Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script zhpfix
P2 - FPN: [HKCU] [eorezo.com/AgenceChromeBHO] - (...) -- C:\Program Files (x86)\EoRezo\npAgenceChromeBHO.dll (.not file.) =>PUP.Eorezo
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877 =>Hijacker.Proxy
O2 - BHO: net_plugin.antivirus.antivirus [64Bits] - {d92408c7-5ec8-49c6-80d3-3e288000606e} . (...) -- mscoree.dll (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-18\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-19\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-20\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAEC2720-CF98-4699-BB9D-FB47C6136147}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{FAEC2720-CF98-4699-BB9D-FB47C6136147}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{FAEC2720-CF98-4699-BB9D-FB47C6136147}: DhcpNameServer = 172.20.10.1
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core] (.Facebook Inc..) -- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA] (.Facebook Inc..) -- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.3631801F974FDD3B1C5FF77C889BD326] [APT] [TuneUpUtilities_Task_BkGndMaintenance2013] (.TuneUp Software.) -- C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [459576]
[MD5.00000000000000000000000000000000] [APT] [{7D96D105-A575-4FF0-B2C7-79A7B6CF872B}] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.) [0]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core.job [1070]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core [1070]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA.job [1092]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA [1092]
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {95A6C0BE-BE04-462D-A623-7F98B15C1FC3} =>Adware.Boxore
O42 - Logiciel: TuneUp Utilities 2014 - (.TuneUp Software.) [HKLM][64Bits] -- TuneUp Utilities
[HKCU\Software\F-Secure]
[HKCU\Software\MCAFEE]
[HKCU\Software\PCTuneUp]
[HKCU\Software\TuneUp]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfee]
[HKLM\Software\TuneUp]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Advernet] =>Hijacker.Proxy
[HKLM\Software\Wow6432Node\McAfee.com]
[HKLM\Software\Wow6432Node\McAfee]
[HKLM\Software\Wow6432Node\RocketLife]
[HKLM\Software\Wow6432Node\TuneUp]
O43 - CFD: 31/07/2014 - 13:28:06 - [] ----D C:\Program Files (x86)\TuneUp Utilities 2014
O43 - CFD: 29/12/2011 - 15:24:08 - [] ----D C:\Program Files (x86)\Common Files\mcafee
O43 - CFD: 13/07/2014 - 11:17:52 - [] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 31/03/2013 - 19:46:21 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 31/03/2013 - 19:05:40 - [] ----D C:\ProgramData\f-secure
O43 - CFD: 01/09/2011 - 09:26:01 - [] ----D C:\ProgramData\FLEXnet
O43 - CFD: 17/07/2013 - 10:13:05 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 30/03/2014 - 11:18:50 - [] ----D C:\ProgramData\TuneUp Software
O43 - CFD: 30/03/2014 - 11:39:41 - [0] ----D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
O43 - CFD: 30/03/2014 - 11:39:41 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02/02/2013 - 21:20:50 - [] ----D C:\Users\acer\AppData\Roaming\Advernet =>Hijacker.Proxy
O43 - CFD: 28/12/2011 - 11:51:08 - [] ----D C:\Users\acer\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 29/11/2012 - 19:34:53 - [] ----D C:\Users\acer\AppData\Roaming\RegBeta.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 30/03/2014 - 11:14:34 - [] ----D C:\Users\acer\AppData\Roaming\TuneUp Software
O43 - CFD: 30/03/2014 - 11:14:34 - [] ----D C:\Users\acer\AppData\Local\TuneUp Software
O50 - IFEO:Image File Execution Options - agatha christie - death on the nile-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - bejeweled 2 deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - boostupdater.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - cc_kart2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - chuzzle deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - drivegreen1-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - fate-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - insaniquarium deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - jewel quest solitaire-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - jewelmatch3-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - mysteryofmortlakemansion-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - penguins-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - photoproduct.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - plantsvszombies-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - polar-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - provider.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - racing-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - slingo deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - torchlight-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - virtualvillagers4thetreeoflife-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - wedding dash-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - zuma deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O51 - MPSK:{b8778a4c-bd3e-11e2-ba29-b870f4df5a34}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{c473a6f0-4db1-11e2-85c7-b870f4df5a34}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
