Spigot, Inc. - Slick Savings Helper.) -- C:\Users\mahdi\AppData\Roaming\Slick Savings\CouponsHelper.exe =>PUP.Dealio ~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "RunLogonScriptSync"=1 O55 - MWPS:[HKLM\...\Policies\System] - "SynchronousMachineGroupPolicy"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SynchronousUserGroupPolicy"=0 ~ MWPS: 20 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.9BF9E809FBB2D5D0403B32B15ABE5F30] - 13/11/2013 - 16:05:12 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16640] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.A57FF4C6A3CC4AA2F0C0E15E29259A8B] - 24/04/2013 - 20:18:34 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [46792] O58 - SDL:[MD5.929DF302F15BFE24AC66EF45D858C413] - 28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [175480] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.83C57F165F0216E5CE40D7E4E00DC76D] - 24/04/2013 - 20:28:08 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184] ~ Drivers: 20 Legitimates Filtered in 00mn 06s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\mahdi\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("CT3285358.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN6065[...] O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("CT3285358.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3285358&octid=CT3[...] O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3285358&SearchSource=13&CUI=UN60657690921374915"); =>Hijacker.SmartBar O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("Smartbar.ConduitSearchEngineList", "01NET.com Main Customized Web Search"); =>Hijacker.SmartBar O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN60657690[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("extensions.crossrider.bic", "143edb20344c60a2c7bf5b3dad8facaa"); =>PUP.CrossRider O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("plugin.state.npconduitfirefoxplugin", 2); O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3285358&SearchSource=13&CUI=UN60657690921374915"); =>Hijacker.SmartBar O69 - SBI: prefs.js [mahdi - 46kxjsey.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN6[...] =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {961AA1FB-D40B-4CF1-9F4D-640DEBBE33A4} - (Ask Search) - http://www.search.ask.com O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (EazelBar Search) - http://en.eazel.com =>Hijacker.Eazel O69 - SBI: SearchScopes [HKCU] {99AD7DDD-6E9B-4D7D-B3CA-8581FE9ABCAC} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com O69 - SBI: SearchScopes [HKCU] {A288B513-837B-4878-8B55-C4D70B994683} - (01NET.com Main Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {B904E8AA-8C22-4499-9A54-98FBF58C31FA} [DefaultScope] - (Yahoo) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.searchinweb.info O69 - SBI: SearchScopes [HKCU] {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - (MyPlayCity) - http://home.myplaycity.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (CKF) (O82) C:\Users\mahdi\Downloads\Programs\simple shop 1 9 8 340 keygen torrent.exe C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Get Your Software Here\Keygen\keygen.exe C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Get Your Software Here\SShop.exe C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Simple Shop 1.9.8.340 + Keygen.rar C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Torrent Downloaded From ExtraTorrent.com.txt C:\Users\mahdi\Downloads\~Simple Shop 1.9.9.453 Multilingual + Keymaker\Get Your Software Here\Keygen\keygen.exe C:\Users\mahdi\Downloads\~Simple Shop 1.9.9.453 Multilingual + Keymaker\~Simple Shop 1.9.9.453 Multilingual + Keymaker\Get Your Software Here\Keygen\keygen.exe C:\Users\mahdi\Downloads\Programs\simple shop 1 9 8 340 keygen torrent.exe C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Get Your Software Here\Keygen\keygen.exe C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Get Your Software Here\SShop.exe C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Simple Shop 1.9.8.340 + Keygen.rar C:\Users\mahdi\Downloads\Simple Shop 1.9.8.340 + Keygen\Torrent Downloaded From ExtraTorrent.com.txt C:\Users\mahdi\Downloads\~Simple Shop 1.9.9.453 Multilingual + Keymaker\Get Your Software Here\Keygen\keygen.exe C:\Users\mahdi\Downloads\~Simple Shop 1.9.9.453 Multilingual + Keymaker\~Simple Shop 1.9.9.453 Multilingual + Keymaker\Get Your Software Here\Keygen\keygen.exe ~ Files: Scanned in 00mn 41s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.A0E1C39E1FD8F69141814505182414BF] [SPRF][17/03/2013] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.04D97D753F8FE2737A9E04B3DFD874F7] [SPRF][30/01/2014] (.