~ Report of ZHPDiag v2014.1.25.26 - Nicolas Coolman  (01/25/2014)
~ Launched by samir (02/06/2014 18:53:37)
~ Web site address :  http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by 
~ Version State : 
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Internet Security v9.0.2007
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer
µTorrent v2.2.1 =>P2P.µTorrent

---\\ Surveillance software
Adobe Flash Player 12 Plugin

---\\ Information on the system
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2812.6 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 150 GB (53%) free of 281 GB

---\\ Connection to the system mode
~ Computer Name: SAMIR-HP
~ User Name: samir
~ All Users Names: samir, HomeGroupUser$, ASPNET, Administrateur, 
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\samir\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\samir\AppData\Roaming\
~ %Desktop% : C:\Users\samir\Desktop\
~ %Favorites% : C:\Users\samir\Favorites\
~ %LocalAppData% : C:\Users\samir\AppData\Local\
~ %StartMenu% : C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 150 Go of 281 Go)
F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 2 Go)
G: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 47 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.02/25/2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.07/14/2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/26/2013 - 8:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/20/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.11/20/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.09/28/2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.07/14/2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.07/14/2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.07/14/2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.07/14/2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/27/2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.04/12/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.07/14/2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.07/14/2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/20/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/487
~ Mes musiques (My Musics) : 6/415
Mes Videos (My Videos) : 3/3   (Modified) 
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 9/817
~ Mon Bureau (My Desktop) : 2/9633
~ Menu demarrer (Programs) : 1/109
~ Hidden Files:  Scanned in 00mn 24s



---\\ Process running
[MD5.C06F76EC21B1CD5D8EB8A95243371A67] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe   [2363392] [PID.2528]
[MD5.77D8FF6765F0D9D0141DB2A5E86D811A] - (.SPEEDbit - Video Accelerator UI.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe   [1517296] [PID.2608]
[MD5.DA5FBAA5D62B4FD393947DE5EE8715BE] - (.Flux Software LLC - f.lux.) -- C:\Users\samir\AppData\Local\FluxSoftware\Flux\flux.exe   [1016712] [PID.2640]
[MD5.FF786A74F62361A71AECDB8F8AC95D6F] - (.Somoto - FilesFrog.com Update Checker.) -- C:\Users\samir\AppData\Local\FilesFrog Update Checker\update_checker.exe   [201808] [PID.2748]  =>Adware.MegaSearch
[MD5.F645990AEEBD0A3C596F0D5FE460A810] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe   [3821136] [PID.2808]
[MD5.4F9236BE13917B89F7A03DEA85F220FA] - (.No owner - WebPlayer.) -- C:\Users\samir\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe   [202752] [PID.2888]  =>Adware.SocialSkinz
[MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254696] [PID.2420]
[MD5.236DB979F8EDFC4A6932909F2E92B8CA] - (.Blabbers Communications LTD - Browser Companion Helper.) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe   [182576] [PID.1500]  =>PUP.Blabbers
[MD5.653951958059071B7BF4E1A21134CC15] - (.No owner - HIPL2000Popup MFC Application.) -- C:\Program Files (x86)\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe   [126976] [PID.2328]
[MD5.40362F6AC3D4AB3BE952EEDB3703D8EA] - (.TechniSat Digital, S.A. - Server4PC.) -- C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe   [338448] [PID.3140]
[MD5.1FC71A719B45A6A90BAFE2387EA07984] - (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files (x86)\HSPA USB Modem\HSPALauncher.exe   [233472] [PID.3148]
[MD5.FB85F333D10B1475650C4304F99A1ECE] - (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe   [44784] [PID.3248]  =>Adware.VideoDownloadConverter
[MD5.35D6CAAA9E4D82974A74DBDB53801F98] - (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe   [30096] [PID.3312]  =>Adware.VideoDownloadConverter
[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3568312] [PID.3360]
[MD5.03DA9D7B455DA5359902142987631B66] - (.www.ela-salaty.com - Muslims Prayer Time Reminder..) -- C:\Program Files (x86)\Ela-Salaty\Salaty.exe   [5349888] [PID.3680]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe   [97680] [PID.3908]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe   [269848] [PID.4000]
[MD5.8676B10E6675B4AC9DF4ACB2684A7C12] - (...) -- C:\Program Files (x86)\LingvoSoft\LingvoSoft Dictionary 2008\LD_2008.exe   [2584707] [PID.4012]
[MD5.C09506A492615DF7513F150EAB35A0DE] - (.EGO SYS - U46DJ Panel file.) -- C:\Program Files (x86)\ESI\U46DJ\u46pan.exe   [569344] [PID.2516]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe   [0] [PID.6576]
[MD5.DF3EC5F7ABD8AC1BE5C0C9486029826E] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe   [13600] [PID.4804]
[MD5.7D04F8CF659D852BC8D7275BD92DC000] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe   [507624] [PID.3456]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.4464]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [18544] [PID.4448]
[MD5.D34B62DCBBE0EEC4CC3328060A4E02C8] - (.Speedbit Ltd. - SBUpdate Module.) -- C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe   [92360] [PID.7568]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8339968] [PID.3160]
[MD5.306A0BB38E23D16EF51EAF43E26073A0] - (.No owner - HyperDesk Custom Theme Enabler Service.) -- C:\windows\Installer\MSIF608.tmp   [86016] [PID.1180]
[MD5.7A189530FD0CFD415DBE41123F8A6A59] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1548]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe   [223112] [PID.2628]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe   [238888] [PID.2788]
[MD5.BCC4A8B2E2E902F52E7F2E7D8E125765] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe   [94264] [PID.3732]
[MD5.4D94F4D7782657E79EB1352570B563DB] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe   [264248] [PID.3796]
[MD5.47269F0DE1E5089C6F23BC1EC48CFC31] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.3892]
[MD5.444300E266FCBFDDBE5B02D3CC3F9ACD] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe   [635416] [PID.3188]
[MD5.831883B107684301F48ACE752C963984] - (...) -- C:\windows\SysWOW64\PnkBstrA.exe   [66872] [PID.3540]
[MD5.9D18884F6DA8EC0F911BABBE5CF2793F] - (.SafetyNut Inc. - SafetyNut Manager.) -- C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe   [3446792] [PID.1012]  =>PUP.MoviesToolbar
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe   [207528] [PID.4072]
[MD5.A754B65E990AF5100C8CDDE26664AE2D] - (.SafetyNut Inc. - SafetyNut.) -- C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe   [3603976] [PID.4452]  =>PUP.MoviesToolbar
[MD5.622FCF264119F7DF127BE353F796B319] - (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe   [42504] [PID.4468]  =>Adware.VideoDownloadConverter
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe   [523944] [PID.4592]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe   [822504] [PID.4812]
[MD5.EC9739A46F1F83C6E52A7A4697F44A65] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe   [799800] [PID.5224]
~ Processes Running:  Scanned in 00mn 06s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\prefs.js
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\user.js
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\ask-web-search.xml
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\speedbit.xml
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\utorrentbarfr-customized-web-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [samir] -- C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\searchplugins\VenteeRo.xml
M3 - MFPP: Plugins - [samir] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Ask.xml
M3 - MFPP: Plugins - [samir] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon
M0 - MFSP: prefs.js [samir - 01linfb8.default] http://search.speedbit.com
M2 - MFEP: prefs.js [samir - 01linfb8.default\4zffxtbr@VideoDownloadConverter_4z.com] [] VideoDownloadConverter v5.71.2.58327 (..) =>Adware.VideoDownloadConverter
M2 - MFEP: prefs.js [samir - 01linfb8.default\addon@Vonteera.com] [] Vonteera Safe ads v5.71.2.58327 (..) =>Trojan.Vonteera
M2 - MFEP: prefs.js [samir - 01linfb8.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [samir - 01linfb8.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR  v10.23.0.822 (..) =>P2P.µTorrent
M2 - MFEP: prefs.js [samir - 01linfb8.default\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}] [] Movies Toolbar (Dist. by Somoto Ltd.) v1.6.2.0 (..) =>PUP.MoviesToolbar
M2 - MFEP: prefs.js [samir - 01linfb8.default\{97A78363-B868-4B48-AC91-A783A31215AF}] [] AppsHat v2.0.1 (..) =>Adware.MegaSearch
M2 - MFEP: prefs.js [samir - 01linfb8.default\{9A7DF664-82DC-020F-C190-9A665AF83389}] [] New tab v5.0.0.10781 (..)
