Script ZHPFix O23 - Service: Apple Azure Service (AppleAzureSrv) . (...) - C:\ProgramData\common\Apple\Apps\AzureTools.dll =>Adware.GhokswaBrowser SR - Auto [10/04/2017] [ 99328] Apple Azure Service (AppleAzureSrv) . (...) - C:\ProgramData\common\Apple\Apps\AzureTools.dll =>Adware.GhokswaBrowser [MD5.00000000000000000000000000000000] [APT] [Start Registry Reviver for LAPTOP-U6ASGOAK@Ana‰lle Jolivet(logon)] (...) -- C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (.not file.) [0] (.Activate.) =>PUP.Optional.RegistryReviver [MD5.00000000000000000000000000000000] [APT] [Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Ana‰lle Jolivet] (...) -- C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (.not file.) [0] (.Activate.) =>PUP.Optional.RegistryReviver [MD5.00000000000000000000000000000000] [APT] [Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Ana‰lle Jolivet at logon] (...) -- C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (.not file.) [0] (.Activate.) =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\Tasks\Start Registry Reviver for LAPTOP-U6ASGOAK@Anaëlle Jolivet(logon).job [364] =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet at logon.job [350] =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet.job [350] =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\Tasks\Yahoo! Powered deril.job [1030] =>Adware.YahooPowered O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Start Registry Reviver for LAPTOP-U6ASGOAK@Anaëlle Jolivet(logon) [2400] =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet [2534] =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet at logon [2402] =>PUP.Optional.RegistryReviver O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Yahoo! Powered deril [3754] =>Adware.YahooPowered G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.fast-search.info =>Adware.FastSearch M0 - MFSP: prefs.js [Anaëlle Jolivet - 0216rq2e.default] http://www.ourluckysites.com/ =>Hijacker.OurLuckySites P2 - EXT FILE: (.ourluckysites - ourluckysites Search.) -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\ourluckysites.xml =>Hijacker.OurLuckySites P2 - EXT FILE: (.startpageing123 - startpageing123 Search.) -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\startpageing123.xml =>Hijacker.StartpageIng123 P2 - EXT FILE: (...) -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\trovi.xml =>PUP.Optional.TroviCom P2 - EXT FILE: (...) -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\yahoo! powered.xml =>Adware.YahooPowered R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/ =>Hijacker.OurLuckySites R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/ =>Hijacker.OurLuckySites R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/ =>Hijacker.OurLuckySites R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/ =>Hijacker.OurLuckySites E0 - Microsoft Edge: HKU\S-1-5-21-2216742683-3699418852-1582624608-1001\HomeButtonPage = http://www.startpageing123.com/ =>Hijacker.StartpageIng123 O17 - HKLM\System\CCS\Services\Tcpip\..\{5905f46a-8b0e-4abc-a9d0-853fbb83a431}: NameServer = 82.163.142.8,95.211.158.136 =>Adware.DNSUnlocker O17 - HKLM\System\CCS\Services\Tcpip\..\{5e5bd1e6-672f-4e0d-8d84-56884ca69737}: NameServer = 82.163.142.8,95.211.158.136 =>Adware.DNSUnlocker O17 - HKLM\System\CCS\Services\Tcpip\..\{7accb53a-9a35-44e8-949f-b10cb76278c6}: NameServer = 82.163.142.8,95.211.158.136 =>Adware.DNSUnlocker O17 - HKLM\System\CCS\Services\Tcpip\..\{f4d92965-d1b6-4c5a-b748-709614c1a00c}: NameServer = 82.163.142.8,95.211.158.136 =>Adware.DNSUnlocker HKLM\SOFTWARE\Wow6432Node\14366D9BC4BD7D7499FDF72F550C9F9D =>Adware.CrossRider HKLM\SOFTWARE\Wow6432Node\OtherSearch =>Adware.FastSearch HKLM\SOFTWARE\Wow6432Node\ourluckysitesSoftware =>Hijacker.OurLuckySites HKCU\SOFTWARE\14366D9BC4BD7D7499FDF72F550C9F9D =>Adware.CrossRider HKCU\SOFTWARE\csastats =>Adware.InstallCore HKCU\SOFTWARE\ICSW1.23 =>Adware.InstallCore HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore HKCU\SOFTWARE\AppDataLow\Software\AppTrailers =>Adware.AppTrailers O43 - CFD: 14/04/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Kyubey =>Adware.CrossRider O43 - CFD: 11/06/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo O43 - CFD: 25/03/2017 - [] D -- C:\Users\Anaëlle Jolivet\AppData\Local\AppTrailers =>Adware.AppTrailers O69 - SBI: prefs.js [Anaëlle Jolivet - 