@ - setup file.) -- C:\Users\mahdi\AppData\Local\Temp\DownloadManager.exe [1338136] [MD5.14325F9FA7BEF0151DA4E6D38748E34E] [SPRF][30/01/2014] (.Media Player - No Comment.) -- C:\Users\mahdi\AppData\Local\Temp\Setup2.exe [965995] [MD5.FE104E3D0A724640950A6D3060E0C130] [SPRF][01/02/2014] (...) -- C:\Users\mahdi\AppData\Local\Temp\SkypeSetup.exe [3084288] [MD5.031E44A981406C4067C8A1326393FD08] [SPRF][30/01/2014] (...) -- C:\Users\mahdi\AppData\Local\Temp\toolbar84760522.exe [953844] [MD5.12759442ED4A70F0257E80448409C9D0] [SPRF][30/01/2014] (.http://www.goforfiles.com/ - GoforFiles.) -- C:\Users\mahdi\AppData\Local\Temp\uninstall85168870.exe [8142576] =>P2P.GoforFiles [MD5.4CE42D5CF5D556A4D429E95B474F413C] [SPRF][30/01/2014] (.http://goforfiles.com/ - GoforFiles Application.) -- C:\Users\mahdi\AppData\Local\Temp\uninstall85177544.exe [2370560] =>P2P.GoforFiles [MD5.87948212C71A773AEF4C68029BFAE924] [SPRF][01/12/2013] (.No owner - wp_update scheduler.) -- C:\Users\mahdi\AppData\Roaming\~ndolgte.exe [493272] =>PUP.WpManager ~ Files: 13 Legitimates Filtered in 00mn 03s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{707A18A7-66D4-4BD2-98A0-A1ED89C5232A}" | In - None - P17 - TRUE | .(.Torch Media Inc. - Torch.) -- C:\Users\mahdi\AppData\Local\Torch\Application\torch.exe O87 - FAEL: "{791EFF1D-F59E-4F42-916E-C191768466AD}" | In - Public - P6 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRToolBar\IE\dtUser.exe =>PUP.Datamngr O87 - FAEL: "{588C6850-B8CF-42D3-9786-0499DE27518C}" | In - Public - P17 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRToolBar\IE\dtUser.exe =>PUP.Datamngr O87 - FAEL: "{741DB039-937C-4449-AAAB-9F916D63D026}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{7786D6EB-E32A-47DA-BA8E-50ACEB007411}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{266476C9-5967-4261-B1F4-24DD25AAF886}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{C54747D1-8E5F-4201-BE6C-B0554C9CAB20}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "TCP Query User{BB51190C-6849-4DC7-AF29-DFAEFA7E84CB}C:\program files (x86)\deluge\deluge.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe O87 - FAEL: "UDP Query User{F7A98056-751C-481E-BF58-C7547B5B9B66}C:\program files (x86)\deluge\deluge.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe ~ Firewall: 182 Legitimates Filtered in 00mn 01s ---\\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.2A30BD61B5676FFD55677447A2005E2B] [WIS][01/12/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\41cfb9.msi [21504] =>Adware.SocialSkinz [MD5.A121D1AB3EC9A765E32CF3DAE7367396] [WIS][30/01/2014] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\42b2ca7.msi [4563968] =>PUP.Dealio ~ WIS: 43 Legitimates Filtered in 00mn 06s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 23/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 23/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe SS - | Demand 03/02/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Auto 10/07/1658 0 | (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo SR - | Auto 09/12/2013 881440 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe SR - | Auto 16/01/2014 807800 | (Application Updater) . (.Spigot, Inc..) - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe =>PUP.Dealio SR - | Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 12/02/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SR - | Auto 28/01/2014 183632 | (cfb41c29) . (...) - C:\Program Files (x86)\ws-enabler\assistantSvc.dll SR - | Auto 05/12/2013 3445248 | (DatamngrCoordinator) . (.Bandoo Media Inc..) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>PUP.Datamngr SR - | Auto 01/11/2012 98304 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe SR - | Demand 01/11/2012 3784704 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe SR - | Auto 04/02/2014 123904 | (srvPlgProtect) . (...) - C:\Users\mahdi\AppData\Roaming\okitspace\protect\PluginProtect.exe =>PUP.Onekit SR - | Auto 21/12/2013 1205760 | (TorchCrashHandler) . (.TorchMedia Inc..) - C:\Users\mahdi\AppData\Local\Torch\Update\TorchCrashHandler.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 07s ---\\ Search Master Boot Record Infection (MBR)(O80) Run by mahdi at 04/02/2014 22:17:11 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by mahdi at 04/02/2014 22:17:13 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13030 - (25/01/2014) Clés trouvées (Keys found) : 104 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 50 Fichiers trouvés (Files found) : 36 [HKLM\Software\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf] =>Hijacker.TornTV^ [HKLM\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc] =>Adware.Yontoo^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] =>PUP.Dealio^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591160}] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1824FF90-C98E-48A6-838F-E3B6572B0C77}] =>PUP.BetterSurf^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}] =>PUP.Dealio^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A}] =>PUP.Onekit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}] =>PUP.Datamngr^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}] =>PUP.BetterSurf^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92DDDB5A-9412-5910-185B-DDE0D81072B6}] =>Adware.ShoppingChip^ [HKLM\SYSTEM\CurrentControlSet\Services\Application Updater] =>PUP.Dealio^ [HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator] =>PUP.Datamngr^ [HKLM\SYSTEM\CurrentControlSet\Services\srvPlgProtect] =>PUP.Onekit^ [HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Cartoon Maker_is1] =>PUP.Babylon^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbarhaFF] =>PUP.MoviesToolbar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D2ABF6A-2B19-3E94-0991-5B5BDB7134DA}] =>Adware.ShoppingChip^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}] =>PUP.Dealio^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torntv V6.0] =>Hijacker.TornTV^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webplayer] =>Adware.SocialSkinz^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F750DB0E-D452-3108-63C9-FE16BC686741}] =>Adware.SocialSkinz^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] =>PUP.Mobogenie^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\NextLive] =>PUP.NextLive^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings] =>PUP.Dealio^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Slick Savings] =>PUP.Dealio^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater [HKLM\Software\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater [HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo [HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] =>Toolbar.Ask&Record [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] =>Toolbar.Ask&Record [HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater [HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\APN DTX] =>Toolbar.Ask [HKCU\Software\APN PIP] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Application Updater] =>PUP.Dealio [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\ilivid] =>Adware.Bandoo [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ilivid] =>Adware.Bandoo [HKCU\Software\Search Settings] =>PUP.Dealio [HKCU\Software\AppDataLow\Software\Search Settings] =>PUP.Dealio [HKLM\Software\Wow6432Node\Search Settings] =>PUP.Dealio [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}] =>Hijacker.Eazel [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKCU\Software\IObit Apps] =>PUP.Dealio [HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio [HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio [HKLM\Software\Wow6432Node\SoftwareUpdater] =>Hijacker.Eazel [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf] =>Hijacker.TornTV [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0045960.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0045960.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0045960.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0045960.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411591160}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422592260}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0045960.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0045960.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0045960.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0045960.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411591160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422592260}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{03EB0E9C-7A91-4381-A220-9B52B641CDB1} =>PUP.Dealio^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{03EB0E9C-7A91-4381-A220-9B52B641CDB1} =>PUP.Dealio^ C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf =>Hijacker.TornTV^ C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc =>Adware.Yontoo^ C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\extensions\1irmvbscl@lzdl-eo.net =>Adware.ShoppingChip^ C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com =>Hijacker.TornTV^ C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\extensions\plugin@yontoo.com =>Adware.Yontoo^ C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\extensions\savingsslider@mybrowserbar.com =>PUP.Dealio^ C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} =>PUP.MoviesToolbar^ C:\Program Files (x86)\Better-Surf =>PUP.BetterSurf^ C:\Program Files (x86)\BetterSurf =>PUP.BetterSurf^ C:\Program Files (x86)\Cartoon Maker =>PUP.Babylon^ C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar^ C:\Program Files (x86)\Torntv V6.0 =>Hijacker.TornTV^ C:\Program Files (x86)\Zwinky_5qEI =>Adware.MyClearSearch^ C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\ProgramData\BitGuard =>PUP.BitGuard^ C:\ProgramData\BrowserProtect =>Hijacker.Eazel^ C:\ProgramData\Datamngr =>PUP.Datamngr^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\ProgramData\ShoppingChip =>Adware.ShoppingChip^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\Users\mahdi\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\mahdi\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^ C:\Users\mahdi\AppData\Roaming\newnext.me =>PUP.NextLive^ C:\Users\mahdi\AppData\Roaming\okitspace =>PUP.Onekit^ C:\Users\mahdi\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\mahdi\AppData\Roaming\Slick