~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org
R3 - URLSearchHook: myBabylon English Toolbar [64Bits] - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\myBabylon_English\prxtbmyB0.dll =>PUP.Babylon
R3 - URLSearchHook: uTorrentBar_FR Toolbar [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) (No version) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>P2P.µTorrent
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects (O2)
O2 - BHO: script helper for ie [64Bits] - {00cbb66b-1d3b-46d3-9577-323a336acb50} . (.No owner - Browser Companion Helper plug-in.) -- C:\Program Files (x86)\BrowserCompanion\jsloader.dll =>PUP.Blabbers
O2 - BHO: uTorrentBar_FR [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll (.not file.) =>P2P.µTorrent
O2 - BHO: Barre d'outils ALOT Helper [64Bits] - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} . (.Vertro - alot.dll.) -- C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll =>AdWare.Comet
O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - No Comment.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll =>PUP.Babylon
O2 - BHO: Toolbar BHO [64Bits] - {312f84fb-8970-4fd3-bddb-7012eac4afc9} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll =>Adware.VideoDownloadConverter
O2 - BHO: Vonteera [64Bits] - {437B9306-2FDE-4054-A3C9-6B49507C12D0} . (.Vonteera - Vonteera.) -- C:\Program Files (x86)\VonteeraAddon\Vonteera.dll =>Trojan.Vonteera
O2 - BHO: NoVooIT [64Bits] - {598AC71E-BE58-3981-B78A-5C138F423AD6} . (.NoVooIT - NoVooIT.) -- C:\Users\samir\AppData\Roaming\VolIE\NoVooIT_32.dll
O2 - BHO: Update Timer [64Bits] - {963B125B-8B21-49A2-A3A8-E37092276531} . (.No owner - Browser Companion Helper Verifier.) -- C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll =>PUP.Blabbers
O2 - BHO: myBabylon English [64Bits] - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\myBabylon_English\prxtbmyB0.dll =>PUP.Babylon
O2 - BHO: Blekko Search Bar Helper Object [64Bits] - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} . (.Montera Technologeis LTD - No Comment.) -- C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - No Comment.) -- C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Search Assistant BHO [64Bits] - {c547c6c2-561b-4169-a2a5-20ba771ca93b} . (.MindSpark - MindSpark Search Assistant.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll =>Adware.VideoDownloadConverter
~ BHO: 28 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Bing Bar - [HKLM]{eec0f710-38b5-4aba-99bf-ec87564a4e13} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{434D472D-5636-006A-76A7-7A786E7484D7} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{434D472D-5341-5400-76A7-7A786E7484D7} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Orphan key
~ Toolbar:  Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: AllGamesHome.com.lnk . (.TechniSat Digital, S.A. - Server4PC.)  -- C:\Program Files (x86)\AllGamesHome.com\Chicken Attack Deluxe\AllGamesHome.url  
O4 - GS\Desktop [Public]: Angry Birds Rio.lnk . (.Rovio Mobile Ltd. - Angry Birds Rio.)  -- C:\Program Files (x86)\Rovio\Angry Birds Rio\AngryBirdsRio.exe 
O4 - GS\Desktop [Public]: Angry Birds Space.lnk . (.Rovio Entertainment Ltd. - Angry Birds Space.)  -- C:\Program Files (x86)\Rovio\Angry Birds Space\AngryBirdsSpace.exe 
O4 - GS\Desktop [Public]: Angry Birds Star Wars.lnk . (.Rovio Entertainment Ltd. - Angry Birds Star Wars.)  -- C:\Program Files (x86)\Rovio\Angry Birds Star Wars\AngryBirdsStarWars.exe 
O4 - GS\Desktop [Public]: Chicken Attack Deluxe.lnk . (...)  -- C:\Program Files (x86)\AllGamesHome.com\Chicken Attack Deluxe\Chicken Attack Deluxe.exe
O4 - GS\Desktop [Public]: CueClub.lnk . (...)  -- C:\Program Files (x86)\Real\RealGames\CueClub\cueclub.exe
O4 - GS\Desktop [Public]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..)  -- C:\Program Files (x86)\Ela-Salaty\Salaty.exe 
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop [Public]: iLivid.lnk . (...)  -- C:\Users\samir\Downloads\Programs\iLividSetup_B-r484-t-bf.exe (.not file.) =>Adware.Bandoo
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.)  -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe 
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Public]: Nedjma Easynet.lnk . (.Acresso Software Inc. - InstallShield.)  -- C:\windows\Installer\{06ADE2A0-E46A-4A84-A211-64CF50520185}\HSPA_USB_Modem.exe_AB26A67632F0422B9C9996628159AE5C.exe 
O4 - GS\Desktop [Public]: Note de Rejet.lnk . (...)  -- C:\Program Files (x86)\Note De Rejet\Project2.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.)  -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..)  -- C:\Program Files (x86)\Ela-Salaty\Salaty.exe 
O4 - GS\Program [Public]: HP Software Setup.lnk . (.Hewlett-Packard Company - HP Software Setup.)  -- C:\swsetup\AppInstl\HPSoftwareSetup.exe  =>.Hewlett-Packard Co
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\QuickLaunch [samir]: Camfrog Video Chat 6.3.lnk . (...)  -- C:\Users\samir\Desktop\Camfrog Video Chat.exe (.not file.)
O4 - GS\QuickLaunch [samir]: Chicken Attack Deluxe.lnk . (...)  -- C:\Program Files (x86)\AllGamesHome.com\Chicken Attack Deluxe\Chicken Attack Deluxe.exe
O4 - GS\QuickLaunch [samir]: Download Free Angry Birds All Edition.lnk . (...)  -- C:\Program Files (x86)\Angry Birds Gold Trilogy 2011 Full\Download Free Angry Birds All Edition.url 
O4 - GS\QuickLaunch [samir]: DVBViewer TE2.lnk . (.CM&V Hackbart - DVBViewer TE2.)  -- C:\Program Files (x86)\DVBViewer TE2\DVBViewerTE.exe 
O4 - GS\QuickLaunch [samir]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..)  -- C:\Program Files (x86)\Ela-Salaty\Salaty.exe 
O4 - GS\QuickLaunch [samir]: FRAIS DE MISSION & CARRIERE.lnk . (.CONTROLE FINNANCIER DE LA WILAYA DE M'SILA - FRAIS DE MISSION & CARRIERE.)  -- C:\Program Files (x86)\FRAIS DE MISSION & CARRIERE\FRAIS DE MISSION & CARRIERE.exe 
O4 - GS\QuickLaunch [samir]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch [samir]: jetAudio.lnk . (.JetAudio, Inc. - jetAudio.)  -- C:\Program Files (x86)\JetAudio\JetAudio.exe 
O4 - GS\QuickLaunch [samir]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [samir]: OJOsoft MP4 Converter.lnk . (.OJOsoft Corporation - MP4Converter.exe.)  -- C:\Program Files (x86)\OJOsoft\OJOsoft MP4 Converter\MP4Converter.exe 
O4 - GS\QuickLaunch [samir]: RadioGet.lnk . (.Ramka Ltd. - No Comment.)  -- C:\Program Files\RadioGet\RadioGet.exe 
O4 - GS\QuickLaunch [samir]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.)  -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [samir]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar [samir]: InstallDriver Module.lnk . (.InstallShield Software Corporation - InstallDriver Module.)  -- C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe 
O4 - GS\TaskBar [samir]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar [samir]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Program [samir]: Download Free Angry Birds All Edition.lnk . (...)  -- C:\Program Files (x86)\Angry Birds Gold Trilogy 2011 Full\Download Free Angry Birds All Edition.url 
O4 - GS\Program [samir]: FRAIS DE MISSION & CARRIERE.lnk . (.CONTROLE FINNANCIER DE LA WILAYA DE M'SILA - FRAIS DE MISSION & CARRIERE.)  -- C:\Program Files (x86)\FRAIS DE MISSION & CARRIERE\FRAIS DE MISSION & CARRIERE.exe 
O4 - GS\Program [samir]: FRAIS DE MISSION.lnk . (.CONTROLE FINNANCIER DE LA WILAYA DE M'SILA - FRAIS DE MISSION.)  -- C:\Program Files (x86)\FRAIS DE MISSION & CARRIERE\FRAIS DE MISSION.exe 
O4 - GS\Program [samir]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [samir]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SendTo [samir]: DVB Dream Plugins Folder (pip00).lnk . (...)  -- C:\dvbdream\Plugins\pip00 
O4 - GS\Desktop [samir]: Air Assault 2.lnk . (...)  -- C:\Program Files (x86)\GameTop.com\Air Assault 2\game.exe
O4 - GS\Desktop [samir]: Astrobatics.lnk . (.KraiSoft - No Comment.)  -- C:\Program Files (x86)\KraiSoft\Astrobatics\Astrobatics.exe 
O4 - GS\Desktop [samir]: ChemBioDraw Ultra 11.0.lnk . (.CambridgeSoft Corp. - ChemBioDraw Ultra 11.0.)  -- C:\Program Files (x86)\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe 
O4 - GS\Desktop [samir]: DVBViewer TE2.lnk . (.CM&V Hackbart - DVBViewer TE2.)  -- C:\Program Files (x86)\DVBViewer TE2\DVBViewerTE.exe 
O4 - GS\Desktop [samir]: FRAIS DE MISSION & CARRIERE.lnk . (.CONTROLE FINNANCIER DE LA WILAYA DE M'SILA - FRAIS DE MISSION & CARRIERE.)  -- C:\Program Files (x86)\FRAIS DE MISSION & CARRIERE\FRAIS DE MISSION & CARRIERE.exe 
O4 - GS\Desktop [samir]: FRAIS DE MISSION.lnk . (.CONTROLE FINNANCIER DE LA WILAYA DE M'SILA - FRAIS DE MISSION.)  -- C:\Program Files (x86)\FRAIS DE MISSION & CARRIERE\FRAIS DE MISSION.exe 
O4 - GS\Desktop [samir]: PC COMPTA.lnk . (...)  -- C:\Program Files (x86)\DLG\PCCOMPTA\PCCOMPTA.exe
O4 - GS\Desktop [samir]: Police Force 2.lnk . (...)  -- C:\Program Files (x86)\Quadriga Games\Police Force 2\bin.x86\police2.exe
O4 - GS\Desktop [samir]: SpeedBit Video Accelerator.lnk . (.SPEEDbit - Video Accelerator UI.)  -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe 
O4 - GS\Desktop [samir]: Super Mario Forever.lnk . (...)  -- C:\Program Files (x86)\GameTop.com\Super Mario Forever\Mario Forever.exe
O4 - GS\Desktop [samir]: Zuma's Revenge!.lnk . (.PopCap Games, Inc. - Zuma's Revenge!.)  -- C:\Program Files (x86)\Zuma's Revenge!\ZumasRevenge.exe =>Adware.PopCap
~ Global Startup: 106 Legitimates Filtered in 00mn 05s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Bluetooth.lnk . (...)  -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.)