O64 - Services: CurCS - 10/02/2014 - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUpUtilitiesDrv) .(.TuneUp Software - TuneUp Utilities Driver.) - LEGACY_TUNEUPUTILITIESDRV
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {4F92FFC9-BC2C-49DE-8801-0285B2E1A7F8} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O90 - PUC: "7E685771E24E83F4381D1DB5A45F7B41" . (.Delta Chrome Toolbar.) -- C:\Windows\Installer\{177586E7-E42E-4F38-83D1-D15B4AF5B714}\Delta.ico =>Toolbar.DeltaSearch
O90 - PUC: "D73F4D92A419E8B4BBEC1C182399952F" . (.eDownloader.) -- C:\Windows\Installer\{29D4F37D-914A-4B8E-BBCE-C181329959F2}\softwareinstaller.exe =>PUP.SoftwareEngine
O90 - PUC: "EB0C6A5940EBD2646A32F7891BC5F13C" . (.Boxore Client.) -- C:\Windows\Installer\{95A6C0BE-BE04-462D-A623-7F98B15C1FC3}\boxore.ico =>Adware.Boxore
[MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][30/09/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\26ee0c.msi [45056] =>Adware.Boxore
[MD5.33B7498D562214AF350351413ECFB9F4] [WIS][14/01/2013] (.Advernet - eDownloader.) -- C:\Windows\Installer\90cc3f.msi [894976] =>Hijacker.Proxy
[MD5.35C918348CBB0877BCD5A3CF24C13761] [WIS][25/11/2012] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\946b66.msi [573440] =>Toolbar.DeltaSearch
[MD5.E6A476329CDC652B02404453D1A4314D] [WIS][18/02/2013] (.QwertyBox Team - FrameFox Extensions 1.0.100.0 Setup.) -- C:\Windows\Installer\e61b2.msi [688128] =>PUP.FrameFox
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASMANCS =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04121722_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04121722_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04190653_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04190653_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04221726_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04221726_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04271538_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04271538_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationMonitor_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationMonitor_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationSysTray_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationSysTray_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\qwertybox_RASAPI32 =>PUP.FrameFox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\qwertybox_RASMANCS =>PUP.FrameFox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetImSetup (2)_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetImSetup (2)_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_4_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_4_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASMANCS =>PUP.NetCrawl
SR - | Auto 16/07/2014 2145080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95A6C0BE-BE04-462D-A623-7F98B15C1FC3}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{29633E53-BF13-41B5-9E10-19D7843BD9C3}] =>Hijacker.Proxy^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95A6C0BE-BE04-462D-A623-7F98B15C1FC3}] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29633E53-BF13-41B5-9E10-19D7843BD9C3}] =>Hijacker.Proxy
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch
[HKCU\Software\Classes\EoRezo.AgenceChromeBHO] =>PUP.Eorezo
[HKCU\Software\Classes\EoRezo.AgenceChromeBHO.1] =>PUP.Eorezo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\acer\AppData\Roaming\Advernet =>Hijacker.Proxy^
[HKLM\Software\Wow6432Node\Advernet] =>Hijacker.Proxy^
C:\Windows\Installer\26ee0c.msi =>Adware.Boxore^
C:\Windows\Installer\90cc3f.msi =>Hijacker.Proxy^
C:\Windows\Installer\946b66.msi =>Toolbar.DeltaSearch^
C:\Windows\Installer\e61b2.msi =>PUP.FrameFox^
C:\Users\acer\Downloads\cacaoweb.exe =>PUP.CacaoWeb
Emptytemp
Emptyflash
Proxyfix
Ifeofix
P2 - FPN: [HKCU] [eorezo.com/AgenceChromeBHO] - (...) -- C:\Program Files (x86)\EoRezo\npAgenceChromeBHO.dll (.not file.) =>PUP.Eorezo
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877 =>Hijacker.Proxy
O2 - BHO: net_plugin.antivirus.antivirus [64Bits] - {d92408c7-5ec8-49c6-80d3-3e288000606e} . (...) -- mscoree.dll (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-18\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-19\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-20\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAEC2720-CF98-4699-BB9D-FB47C6136147}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{FAEC2720-CF98-4699-BB9D-FB47C6136147}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{FAEC2720-CF98-4699-BB9D-FB47C6136147}: DhcpNameServer = 172.20.10.1