Savings =>PUP.Dealio^ C:\Users\mahdi\AppData\Roaming\wp_update =>PUP.WpManager^ C:\Users\mahdi\AppData\Local\Babylon =>PUP.Babylon^ C:\Users\mahdi\AppData\Local\Slick Savings =>PUP.Dealio^ C:\Users\mahdi\AppData\Local\SwvUpdater =>PUP.Software.Updater^ C:\Program Files (x86)\YouTube Downloader =>PUP.Dealio C:\Program Files (x86)\Application Updater =>PUP.Dealio C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\Gophoto.it =>Spyware.GophotoIt C:\Program Files (x86)\IObit Apps Toolbar =>PUP.Dealio C:\ProgramData\Browser Manager =>PUP.Babylon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader =>PUP.Dealio C:\Users\mahdi\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\mahdi\AppData\Local\SearchProtect =>Toolbar.Conduit C:\Users\mahdi\AppData\LocalLow\searchresultstb =>Toolbar.Agent C:\Users\mahdi\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\mahdi\AppData\LocalLow\Search Settings =>PUP.Dealio C:\Users\mahdi\AppData\LocalLow\Zwinky_5qEI =>Adware.MyClearSearch C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakpajgggjjcjmidfbnnncnbaihjneaj =>Toolbar.Conduit C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk =>Spyware.GophotoIt C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio C:\Users\mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\Smartbar =>Hijacker.SmartBar C:\Users\mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\46kxjsey.default\Extensions\gophoto@gophoto.it.xpi =>Spyware.GophotoIt [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow ^ C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe =>PUP.Dealio^ C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>PUP.Datamngr^ C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe =>PUP.Datamngr^ C:\Users\mahdi\AppData\Roaming\okitspace\protect\PluginProtect.exe =>PUP.Onekit^ C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^ C:\Windows\Tasks\Torntv V6.0-chromeinstaller.job =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-codedownloader.job =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-enabler.job =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job =>Hijacker.TornTV^ C:\Windows\Tasks\Torntv V6.0-updater.job =>Hijacker.TornTV^ C:\Users\mahdi\AppData\Local\SwvUpdater\Updater.exe =>PUP.Software.Updater^ C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-chromeinstaller.exe =>Hijacker.TornTV^ C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-codedownloader.exe =>Hijacker.TornTV^ C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-enabler.exe =>Hijacker.TornTV^ C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe =>Hijacker.TornTV^ C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe =>Hijacker.TornTV^ C:\Users\mahdi\AppData\Roaming\~ndolgte.exe =>PUP.WpManager^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\Datamngr] =>PUP.Datamngr^ [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^ [HKCU\Software\iLivid] =>Adware.Bandoo^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\Better-Surf] =>PUP.BetterSurf^ [HKLM\Software\Wow6432Node\BetterSurf] =>PUP.BetterSurf^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\Datamngr] =>PUP.Datamngr^ [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^ [HKLM\Software\Wow6432Node\OKitSpace] =>PUP.Onekit^ [HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia^ [HKLM\Software\Wow6432Node\Zwinky_5qEI] =>Adware.MyClearSearch^ C:\Users\mahdi\AppData\Local\Temp\uninstall85168870.exe =>P2P.GoforFiles^ C:\Users\mahdi\AppData\Local\Temp\uninstall85177544.exe =>P2P.GoforFiles^ C:\Windows\Installer\41cfb9.msi =>Adware.SocialSkinz^ C:\Windows\Installer\42b2ca7.msi =>PUP.Dealio^ ~ Additionnel Scan: 189895 Items scanned in 00mn 43s ---\\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow ~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/33456961-pup-onekit =>PUP.OneKit ~ http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV ~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/35808715-adware-shoppingchip =>Adware.ShoppingChip ~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/36340918-pup-bettersurf =>PUP.BetterSurf ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie ~ http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater =>PUP.Software.Updater ~ http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager ~ http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver ~ http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector ~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix ~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia ~ http://nicolascoolman.webs.com/apps/blog/show/28456964-adware-myclearsearch =>Adware.MyClearSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy ~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic ~ http://nicolascoolman.webs.com/apps/blog/show/27793524-spyware-gophotoit =>Spyware.GophotoIt ~ MSI: 39 link(s) detected in 00mn 44s ~ 1182 Legitimates filtered by white list End of the scan (964 lines in 04mn 09s)(14)