O4 - GS\Startup [Public]: Server4PC.lnk . (.TechniSat Digital, S.A. - Server4PC.)  -- C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe 
O4 - GS\Startup [samir]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..)  -- C:\Program Files (x86)\Ela-Salaty\Salaty.exe 
O4 - GS\Startup [samir]: LingvoSoft Talking Dictionary 2008 (French-Arabic).lnk . (...)  -- C:\Program Files (x86)\LingvoSoft\LingvoSoft Talking Dictionary 2008 (French-Arabic) for Windows\LDStub.exe
O4 - GS\Startup [samir]: OneNote 2007 Screen Clipper and Launcher.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.)  -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe 
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe 
O4 - HKLM\..\Run: [VideoDownloadConverter Home Page Guard 64 bit] . (...) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe =>Adware.VideoDownloadConverter
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKCU\..\Run: [Camfrog] C:\Users\samir\Desktop\CamfrogNet.exe (.not file.) 
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] . (.SPEEDbit - Video Accelerator UI.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe 
O4 - HKCU\..\Run: [F.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\samir\AppData\Local\FluxSoftware\Flux\flux.exe 
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files (x86)\Calendrier\Cld2000.exe (.not file.) 
O4 - HKCU\..\Run: [SDP] . (.Somoto - FilesFrog.com Update Checker.) -- C:\Users\samir\AppData\Local\FilesFrog Update Checker\update_checker.exe =>Adware.MegaSearch
O4 - HKCU\..\Run: [Apps Hat] C:\Users\samir\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (.not file.) =>Adware.MegaSearch
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe 
O4 - HKCU\..\Run: [FLV Player] . (.No owner - WebPlayer.) -- C:\Users\samir\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe =>Adware.SocialSkinz
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe 
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe  =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Browser companion helper] . (.Blabbers Communications LTD - Browser Companion Helper.) -- C:\Program Files (x86)\BrowserCompanion\BCHelper.exe =>PUP.Blabbers
O4 - HKLM\..\Wow6432Node\Run: [HyperappelPL] . (.No owner - HIPL2000Popup MFC Application.) -- C:\Program Files (x86)\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe 
O4 - HKLM\..\Wow6432Node\Run: [HSPALauncher] . (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files (x86)\HSPA USB Modem\HSPALauncher.exe 
O4 - HKLM\..\Wow6432Node\Run: [VideoDownloadConverter Search Scope Monitor] . (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe =>Adware.VideoDownloadConverter
O4 - HKLM\..\Wow6432Node\Run: [VideoDownloadConverter_4z Browser Plugin Loader] . (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe =>Adware.VideoDownloadConverter
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [Camfrog] C:\Users\samir\Desktop\CamfrogNet.exe (.not file.) 
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [SpeedBitVideoAccelerator] . (.SPEEDbit - Video Accelerator UI.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe 
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [F.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\samir\AppData\Local\FluxSoftware\Flux\flux.exe 
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [Cld2000.exe] C:\Program Files (x86)\Calendrier\Cld2000.exe (.not file.) 
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [SDP] . (.Somoto - FilesFrog.com Update Checker.) -- C:\Users\samir\AppData\Local\FilesFrog Update Checker\update_checker.exe =>Adware.MegaSearch
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [Apps Hat] C:\Users\samir\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (.not file.) =>Adware.MegaSearch
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe 
O4 - HKUS\S-1-5-21-36075121-4174367467-2092271763-1000\..\Run: [FLV Player] . (.No owner - WebPlayer.) -- C:\Users\samir\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe =>Adware.SocialSkinz
~ Application:  Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1226EE-488B-48BA-B173-7375EDB4BA8D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{26F7B9E4-6516-4075-8627-93C6E706AA61}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1226EE-488B-48BA-B173-7375EDB4BA8D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{26F7B9E4-6516-4075-8627-93C6E706AA61}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1226EE-488B-48BA-B173-7375EDB4BA8D}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{26F7B9E4-6516-4075-8627-93C6E706AA61}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{AF6B0702-F848-4A2D-A575-7F9C9A79D8CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN64C~1.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) . (...) - C:\windows\Installer\MSIF608.tmp" -service (.not file.)
O23 - Service: SafetyNut Manager (SafetyNutManager) . (.SafetyNut Inc. - SafetyNut Manager.) - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe =>PUP.MoviesToolbar
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) . (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe =>Adware.VideoDownloadConverter
~ Services: 23 Legitimates Filtered in 00mn 11s



---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll =>PUP.MoviesToolbar
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll =>PUP.MoviesToolbar
~ Keys:  Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.9C229687B93B355ABEC2792C323B6907] [APT] [ARhome] (.NoVooIT.) -- C:\Program Files (x86)\NoVooIT\ARhome\Updater.exe   [1651136]
[MD5.A6D24077E8D9D58FA63389A34ED1DEC7] [APT] [DealPly] (...) -- C:\Users\samir\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe   [93752]  =>PUP.DealPly
[MD5.4EE862402A5ECEE9A6F291E08B79F2C7] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe   [78024]  =>PUP.DealPly
[MD5.754F0855B332CA5FEC434D7AF295BE2E] [APT] [EPUpdater] (...) -- C:\Users\samir\AppData\Roaming\BabSolution\Shared\BabMaint.exe   [10224]  =>Hijacker.BabSolution
[MD5.9EC72B7CE86BCFD675DF4FEBAD15DBCA] [APT] [Volaro Update] (.Volaro.) -- C:\Program Files (x86)\Volaro\Updater\Updater.exe   [280400]  =>Trojan.Vonteera
[MD5.72A47494EEB5936657BED3B036391209] [APT] [{1491ABE1-2FA5-4079-B6ED-869BB5A84AC5}] (...) -- C:\Program Files (x86)\WinRAR\WinRAR.exe   [936960]
[MD5.39C36DF4409BF0B4988BA354072F1F50] [APT] [{227FF579-6219-42F6-B197-2D1F90B65BB4}] (...) -- C:\Program Files (x86)\Larousse\Petit Larousse 2005\bin\HIPL2002Explorer.exe   [765952]
[MD5.39C36DF4409BF0B4988BA354072F1F50] [APT] [{2FDA2946-B6C1-42DD-89D0-08DA42861D46}] (...) -- C:\Program Files (x86)\Larousse\Petit Larousse 2005\bin\HIPL2002Explorer.exe   [765952]
[MD5.00000000000000000000000000000000] [APT] [{5E62A4B9-DD45-4F3A-9877-A67FE8323E0B}] (...) -- C:\SmarchBox\ê¤é§ ¤§ï§\ahmedb\Nouveau dossier (2)\ROMA\ISO\AraBSeeD.CoM_Chaos Legion\SetupReg.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{862256C6-F7B7-4022-9283-E6F873D8D5F5}] (...) -- C:\Users\samir\Downloads\Compressed\Petit Larousse\Setup.exe (.not file.)   [0]
[MD5.39C36DF4409BF0B4988BA354072F1F50] [APT] [{95A5E9EB-0432-4D7E-AADF-59811CC62749}] (...) -- C:\Program Files (x86)\Larousse\Petit Larousse 2005\bin\HIPL2002Explorer.exe   [765952]
[MD5.39C36DF4409BF0B4988BA354072F1F50] [APT] [{B67FB077-D9E2-4400-AA15-386775FE1877}] (...) -- C:\Program Files (x86)\Larousse\Petit Larousse 2005\bin\HIPL2002Explorer.exe   [765952]
[MD5.00000000000000000000000000000000] [APT] [{EA031700-6DA0-4F56-B472-C5294093716B}] (...) -- C:\Users\samir\Downloads\Compressed\Petit Larousse\Install.exe (.not file.)   [0]
~ Scheduled Task: 40 Legitimates Filtered in 00mn 07s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Arabic (Microsoft Maren) [64Bits] - {970EA2E9-E7B8-45E1-9CB5-0DEB37C2C28D} . (...) -- C:\Program Files (x86)\Microsoft\Microsoft Maren\Bin64\TextService64.dll
~ Active Setup: 11 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: ARHome - (.NoVooIT.) [HKCU][64Bits] -- ARhome
O42 - Logiciel: ARhome - (.NoVooIT.) [HKLM][64Bits] -- ARhome
O42 - Logiciel: AppsHat Mobile Apps - (.Somoto Ltd..) [HKCU][64Bits] -- AppsHat Mobile Apps =>Adware.MegaSearch
O42 - Logiciel: BMChat - (...) [HKLM][64Bits] -- BMChat
O42 - Logiciel: Babylon toolbar  - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>PUP.Babylon
O42 - Logiciel: Barre d'outils ALOT - (.ALOT.) [HKLM][64Bits] -- alotToolbar =>AdWare.Comet
O42 - Logiciel: Blekko Search Bar  - (.blekko.) [HKLM][64Bits] -- spamfreesearch
O42 - Logiciel: DVBViewer TE2 - (.CM&V.) [HKLM][64Bits] -- DVBViewer TE2_is1
O42 - Logiciel: DealPly - (...) [HKCU][64Bits] -- DealPly =>PUP.DealPly
O42 - Logiciel: Delta toolbar   - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch
O42 - Logiciel: ESI- U46DJ Audio Driver - (...) [HKLM][64Bits] -- ESI- U46DJ Audio Driver Setup
O42 - Logiciel: EasyCafe Server 2.2 (Firewall Edition) - (.TinaSoft Software & Internet Solutions.) [HKLM][64Bits] -- EasyCafe Server 2.2 (Firewall Edition)