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core] (.Facebook Inc..) -- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA] (.Facebook Inc..) -- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.3631801F974FDD3B1C5FF77C889BD326] [APT] [TuneUpUtilities_Task_BkGndMaintenance2013] (.TuneUp Software.) -- C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [459576]
[MD5.00000000000000000000000000000000] [APT] [{7D96D105-A575-4FF0-B2C7-79A7B6CF872B}] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.) [0]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core.job [1070]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001Core [1070]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA.job [1092]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1878562479-1364823519-3218564896-1001UA [1092]
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {95A6C0BE-BE04-462D-A623-7F98B15C1FC3} =>Adware.Boxore
O42 - Logiciel: TuneUp Utilities 2014 - (.TuneUp Software.) [HKLM][64Bits] -- TuneUp Utilities
[HKCU\Software\F-Secure]
[HKCU\Software\MCAFEE]
[HKCU\Software\PCTuneUp]
[HKCU\Software\TuneUp]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfee]
[HKLM\Software\TuneUp]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Advernet] =>Hijacker.Proxy
[HKLM\Software\Wow6432Node\McAfee.com]
[HKLM\Software\Wow6432Node\McAfee]
[HKLM\Software\Wow6432Node\RocketLife]
[HKLM\Software\Wow6432Node\TuneUp]
O43 - CFD: 31/07/2014 - 13:28:06 - [] ----D C:\Program Files (x86)\TuneUp Utilities 2014
O43 - CFD: 29/12/2011 - 15:24:08 - [] ----D C:\Program Files (x86)\Common Files\mcafee
O43 - CFD: 13/07/2014 - 11:17:52 - [] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 31/03/2013 - 19:46:21 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 31/03/2013 - 19:05:40 - [] ----D C:\ProgramData\f-secure
O43 - CFD: 01/09/2011 - 09:26:01 - [] ----D C:\ProgramData\FLEXnet
O43 - CFD: 17/07/2013 - 10:13:05 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 30/03/2014 - 11:18:50 - [] ----D C:\ProgramData\TuneUp Software
O43 - CFD: 30/03/2014 - 11:39:41 - [0] ----D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
O43 - CFD: 30/03/2014 - 11:39:41 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02/02/2013 - 21:20:50 - [] ----D C:\Users\acer\AppData\Roaming\Advernet =>Hijacker.Proxy
O43 - CFD: 28/12/2011 - 11:51:08 - [] ----D C:\Users\acer\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 29/11/2012 - 19:34:53 - [] ----D C:\Users\acer\AppData\Roaming\RegBeta.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 30/03/2014 - 11:14:34 - [] ----D C:\Users\acer\AppData\Roaming\TuneUp Software
O43 - CFD: 30/03/2014 - 11:14:34 - [] ----D C:\Users\acer\AppData\Local\TuneUp Software
O50 - IFEO:Image File Execution Options - agatha christie - death on the nile-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - bejeweled 2 deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - boostupdater.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - cc_kart2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - chuzzle deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - drivegreen1-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - fate-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - insaniquarium deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - jewel quest solitaire-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - jewelmatch3-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - mysteryofmortlakemansion-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - penguins-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - photoproduct.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - plantsvszombies-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - polar-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - provider.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - racing-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - slingo deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - torchlight-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - virtualvillagers4thetreeoflife-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - wedding dash-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O50 - IFEO:Image File Execution Options - zuma deluxe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
O51 - MPSK:{b8778a4c-bd3e-11e2-ba29-b870f4df5a34}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{c473a6f0-4db1-11e2-85c7-b870f4df5a34}\AutoRun\command. (...) -- E:\AutoRunCardDetector.exe (.not file.)