O42 - Logiciel: FRAIS DE MISSION - (.-.) [HKLM][64Bits] -- {EC6B7584-5FEB-9243-8084-9AD52CC43739}
O42 - Logiciel: GestionLV 2.00.0 - (...) [HKLM][64Bits] -- GestionLV 2.00.0
O42 - Logiciel: HWK Suite - (.SarasSoft.) [HKLM][64Bits] -- {E22E26FA-575A-4122-BB39-90321F1CF19C}
O42 - Logiciel: HWK Support Suite - (.SarasSoft.) [HKLM][64Bits] -- {585C5E36-62B1-4CA1-827B-83C4A4486CA5}
O42 - Logiciel: MestReC 4.7.0 - (.MestReC Lite.) [HKLM][64Bits] -- MestReC_is1
O42 - Logiciel: Movies Toolbar for Firefox (Dist. by Somoto Ltd.) - (.APN LLC.) [HKLM][64Bits] -- somotomoviestoolbar1FF =>PUP.MoviesToolbar
O42 - Logiciel: Note de Rejet - (.Controle Financier.) [HKLM][64Bits] -- {33C1869B-B446-47DF-A568-FE6B3CF9D9C7}
O42 - Logiciel: PCCOMPTA Windows - (...) [HKLM][64Bits] -- PCCOMPTA Windows
O42 - Logiciel: RadioGet 1.3.9 - (.Ramka Ltd..) [HKLM][64Bits] -- {F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1
O42 - Logiciel: Secret Maryo Chronicles - (.Florian Richter.) [HKLM][64Bits] -- secretmaryo
O42 - Logiciel: SpeedBit Video Accelerator - (.SpeedBit Ltd..) [HKLM][64Bits] -- SpeedBit Video Accelerator
O42 - Logiciel: Volaro Updater - (.Volaro.) [HKLM][64Bits] -- Volaro Updater =>Trojan.Vonteera
O42 - Logiciel: Vonteera - (.Vonteera.) [HKLM][64Bits] -- Vonteera =>Trojan.Vonteera
O42 - Logiciel: Vonteera Safe ads - (.NoVooIT.) [HKCU][64Bits] -- Vonteera Safe ads =>Trojan.Vonteera
O42 - Logiciel: Vonteera Safe ads - (.NoVooIT.) [HKLM][64Bits] -- Vonteera Safe ads =>Trojan.Vonteera
O42 - Logiciel: myBabylon_English Toolbar - (...) [HKLM][64Bits] -- myBabylon_English Toolbar =>PUP.Babylon
~ Logic: 48 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\043ed596af7365236306a463494dc0f4]
[HKCU\Software\53e8c88e13def48]  =>PUP.BitGuard
[HKCU\Software\APN DTX]
[HKCU\Software\APN PIP]
[HKCU\Software\ARHome]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\Blabbers       ] =>PUP.Blabbers
[HKCU\Software\Blabbers] =>PUP.Blabbers
[HKCU\Software\CONTROLE FINNANCIER DE LA WILAYA DE M'SILA]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\NoVooITSet]
[HKCU\Software\PIP]
[HKCU\Software\RadioGet]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\SpeedBit]
[HKCU\Software\Volaro] =>Trojan.Vonteera
[HKCU\Software\Vonteera] =>Trojan.Vonteera
[HKCU\Software\blekko]
[HKCU\Software\inVIBES]
[HKLM\Software\Wow6432Node\53e8c88e13def48]  =>PUP.BitGuard
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Minibar] =>PUP.Minibar
[HKLM\Software\Wow6432Node\NoVooITSet]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\Pivotal Games]
[HKLM\Software\Wow6432Node\RadioGet]
[HKLM\Software\Wow6432Node\SCi]
[HKLM\Software\Wow6432Node\SarasSoft]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\System Admin Scripting Guide]
[HKLM\Software\Wow6432Node\TDS]
[HKLM\Software\Wow6432Node\TinaSoft]
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia
[HKLM\Software\Wow6432Node\Vontera]
[HKLM\Software\Wow6432Node\blekko]
[HKLM\Software\Wow6432Node\myBabylon_English] =>PUP.Babylon
~ Key Software: 552 Legitimates Filtered in 00mn 03s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 11/06/2013 - 19:38:13 - [30.886] ----D C:\Program Files (x86)\AllGamesHome.com
O43 - CFD: 10/16/2011 - 22:26:14 - [1.898] ----D C:\Program Files (x86)\alot
O43 - CFD: 12/17/2012 - 20:23:02 - [4.691] ----D C:\Program Files (x86)\BabylonToolbar =>PUP.Babylon
O43 - CFD: 02/08/2013 - 20:24:10 - [2.241] ----D C:\Program Files (x86)\blekko
O43 - CFD: 11/07/2013 - 18:53:08 - [0.230] ----D C:\Program Files (x86)\Bricks of Camelot
O43 - CFD: 05/29/2011 - 21:25:04 - [5.542] ----D C:\Program Files (x86)\Buka
O43 - CFD: 05/29/2011 - 20:32:46 - [1.218] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 05/31/2011 - 21:02:15 - [1779.677] ----D C:\Program Files (x86)\CS_Worx
O43 - CFD: 02/05/2014 - 20:17:08 - [0.285] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 10/09/2013 - 21:53:16 - [2.393] ----D C:\Program Files (x86)\Delta
O43 - CFD: 03/29/2013 - 23:09:15 - [49.762] ----D C:\Program Files (x86)\DLG
O43 - CFD: 02/01/2013 - 15:23:12 - [10.276] ----D C:\Program Files (x86)\DVBViewer TE2
O43 - CFD: 12/17/2013 - 20:55:14 - [76.294] ----D C:\Program Files (x86)\FRAIS DE MISSION & CARRIERE
O43 - CFD: 04/30/2012 - 10:08:31 - [5.390] ----D C:\Program Files (x86)\MestRe-C
O43 - CFD: 10/09/2013 - 21:54:12 - [0.384] ----D C:\Program Files (x86)\Minibar =>PUP.Minibar
O43 - CFD: 01/15/2014 - 22:20:58 - [20.748] ----D C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar
O43 - CFD: 10/12/2011 - 9:32:23 - [9.032] ----D C:\Program Files (x86)\myBabylon_English =>PUP.Babylon
O43 - CFD: 12/17/2013 - 20:39:10 - [10.729] ----D C:\Program Files (x86)\Note De Rejet
O43 - CFD: 12/16/2013 - 12:16:18 - [1.628] ----D C:\Program Files (x86)\NoVooIT
O43 - CFD: 12/16/2013 - 12:16:18 - [0.196] ----D C:\Program Files (x86)\NoVooITAddon
O43 - CFD: 06/27/2013 - 17:43:52 - [153.556] ----D C:\Program Files (x86)\SarasSoft
O43 - CFD: 05/31/2011 - 20:53:40 - [861.429] ----D C:\Program Files (x86)\SCi
O43 - CFD: 06/24/2012 - 14:23:36 - [79.677] ----D C:\Program Files (x86)\Secret Maryo Chronicles
O43 - CFD: 01/01/2013 - 19:11:27 - [6.690] ----D C:\Program Files (x86)\SpeedBit Video Accelerator
O43 - CFD: 04/21/2013 - 20:38:49 - [4.392] ----D C:\Program Files (x86)\TinaSoft
O43 - CFD: 12/17/2012 - 20:09:59 - [0.001] ----D C:\Program Files (x86)\Trymedia =>Adware.Trymedia
O43 - CFD: 08/31/2013 - 0:43:17 - [18.922] ----D C:\Program Files (x86)\Video Download Converter =>Adware.VideoDownloadConverter
O43 - CFD: 10/06/2013 - 18:47:20 - [0.333] ----D C:\Program Files (x86)\Volaro =>Trojan.Vonteera
O43 - CFD: 10/06/2013 - 18:47:17 - [0.291] ----D C:\Program Files (x86)\VonteeraAddon =>Trojan.Vonteera
O43 - CFD: 06/27/2013 - 17:52:54 - [0.001] --H-D C:\Program Files (x86)\Common Files\SarasSoft
O43 - CFD: 01/01/2013 - 19:10:53 - [2.780] ----D C:\Program Files (x86)\Common Files\SpeedBit
O43 - CFD: 11/26/2012 - 15:06:18 - [0] ----D C:\ProgramData\APN
O43 - CFD: 09/17/2013 - 20:32:25 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 10/09/2013 - 21:50:52 - [0.147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 02/05/2014 - 19:06:35 - [1.284] ----D C:\Users\samir\AppData\Roaming\ARHome
O43 - CFD: 01/08/2013 - 21:30:49 - [0.457] ----D C:\Users\samir\AppData\Roaming\B1Toolbar =>Hijacker.SearchB1org
O43 - CFD: 10/09/2013 - 21:51:19 - [1.265] ----D C:\Users\samir\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 10/09/2013 - 21:56:39 - [0.117] ----D C:\Users\samir\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 02/07/2013 - 16:30:43 - [0.090] ----D C:\Users\samir\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 10/09/2013 - 21:53:16 - [0.259] ----D C:\Users\samir\AppData\Roaming\Delta
O43 - CFD: 06/22/2013 - 1:25:41 - [0.308] ----D C:\Users\samir\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 05/29/2011 - 20:36:00 - [0.002] ----D C:\Users\samir\AppData\Roaming\invibes
O43 - CFD: 01/13/2014 - 19:59:07 - [1.628] ----D C:\Users\samir\AppData\Roaming\NoVooIT
O43 - CFD: 01/13/2014 - 19:59:04 - [0.034] ----D C:\Users\samir\AppData\Roaming\NoVooITAddon
O43 - CFD: 02/05/2014 - 19:06:59 - [0.521] ----D C:\Users\samir\AppData\Roaming\VolIE
O43 - CFD: 10/09/2013 - 21:54:26 - [0.078] ----D C:\Users\samir\AppData\Local\AppsHat Mobile Apps =>Adware.MegaSearch
O43 - CFD: 04/22/2013 - 23:36:13 - [0.278] ----D C:\Users\samir\AppData\Local\B1E
O43 - CFD: 06/27/2013 - 15:34:04 - [1.797] ----D C:\Users\samir\AppData\Local\Conduit
O43 - CFD: 10/09/2013 - 21:54:16 - [0.943] ----D C:\Users\samir\AppData\Local\Minibar =>PUP.Minibar
O43 - CFD: 05/31/2011 - 21:05:09 - [0] ----D C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CS_Worx
O43 - CFD: 03/29/2013 - 23:09:35 - [0.002] ----D C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCCOMPTA
O43 - CFD: 10/26/2011 - 22:57:31 - [0.008] ----D C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secret Maryo Chronicles
~ Program Folder: 322 Legitimates Filtered in 01mn 45s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CA349FA39A3F594D6946BBCD05345B8D] - 01/26/2014 - 20:22:31 ---A- . (...) -- C:\Windows\System32\https--www.facebook.com-photo.phpfbid=10201957744322400&set=t.100006462349728&type=3&src=https%3A%2F%2Ffbcdn-sphotos-a-a.akamaihd.net%2Fhphotos-ak-frc3%2F1545846_10201957744322400_1.jpg&size=652%2C480.lnk   [582]
~ Files: 6 Legitimates Filtered in 00mn 06s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
~ IFEO:  Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{506da1f3-e563-11e0-a3c2-e02a82a47cc2}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{506da210-e563-11e0-a3c2-e02a82a47cc2}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{5a27d486-e493-11e0-a3b9-e02a82a47cc2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{821f4ca2-b4ac-11e2-abd6-e02a82942544}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
O51 - MPSK:{b5ab000f-daaa-11e1-b3ec-e02a82a47cc2}\AutoRun\command. (...) -- D:\iLinker.exe (.not file.)
O51 - MPSK:{f42fc1eb-193d-11e2-9d52-e02a82a47cc2}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
O51 - MPSK:{f42fc1f2-193d-11e2-9d52-e02a82a47cc2}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Babylon Client  [Key] . (...) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (.not file.) =>PUP.Babylon
O53 - SMSR:HKLM\...\startupreg\uTorrent  [Key] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\WebcamMaxAutoRun  [Key] . (.CoolwareMax - WebcamMax.) -- C:\Program Files (x86)\WebcamMax\WebcamMax.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Search Drivers Rootkit (SDR) (O57)
O57 - SDR:Search Drivers Rootkit - ( - .) -- 
~ Keys:  Scanned in 00mn 03s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 11/10/2013 - 18:40:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 11/10/2013 - 18:40:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [205320]
O58 - SDL:[MD5.779F499D7791F65F6A5BA97C5D2627C8] - 08/29/2008 - 16:54:30 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmusbser.sys   [118144]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 07/14/2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:[MD5.84D3088475BD9BC56ED76D6E0F740A63] - 04/14/2009 - 18:58:24 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys   [29696]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 06/10/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:[MD5.BBC89DA4065BDCE34257BE95B2F636EE] - 08/01/2012 - 19:13:42 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys   [41704]
O58 - SDL:[MD5.929DF302F15BFE24AC66EF45D858C413] - 11/28/2013 - 1:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys   [175480]
O58 - SDL:[MD5.DF5BD9CCFFBF9AA9D5096C6DAAAF0A00] - 04/14/2009 - 18:58:24 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys   [691712]
O58 - SDL:[MD5.FBB559C5787698F855B9ED8A60AE536E] - 09/11/2009 - 6:47:23 ---A- . (.PLX Technology, Inc. (visit www.PlxTech.com - PLX's IRP, power and PnP management  driver (Based on Walter On.) -- C:\Windows\System32\Drivers\NcGen_AMD64.sys   [35344]
O58 - SDL:[MD5.C88EBBFB6A27742B5446D304F2898C28] - 09/11/2009 - 6:47:23 ---A- . (.PLX Technology, Inc. (visit www.PlxTech.com - Remote PCI (RPCI) driver library (amd64).) -- C:\Windows\System32\Drivers\NcRemotePci_AMD64.sys   [34832]
O58 - SDL:[MD5.406A709FC1B8FA4DD07DE34C73A93692] - 09/11/2009 - 6:47:24 ---A- . (.TechniSat Digital, S.A. - NDIS 5.0 driver.) -- C:\Windows\System32\Drivers\SkyNETU2_AMD64.sys   [518672]
O58 - SDL:[MD5.765964B3A1BC50BD83873B6CEAC02B12] - 10/14/2010 - 3:43:52 ---A- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys   [40064]
O58 - SDL:[MD5.8A401CF988063ABB6FC958F05020E611] - 10/14/2010 - 3:43:54 ---A- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys   [1803904]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 07/14/2009 - 2:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:[MD5.4A9D087C9A97071B9D06DB38567DA906] - 03/17/2010 - 13:48:42 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys   [505856]
O58 - SDL:[MD5.B70DF208E97536CA9F29289E609F5B16] - 08/01/2012 - 19:13:40 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys   [38632]
O58 - SDL:[MD5.957B82EC80AD7EAD64E5E47DF6B0DC40] - 02/04/2005 - 17:12:50 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\SysWOW64\drivers\pfc.sys   [10368]
~ Drivers: 16 Legitimates Filtered in 00mn 07s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.FirstTime", "true");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.FirstTimeFF3", "true");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.UserID", "UN33364485729490127");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.countryCode", "DZ");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.fixPageNotFoundErrorByUser", "TRUE");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.fixUrls", true);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.fullUserID", "UN33364485729490127.UP.20130710113628");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.installType", "DirectDownload");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.lastVersion", "10.23.0.822");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fsearch.speedbit.com%2F%3Fs%3DD11b105\",\"EB_MA[...]
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.searchSuggestEnabledByUser", "True");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851639\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrent[...] =>P2P.µTorrent
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_FR [...] =>P2P.µTorrent
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_Configuration_lastUpdate", "1391627378717");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386780388670");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_login_10.22.3.518_lastUpdate", "1387558020131");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_login_10.23.0.822_lastUpdate", "1391695652722");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1391627377480");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1391624098978");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1391695648424");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1391624103047");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.settingsINI", true);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.showToolbarPermission", "false");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.smartbar.CTID", "CT2851639"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.smartbar.isHidden", true); =>Hijacker.SmartBar
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.toolbarBornServerTime", "17-8-2013");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.toolbarCurrentServerTime", "6-2-2014");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639.toolbarLoginClientTime", "Wed Sep 18 2013 09:48:32 GMT+0100");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391695642917,\"isWithState\"[...]