O64 - Services: CurCS - 10/02/2014 - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUpUtilitiesDrv) .(.TuneUp Software - TuneUp Utilities Driver.) - LEGACY_TUNEUPUTILITIESDRV
O68 - StartMenuInternet:
O69 - SBI: SearchScopes [HKCU] {4F92FFC9-BC2C-49DE-8801-0285B2E1A7F8} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O90 - PUC: "7E685771E24E83F4381D1DB5A45F7B41" . (.Delta Chrome Toolbar.) -- C:\Windows\Installer\{177586E7-E42E-4F38-83D1-D15B4AF5B714}\Delta.ico =>Toolbar.DeltaSearch
O90 - PUC: "D73F4D92A419E8B4BBEC1C182399952F" . (.eDownloader.) -- C:\Windows\Installer\{29D4F37D-914A-4B8E-BBCE-C181329959F2}\softwareinstaller.exe =>PUP.SoftwareEngine
O90 - PUC: "EB0C6A5940EBD2646A32F7891BC5F13C" . (.Boxore Client.) -- C:\Windows\Installer\{95A6C0BE-BE04-462D-A623-7F98B15C1FC3}\boxore.ico =>Adware.Boxore
[MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][30/09/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\26ee0c.msi [45056] =>Adware.Boxore
[MD5.33B7498D562214AF350351413ECFB9F4] [WIS][14/01/2013] (.Advernet - eDownloader.) -- C:\Windows\Installer\90cc3f.msi [894976] =>Hijacker.Proxy
[MD5.35C918348CBB0877BCD5A3CF24C13761] [WIS][25/11/2012] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\946b66.msi [573440] =>Toolbar.DeltaSearch
[MD5.E6A476329CDC652B02404453D1A4314D] [WIS][18/02/2013] (.QwertyBox Team - FrameFox Extensions 1.0.100.0 Setup.) -- C:\Windows\Installer\e61b2.msi [688128] =>PUP.FrameFox
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_tuguu_14656_RASMANCS =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04121722_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04121722_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04190653_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04190653_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04221726_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04221726_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04271538_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_04271538_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationMonitor_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationMonitor_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationSysTray_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationSysTray_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\qwertybox_RASAPI32 =>PUP.FrameFox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\qwertybox_RASMANCS =>PUP.FrameFox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetImSetup (2)_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetImSetup (2)_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_4_RASAPI32 =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tuto4pc_fr_4_RASMANCS =>PUP.AgenceExclusive
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASMANCS =>PUP.NetCrawl
SR - | Auto 16/07/2014 2145080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95A6C0BE-BE04-462D-A623-7F98B15C1FC3}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{29633E53-BF13-41B5-9E10-19D7843BD9C3}] =>Hijacker.Proxy^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95A6C0BE-BE04-462D-A623-7F98B15C1FC3}] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29633E53-BF13-41B5-9E10-19D7843BD9C3}] =>Hijacker.Proxy
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch
[HKCU\Software\Classes\EoRezo.AgenceChromeBHO] =>PUP.Eorezo
[HKCU\Software\Classes\EoRezo.AgenceChromeBHO.1] =>PUP.Eorezo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\acer\AppData\Roaming\Advernet =>Hijacker.Proxy^
[HKLM\Software\Wow6432Node\Advernet] =>Hijacker.Proxy^
C:\Windows\Installer\26ee0c.msi =>Adware.Boxore^
C:\Windows\Installer\90cc3f.msi =>Hijacker.Proxy^
C:\Windows\Installer\946b66.msi =>Toolbar.DeltaSearch^
C:\Windows\Installer\e61b2.msi =>PUP.FrameFox^
C:\Users\acer\Downloads\cacaoweb.exe =>PUP.CacaoWeb
Emptytemp
Emptyflash
Proxyfix
Ifeofix