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.id", "88bae139000000000000e02a82a47cc2");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.instlDay", "15987");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.vrsn", "1.8.24.6");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.vrsnTs", "1.8.24.621:53:18");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta.vrsni", "1.8.24.6");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta_i.babTrack", "affID=125155&tt=02102013_mx15rbrb&tsp=5030");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.mywebsearch.prevKwdEnabled", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.mywebsearch.prevKwdURL", "http://www.arabyonline.com/search/?q="); =>Adware.MyWebSearch
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [samir - 01linfb8.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {12736534-AFFA-4DF3-82AA-F300BBA85B8D} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent
O69 - SBI: SearchScopes [HKCU] {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - (ALOT Recherche) - http://search.alot.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://www.arabyonline.com
O69 - SBI: SearchScopes [HKCU] {7926A663-359B-4FE7-BC18-BEE76C706A92} - (Ask Search) - http://asksearch.ask.com
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit Search) - http://search.speedbit.com
O69 - SBI: SearchScopes [HKCU] {C8D572B1-C769-4644-999C-C72F89931C34} - (blekko) - http://blekko.com
O69 - SBI: SearchScopes [HKCU] {E38EE736-8F53-4DE1-A867-0E35AD8808F8} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\SmarchBox\ahmedb\gdsbn\RY's Games\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe
C:\SmarchBox\ahmedb\hmidafoor\GTA VC - NFS Undeground\Audio\ROMA\Foxit.Reader.Pro.v3.3.0.0430.Cracked-EAT\Crack\Foxit Reader.exe
C:\SmarchBox\ahmedb\hmidafoor\GTA VC - NFS Undeground\Audio\ROMA\Foxit.Reader.Pro.v3.3.0.0430.Cracked-EAT\FoxitReader33_enu_Setup.exe
C:\SmarchBox\ahmedb\gdsbn\RY's Games\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe
C:\SmarchBox\ahmedb\hmidafoor\GTA VC - NFS Undeground\Audio\ROMA\Foxit.Reader.Pro.v3.3.0.0430.Cracked-EAT\Crack\Foxit Reader.exe
C:\SmarchBox\ahmedb\hmidafoor\GTA VC - NFS Undeground\Audio\ROMA\Foxit.Reader.Pro.v3.3.0.0430.Cracked-EAT\FoxitReader33_enu_Setup.exe
~ Files:  Scanned in 00mn 48s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A1476A0444D63A59867CC1A2C05F9520] [SPRF][11/01/2013] (...) -- C:\ProgramData\BBD609EB8A.sys   [88]
[MD5.302BD8CA9AEA56C756607AFAFD003352] [SPRF][05/14/2012] (...) -- C:\ProgramData\ezsidmv.dat   [56]
[MD5.7A58A4C5E9CF4C05196D6B7FF5A1C21E] [SPRF][11/01/2013] (...) -- C:\ProgramData\KGyGaAvL.sys   [2828]
[MD5.B3FDF6E7B0AECD48CA7E4921773FB606] [SPRF][10/09/2013] (...) -- C:\Users\samir\AppData\Local\Temp\7z920.exe   [1110476]
[MD5.4D3FA4102017EDAFD4E852A0783B8F7B] [SPRF][11/05/2013] (...) -- C:\Users\samir\AppData\Local\Temp\alnaddy_config.dat   [2964]  =>Hijacker.Alnaddy
[MD5.A449DA803F3885189DAFCB5A3C73DA12] [SPRF][01/15/2014] (...) -- C:\Users\samir\AppData\Local\Temp\apnuserid.dat   [16]
[MD5.EC8956637A99787BD197EACD77ACCE5E] [SPRF][01/15/2014] (...) -- C:\Users\samir\AppData\Local\Temp\appid.dat   [3]
[MD5.2F5252E50745E47DB355B005725DAE05] [SPRF][10/09/2013] (.Somoto Ltd. - AppsHat Mobile Apps.) -- C:\Users\samir\AppData\Local\Temp\appshat-distribution.exe   [327880]  =>Adware.MegaSearch
[MD5.98A3E90AD99E22FABF6E673CEA82CE63] [SPRF][11/06/2013] (...) -- C:\Users\samir\AppData\Local\Temp\binary.exe   [545576]
[MD5.1E652717DC5D1D9F2196C1772DD1CC3E] [SPRF][11/10/2013] (...) -- C:\Users\samir\AppData\Local\Temp\chart_data.dat   [10870]
[MD5.D3197FAE11B8307F0F52343142709D77] [SPRF][10/09/2013] (...) -- C:\Users\samir\AppData\Local\Temp\DeltaTB.exe   [836708]  =>Toolbar.DeltaSearch
[MD5.7DD4DC5C7A9E9096733F36B205AEA636] [SPRF][09/03/2009] (.Windows (R) Codename Longhorn DDK provider - Windows Setup API.) -- C:\Users\samir\AppData\Local\Temp\DeviceSetup64.exe   [10752]
[MD5.109FF0E22EEB8B3F5B6A6986CA3D445B] [SPRF][02/05/2014] (...) -- C:\Users\samir\AppData\Local\Temp\FHC7F.exe   [1214400]
[MD5.621D8146E9361BF0CBEA15CA3E8404DE] [SPRF][01/13/2014] (...) -- C:\Users\samir\AppData\Local\Temp\FHD8ED.exe   [1567456]
[MD5.2D10A980CC1539C4CA29387E82267B4D] [SPRF][01/15/2014] (.Somoto Ltd. - FLV Player.) -- C:\Users\samir\AppData\Local\Temp\FLVPlayerSetup.exe   [279752]  =>Adware.MegaSearch
[MD5.0B62417DA5719B3EA1D343DA3431C97F] [SPRF][01/15/2014] (.No owner - Powered by BetterInstaller.) -- C:\Users\samir\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe   [167544]  =>Adware.MegaSearch
[MD5.9D96CCE033F0E901EFECAF4EC3035BCE] [SPRF][01/15/2014] (.SafetyNut Inc. - Movies Toolbar Install.) -- C:\Users\samir\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe   [8126696]  =>PUP.MoviesToolbar
[MD5.51161D0402184623454DD6F78348009C] [SPRF][04/29/2013] (...) -- C:\Users\samir\AppData\Local\Temp\ooxCP1..exe   [10240]
[MD5.51161D0402184623454DD6F78348009C] [SPRF][04/29/2013] (...) -- C:\Users\samir\AppData\Local\Temp\ooxCP2..exe   [10240]
[MD5.82336F706D217160239677723D20BB62] [SPRF][07/10/2013] (...) -- C:\Users\samir\AppData\Local\Temp\ooxCP3..exe   [20480]
[MD5.AEBEAF686A2141A33831C1068EFEA8B6] [SPRF][08/23/2013] (...) -- C:\Users\samir\AppData\Local\Temp\ooxCP4..exe   [327680]
[MD5.BC0D93D7AEC1A9CD84EF1EE0092A83A7] [SPRF][04/15/2009] (...) -- C:\Users\samir\AppData\Local\Temp\ResetDevice.exe   [7168]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/10/2013] (...) -- C:\Users\samir\AppData\Local\Temp\streaming_updates.dat   [0]
[MD5.830BDA0896AB094A3F0D4FA4880259E5] [SPRF][06/27/2009] (...) -- C:\Users\samir\AppData\Local\Temp\SysConfig.dat   [1224]
[MD5.2050E03CA119580F74CCA14CC6E97462] [SPRF][01/15/2014] (...) -- C:\Users\samir\AppData\Local\Temp\sysid.dat   [3]
[MD5.943F313974A830D4634C73BEB8103F5E] [SPRF][05/16/2013] (.Conduit Ltd. - ToolbarHelper Application.) -- C:\Users\samir\AppData\Local\Temp\ToolbarHelper.exe   [86816]  =>Toolbar.Conduit
[MD5.E795D8D051801D500D3265D10CF48FB4] [SPRF][01/15/2014] (...) -- C:\Users\samir\AppData\Local\Temp\trackid.dat   [6]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][06/16/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\samir\AppData\Local\Temp\uninst1.exe   [389632]  =>PUP.Babylon
[MD5.83087F025194693DFF3A0F22E6A4AE96] [SPRF][10/09/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\samir\AppData\Local\Temp\UpdateCheckerSetup.exe   [196376]  =>Adware.MegaSearch
[MD5.5AC98C84160A9400DB448D153C959BB6] [SPRF][05/07/2013] (...) -- C:\Users\samir\AppData\Local\Temp\utiA864.tmp.exe   [773104]
[MD5.5AC98C84160A9400DB448D153C959BB6] [SPRF][07/19/2013] (...) -- C:\Users\samir\AppData\Local\Temp\utiC498.tmp.exe   [773104]
[MD5.945B8A386A26BF882136F9D3B5F43B23] [SPRF][06/27/2013] (...) -- C:\Users\samir\AppData\Local\Temp\utt843C.tmp.exe   [8253952]
[MD5.6B3433F52E1E6975C43F8BE6914571D9] [SPRF][10/12/2013] (...) -- C:\Users\samir\AppData\Local\Temp\{E0691DFC-2F26-49E7-93B7-E98B210F00FC}.bat   [662]
[MD5.0B8A80CA2CC6CE5A227AD84A13503E12] [SPRF][01/13/2014] (...) -- C:\Users\samir\AppData\Roaming\33A5.exe   [1445440]
[MD5.0B8A80CA2CC6CE5A227AD84A13503E12] [SPRF][01/13/2014] (...) -- C:\Users\samir\AppData\Roaming\CE13.exe   [1445440]
[MD5.45F2F7BDBBA51F23C5FCA10ADDFAFCA1] [SPRF][12/13/2013] (...) -- C:\Users\samir\AppData\Roaming\G5Y.exe   [775459]
[MD5.B86D9DEA00701078C0E8519489DFE5AF] [SPRF][04/20/2008] (.No owner - TuDomino Solitario.) -- C:\Users\samir\Desktop\Domino.exe   [4620520]
~ Files: 42 Legitimates Filtered in 00mn 03s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8BBE6D36-53A6-4350-BDBD-124E36938BA5}C:\program files (x86)\flashget\flashget.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\flashget\flashget.exe (.not file.)
O87 - FAEL: "UDP Query User{54190689-5C55-4AB1-8C1B-A120F06E78F7}C:\program files (x86)\flashget\flashget.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\flashget\flashget.exe (.not file.)
O87 - FAEL: "TCP Query User{E82B9879-245F-4BE2-9612-796ECE3FE107}C:\users\samir\appdata\local\super internet tv\super internet tv.exe" | In - Public - P6 - TRUE | .(.Ahusoft - Super Internet TV.) -- C:\users\samir\appdata\local\super internet tv\super internet tv.exe
O87 - FAEL: "UDP Query User{89C0A23A-BB05-42B9-90C0-EA8CAF5B43B5}C:\users\samir\appdata\local\super internet tv\super internet tv.exe" | In - Public - P17 - TRUE | .(.Ahusoft - Super Internet TV.) -- C:\users\samir\appdata\local\super internet tv\super internet tv.exe
O87 - FAEL: "TCP Query User{3597B839-7D46-4BC8-9D01-0EB9ACFE7D3E}C:\program files (x86)\flashget\flashget.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\flashget\flashget.exe (.not file.)
O87 - FAEL: "UDP Query User{FEAEA4D8-2AD2-4240-8CF6-6D4CBF44D223}C:\program files (x86)\flashget\flashget.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\flashget\flashget.exe (.not file.)
O87 - FAEL: "TCP Query User{C5134C42-5967-4BAD-A05F-9CD0065A8BD6}D:\pes2013\pes 2013\skidrow\pes2013.exe" |In - Public - P6 - TRUE | .(...) -- D:\pes2013\pes 2013\skidrow\pes2013.exe (.not file.)
O87 - FAEL: "UDP Query User{70FBCB88-5B8F-4170-9809-BA2C32F2C30A}D:\pes2013\pes 2013\skidrow\pes2013.exe" |In - Public - P17 - TRUE | .(...) -- D:\pes2013\pes 2013\skidrow\pes2013.exe (.not file.)
O87 - FAEL: "TCP Query User{07634DF2-0DB0-498B-AD58-ACF93024CE2C}C:\program files (x86)\progdvb\progdvbnet.exe" | In - Public - P6 - TRUE | .(.Prog - ProgDvbNet.) -- C:\program files (x86)\progdvb\progdvbnet.exe
O87 - FAEL: "UDP Query User{C52A9E94-6278-4EDB-8247-D6CAA6A86050}C:\program files (x86)\progdvb\progdvbnet.exe" | In - Public - P17 - TRUE | .(.Prog - ProgDvbNet.) -- C:\program files (x86)\progdvb\progdvbnet.exe
O87 - FAEL: "{B7A3E5F1-F34C-4EAD-82BA-4F0EE3E0A23D}" |In - Public - P6 - TRUE | .(...) -- C:\Users\samir\AppData\Local\Temp\update.exe (.not file.)
O87 - FAEL: "{05015C9E-C197-4716-AE5A-E99B5611209B}" |In - Public - P17 - TRUE | .(...) -- C:\Users\samir\AppData\Local\Temp\update.exe (.not file.)
~ Firewall: 237 Legitimates Filtered in 00mn 06s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 128 Legitimates Filtered in 00mn 00s



---\\ Random Export Key (REK) (O91)
[HKCU\Software\043ed596af7365236306a463494dc0f4]:US="@"
[HKCU\Software\53e8c88e13def48\2.6.1339.144\upd]:="upd=1"  =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\2.6.1519.190\upd]:="upd=1"  =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\2.7.1769.27\upd]:="upd="  =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132" =>Hijacker.Eazel
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\53e8c88e13def48] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\53e8c88e13def48] => Clé orpheline
~ Export Key Software:  Scanned in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.D61E14E042743C7999B1695376DAF73F] [WIS][08/09/2010] (.ATI - Catalyst Control Center.) -- C:\Windows\Installer\20760.msi   [14436864]
[MD5.C2E67A0BF4E6BFF587AC96664F63BDA3] [WIS][10/31/2012] (.Rovio - Angry Birds Star Wars.) -- C:\Windows\Installer\4b6a3f7.msi   [976384]
~ WIS: 134 Legitimates Filtered in 00mn 20s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 02/05/2014 257928 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/10/2013 116776 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SS - | Auto 12/16/2013 193696 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Auto 10/10/2011 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/10/2011 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/29/2011 138168 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 02/05/2013 235216 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 12/21/2013 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/15/2010 335872 |  (RGService) . (...) - C:\Program Files\RadioGet\RGService.exe
SS - | Auto 01/08/2013 161536 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/16/2009 74392 |  (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 01/01/2013 277744 | C:\Program Files (x86)\SPEEDB~1\VideoAcceleratorService.exe (VideoAcceleratorService) . (.SpeedBit Ltd..) - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe

SR - | Auto 03/03/2009 89600 |  (AESTFilters) . (.Andrea Electronics Corporation.) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
SR - | Auto 11/02/2009 16896 |  (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 08/05/2010 203264 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11/10/2013 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 12/16/2013 247968 |  (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 12/12/2008 238888 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Auto 07/30/2010 951584 |  (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 12/17/2007 163840 |  (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe
SR - | Auto 01/11/2007 126464 |  (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SR - | Auto 06/21/2011 85560 |  (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  =>.Hewlett-Packard Co
SR - | Auto 04/05/2010 103992 |  (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 03/28/2011 94264 |  (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Auto 03/01/2010 264248 |  (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
SR - | Demand 03/28/2011 799800 |  (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 07/10/1658 0 |  (HyperDeskCustomThemeEnabler) . (...) - C:\windows\Installer\MSIF608.tmp" -service
SR - | Auto 02/22/2010 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 03/06/2010 635416 |  (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 07/10/1658 0 |  (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe
SR - | Auto 12/23/2013 3446792 |  (SafetyNutManager) . (.SafetyNut Inc..) - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe =>PUP.MoviesToolbar
SR - | Auto 03/17/2010 244736 |  (STacSV) . (.IDT, Inc..) - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
SR - | Auto 08/31/2013 42504 |  (VideoDownloadConverter_4zService) . (.COMPANYVERS_NAME.) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe =>Adware.VideoDownloadConverter
SR - | Auto 07/14/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/10/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 07/14/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 23s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by samir at 02/06/2014 18:58:44
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by samir at 02/06/2014 18:58:46

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (01/25/2014)
Clés trouvées (Keys found) : 240
Valeurs trouvées (Values found) : 5
Dossiers trouvés  (Folders found) : 47
Fichiers trouvés  (Files found) : 41

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}]   =>PUP.Blabbers^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>P2P.µTorrent^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]   =>AdWare.Comet^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}]   =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}]   =>Adware.VideoDownloadConverter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}]   =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]   =>PUP.Blabbers^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}]   =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}]   =>Adware.VideoDownloadConverter^
[HKLM\SYSTEM\CurrentControlSet\Services\SafetyNutManager]   =>PUP.MoviesToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService]   =>Adware.VideoDownloadConverter^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps]   =>Adware.MegaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]   =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar]   =>AdWare.Comet^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]   =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1FF]   =>PUP.MoviesToolbar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Volaro Updater]   =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera]   =>Trojan.Vonteera^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera Safe ads]   =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera Safe ads]   =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\myBabylon_English Toolbar]   =>PUP.Babylon^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client]   =>PUP.Babylon^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]   =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}]   =>PUP.Blabbers
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}]   =>PUP.Minibar
[HKLM\Software\Wow6432Node\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}]   =>PUP.Minibar
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]   =>Adware.CometSystems
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]   =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]   =>Adware.CometSystems
[HKLM\Software\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}]   =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}]   =>PUP.Blabbers
[HKLM\Software\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}]   =>PUP.Blabbers
[HKLM\Software\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}]   =>PUP.Blabbers
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]   =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}]   =>PUP.Blabbers
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]   =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}]   =>PUP.Blabbers
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]   =>PUP.Blabbers
[HKLM\Software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}]   =>PUP.Blabbers
[HKLM\Software\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]   =>PUP.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]   =>PUP.Minibar
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}]   =>PUP.Minibar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}]   =>PUP.Minibar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]   =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}]   =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}]   =>PUP.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]   =>Toolbar.Ask&Record
[HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]   =>Toolbar.Ask&Record
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]   =>Toolbar.Ask&Record
[HKLM\Software\Classes\AppID\escort.dll]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE]   =>PUP.Babylon
[HKLM\Software\Classes\AppID\tdataprotocol.DLL]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\updatebho.DLL]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\wit4ie.DLL]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]   =>Toolbar.Bing
[HKLM\Software\Classes\b]   =>PUP.Babylon
[HKLM\Software\Classes\Babylon.dskBnd]   =>PUP.Babylon
[HKLM\Software\Classes\Babylon.dskBnd.1]   =>PUP.Babylon
[HKLM\Software\Classes\bbylnApp.appCore]   =>PUP.Babylon
[HKLM\Software\Classes\bbylnApp.appCore.1]   =>PUP.Babylon
[HKLM\Software\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Classes\esrv.BabylonESrvc]   =>PUP.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc.1]   =>PUP.Babylon
[HKLM\Software\Classes\S]   =>Toolbar.Agent
[HKLM\Software\Classes\updatebho.TimerBHO]   =>PUP.Blabbers
[HKLM\Software\Classes\updatebho.TimerBHO.1]   =>PUP.Blabbers
[HKLM\Software\Classes\wit4ie.WitBHO]   =>PUP.Blabbers
[HKLM\Software\Classes\wit4ie.WitBHO.2]   =>PUP.Blabbers
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib]   =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv]   =>Toolbar.Agent
[HKCU\Software\APN DTX]   =>Toolbar.Ask
[HKCU\Software\APN PIP]   =>Toolbar.Ask
[HKCU\Software\BabylonToolbar]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\BabylonToolbar]   =>PUP.Babylon
[HKCU\Software\Blabbers]   =>PUP.Blabbers
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]   =>Toolbar.Conduit
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1]   =>Adware.VideoDownloadConverter
[HKLM\Software\Wow6432Node\Minibar]   =>PUP.Minibar
[HKCU\Software\PIP]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\PIP]   =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\PriceGong]   =>Adware.PriceGong
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKCU\Software\Somoto]   =>Adware.MegaSearch
[HKCU\Software\AppDataLow\Toolbar]   =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\uTorrentBar_FR]   =>Toolbar.Conduit
[HKCU\Software\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar]   =>Adware.CometSystems
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Zuma's Revenge!1.0]   =>Adware.PopCap
[HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64]   =>PUP.Blabbers
[HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\Chrome]   =>PUP.Blabbers
[HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\Prox]   =>PUP.Blabbers
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{437B9306-2FDE-4054-A3C9-6B49507C12D0}]   =>Trojan.Vonteera
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{437B9306-2FDE-4054-A3C9-6B49507C12D0}]   =>Trojan.Vonteera
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}]   =>Trojan.Vonteera
[HKLM\Software\Classes\AppID\VONTEERA.DLL]   =>Trojan.Vonteera
[HKLM\Software\Classes\Prod.cap]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKLM\Software\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}]   =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}]   =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]   =>Adware.MegaSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitUninstaller_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitUninstaller_RASMANCS]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]   =>Adware.CometSystems
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]   =>Adware.CometSystems
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]   =>Adware.CometSystems
[HKCU\Software\BI]   =>Adware.MegaSearch
[HKLM\Software\Classes\Installer\Features\4301AEBD288588A40833184CFEC0AF92]   =>Adware.iWinArcade
[HKLM\Software\Classes\Installer\Products\4301AEBD288588A40833184CFEC0AF92]   =>Adware.iWinArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4301AEBD288588A40833184CFEC0AF92]   =>Adware.iWinArcade
[HKLM\Software\Wow6432Node\Classes\Installer\Features\4301AEBD288588A40833184CFEC0AF92]   =>Adware.iWinArcade
[HKLM\Software\Wow6432Node\Classes\Installer\Products\4301AEBD288588A40833184CFEC0AF92]   =>Adware.iWinArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\80F08842F9EA1BE4BA4922DA74CDB698]   =>Adware.iWinArcade
[HKCU\Software\VideoDownloadConverter_4z]   =>Adware.VideoDownloadConverter
[HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z]   =>Adware.VideoDownloadConverter
[HKLM\Software\Wow6432Node\VideoDownloadConverter_4z]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.HTMLMenu]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.HTMLMenu.1]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.RadioSettings]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.RadioSettings.1]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.SettingsPlugin]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.SettingsPlugin.1]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.SkinLauncher]   =>Adware.VideoDownloadConverter
[HKLM\Software\Classes\VideoDownloadConverter_4z.SkinLauncher.1]   =>Adware.VideoDownloadConverter
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena]   =>Hijacker.SearchB1org
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]   =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS]   =>Toolbar.Ask
[HKLM\Software\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT1460988]   =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT1561552]   =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT1460988]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT1561552]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]   =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}   =>PUP.Babylon^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{eec0f710-38b5-4aba-99bf-ec87564a4e13}   =>Toolbar.Bing^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VideoDownloadConverter Home Page Guard 64 bit   =>Adware.VideoDownloadConverter^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SDP   =>Adware.MegaSearch^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}   =>Adware.BHO
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com   =>Adware.VideoDownloadConverter^
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\extensions\addon@Vonteera.com   =>Trojan.Vonteera^
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\extensions\ffxtlbr@delta.com   =>Toolbar.DeltaSearch^
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}   =>P2P.µTorrent^
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}   =>PUP.MoviesToolbar^
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}   =>Adware.MegaSearch^
C:\Program Files (x86)\BabylonToolbar   =>PUP.Babylon^
C:\Program Files (x86)\DealPly   =>PUP.DealPly^
C:\Program Files (x86)\Minibar   =>PUP.Minibar^
C:\Program Files (x86)\Movies Toolbar   =>PUP.MoviesToolbar^
C:\Program Files (x86)\myBabylon_English   =>PUP.Babylon^
C:\Program Files (x86)\Trymedia   =>Adware.Trymedia^
C:\Program Files (x86)\Video Download Converter   =>Adware.VideoDownloadConverter^
C:\Program Files (x86)\Volaro   =>Trojan.Vonteera^
C:\Program Files (x86)\VonteeraAddon   =>Trojan.Vonteera^
C:\ProgramData\Babylon   =>PUP.Babylon^
C:\ProgramData\DSearchLink   =>Toolbar.DeltaSearch^
C:\Users\samir\AppData\Roaming\B1Toolbar   =>Hijacker.SearchB1org^
C:\Users\samir\AppData\Roaming\BabSolution   =>Hijacker.BabSolution^
C:\Users\samir\AppData\Roaming\Babylon   =>PUP.Babylon^
C:\Users\samir\AppData\Roaming\DealPly   =>PUP.DealPly^
C:\Users\samir\AppData\Roaming\File Scout   =>PUP.FileScout^
C:\Users\samir\AppData\Local\AppsHat Mobile Apps   =>Adware.MegaSearch^
C:\Users\samir\AppData\Local\Minibar   =>PUP.Minibar^
C:\Program Files (x86)\Zuma's Revenge!   =>Adware.PopCap
C:\Program Files (x86)\alot   =>Adware.CometSystems
C:\Program Files (x86)\BrowserCompanion   =>PUP.Blabbers
C:\Program Files (x86)\Conduit   =>Toolbar.Conduit
C:\Program Files (x86)\VideoDownloadConverter_4z   =>Adware.VideoDownloadConverter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly   =>PUP.DealPly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter   =>Adware.VideoDownloadConverter
C:\Users\samir\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\samir\AppData\Local\Bundled software uninstaller   =>Adware.MegaSearch
C:\Users\samir\AppData\Local\B1E   =>Toolbar.BrotherSoft
C:\Users\samir\AppData\Local\VideoDownloadConverter_4z   =>Adware.VideoDownloadConverter
C:\Users\samir\AppData\LocalLow\alot   =>Adware.CometSystems
C:\Users\samir\AppData\LocalLow\BabylonToolbar   =>PUP.Babylon
C:\Users\samir\AppData\LocalLow\bbrs_002.tb   =>PUP.Blabbers
C:\Users\samir\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\samir\AppData\LocalLow\Minibar   =>PUP.Minibar
C:\Users\samir\AppData\LocalLow\PriceGong   =>Adware.PriceGong
C:\Users\samir\AppData\LocalLow\uTorrentBar_FR   =>Toolbar.Conduit
C:\Users\samir\AppData\LocalLow\VideoDownloadConverter_4z   =>Adware.VideoDownloadConverter
C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde   =>Toolbar.DeltaSearch
C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena   =>Hijacker.SearchB1org
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\Smartbar   =>Hijacker.SmartBar
C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\01linfb8.default\VideoDownloadConverter_4z   =>Adware.VideoDownloadConverter
C:\Users\samir\AppData\Local\FilesFrog Update Checker\update_checker.exe   =>Adware.MegaSearch^
C:\Users\samir\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe   =>Adware.SocialSkinz^
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe   =>PUP.Blabbers^
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe   =>Adware.VideoDownloadConverter^
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe   =>Adware.VideoDownloadConverter^
C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe   =>PUP.MoviesToolbar^
C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe   =>PUP.MoviesToolbar^
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe   =>Adware.VideoDownloadConverter^
C:\Users\samir\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe   =>PUP.DealPly^
C:\Program Files (x86)\DealPly\DealPlyUpdate.exe   =>PUP.DealPly^
C:\Users\samir\AppData\Roaming\BabSolution\Shared\BabMaint.exe   =>Hijacker.BabSolution^
C:\Program Files (x86)\Volaro\Updater\Updater.exe   =>Trojan.Vonteera^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
[HKCU\Software\Blabbers       ]   =>PUP.Blabbers^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar]   =>PUP.Datamngr^
[HKCU\Software\FileScout]   =>PUP.FileScout^
[HKCU\Software\Volaro]   =>Trojan.Vonteera^
[HKCU\Software\Vonteera]   =>Trojan.Vonteera^
[HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Vittalia]   =>PUP.Vittalia^
[HKLM\Software\Wow6432Node\myBabylon_English]   =>PUP.Babylon^
C:\Users\samir\AppData\Local\Temp\alnaddy_config.dat   =>Hijacker.Alnaddy^
C:\Users\samir\AppData\Local\Temp\appshat-distribution.exe   =>Adware.MegaSearch^
C:\Users\samir\AppData\Local\Temp\DeltaTB.exe   =>Toolbar.DeltaSearch^
C:\Users\samir\AppData\Local\Temp\FLVPlayerSetup.exe   =>Adware.MegaSearch^
C:\Users\samir\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe   =>Adware.MegaSearch^
C:\Users\samir\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe   =>PUP.MoviesToolbar^
C:\Users\samir\AppData\Local\Temp\ToolbarHelper.exe   =>Toolbar.Conduit^
C:\Users\samir\AppData\Local\Temp\uninst1.exe   =>PUP.Babylon^
C:\Users\samir\AppData\Local\Temp\UpdateCheckerSetup.exe   =>Adware.MegaSearch^
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll"   =>PUP.BitGuard^
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"   =>Hijacker.Eazel^
[HKCU\Software\53e8c88e13def48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"   =>Hijacker.Eazel^
[HKCU\Software\53e8c88e13def48]   =>PUP.Babylon^^
C:\Users\samir\AppData\Local\Temp\somotomoviestoolbar1-manifest.xml  =>Adware.MegaSearch
~ Additionnel Scan: 399929 Items scanned in 01mn 02s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch   =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz   =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/27280149-pup-blabbers   =>PUP.Blabbers
~ http://nicolascoolman.webs.com/apps/blog/show/29640158-adware-videodownloadconverter   =>Adware.VideoDownloadConverter
~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar   =>PUP.MoviesToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel   =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera   =>Trojan.Vonteera
~ http://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet  =>Adware.Comet
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap   =>Adware.PopCap
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply   =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard   =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout   =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar    =>PUP.Minibar
~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia   =>PUP.Vittalia
~ http://nicolascoolman.webs.com/apps/blog/show/29710349-adware-trymedia   =>Adware.Trymedia
~ http://nicolascoolman.webs.com/apps/blog/show/30703839-hijacker-searchb1org   =>Hijacker.SearchB1org
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard   =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch   =>Spyware.ProtectedSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar   =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch   =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28212192-hijacker-alnaddy   =>Hijacker.Alnaddy
~ http://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet  =>Adware.Comet
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods   =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask   =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong   =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade  =>Adware.iWinArcade
~ MSI: 32 link(s) detected in 01mn 03s



~ 1573 Legitimates filtered by white list
End of the scan (1310 lines in 06mn 16s)(6)