0216rq2e.default] user_pref("browser.startup.homepage", "http://www.ourluckysites.com/?type=hp&ts=1492418042&z=caa0870b86d794b67be7547gbzbtco1z7gcbe[...] =>Hijacker.OurLuckySites [HKLM\SYSTEM\CurrentControlSet\Services\AppleAzureSrv] =>Adware.GhokswaBrowser C:\ProgramData\common\Apple\Apps\AzureTools.dll =>Adware.GhokswaBrowser C:\WINDOWS\Tasks\Start Registry Reviver for LAPTOP-U6ASGOAK@Anaëlle Jolivet(logon).job =>PUP.Optional.RegistryReviver C:\WINDOWS\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet at logon.job =>PUP.Optional.RegistryReviver C:\WINDOWS\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet.job =>PUP.Optional.RegistryReviver C:\WINDOWS\Tasks\Yahoo! Powered deril.job =>Adware.YahooPowered C:\WINDOWS\System32\Tasks\Start Registry Reviver for LAPTOP-U6ASGOAK@Anaëlle Jolivet(logon) =>PUP.Optional.RegistryReviver C:\WINDOWS\System32\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet =>PUP.Optional.RegistryReviver C:\WINDOWS\System32\Tasks\Start Registry Reviver( SR ) for LAPTOP-U6ASGOAK@Anaëlle Jolivet at logon =>PUP.Optional.RegistryReviver C:\WINDOWS\System32\Tasks\Yahoo! Powered deril =>Adware.YahooPowered C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\ourluckysites.xml =>Hijacker.OurLuckySites C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\startpageing123.xml =>Hijacker.StartpageIng123 C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\trovi.xml =>PUP.Optional.TroviCom C:\Users\Anaëlle Jolivet\AppData\Roaming\Mozilla\Firefox\Profiles\0216rq2e.default\searchplugins\yahoo! powered.xml =>Adware.YahooPowered C:\Users\Anaëlle Jolivet\AppData\Roaming\Kyubey =>Adware.CrossRider C:\Users\Anaëlle Jolivet\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo C:\Users\Anaëlle Jolivet\AppData\Local\AppTrailers =>Adware.AppTrailers O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>.Superfluous.Elex =>.Superfluous.Elex O23 - Service: NetUtils2016srv (NetUtils2016srv) . (...) - C:\Windows\System32\NetUtils2016.exe (.not file.) =>.Superfluous.HDWallPaper O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage® - Reimage Real Time Protection.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>.Superfluous.ReimageRepair =>.Superfluous.ReimageRepair SR - Auto [02/12/2016] [ 131024] iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>.Superfluous.Elex =>.Superfluous.Elex SR - Auto [14/05/2017] [ 8515952] Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage®.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>.Superfluous.ReimageRepair =>.Superfluous.ReimageRepair [MD5.7F014D20314F4902FF7AB2BD459C4430] [APT] [Milimili] (...) -- C:\Program Files (x86)\MIO\MIO.exe [282168] (.Activate.) =>.Superfluous.Tencent [MD5.BA71A6462C57F923141ABDBA40E13403] [APT] [Online Application] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [468736] (.Activate.) =>.Superfluous.Microleaves [MD5.BA71A6462C57F923141ABDBA40E13403] [APT] [Online Application Guard] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [468736] (.Activate.) =>.Superfluous.Microleaves [MD5.BA71A6462C57F923141ABDBA40E13403] [APT] [Online Application Guardian] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [468736] (.Activate.) =>.Superfluous.Microleaves [MD5.5B99FBCEB104574DA0220D6814DC3367] [APT] [Online Application Updater] (.Microleaves.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [879472] (.Activate.) =>.Superfluous.Microleaves [MD5.627506E7CEB7233B48ED9C5B47646141] [APT] [Online Application v2] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [555008] (.Activate.) =>.Superfluous.Microleaves [MD5.627506E7CEB7233B48ED9C5B47646141] [APT] [Online Application v2 Guard] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [555008] (.Activate.) =>.Superfluous.Microleaves [MD5.627506E7CEB7233B48ED9C5B47646141] [APT] [Online Application v2 Guardian] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [555008] (.Activate.) =>.Superfluous.Microleaves [MD5.E1AE537E2C139A412294353137FA281A] [APT] [Online Application v209] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [555120] (.Activate.) =>.Superfluous.Microleaves [MD5.E1AE537E2C139A412294353137FA281A] [APT] [Online Application v209 Guard] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [555120] (.Activate.) =>.Superfluous.Microleaves [MD5.E1AE537E2C139A412294353137FA281A] [APT] [Online Application v209 Guardian] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [555120] (.Activate.) =>.Superfluous.Microleaves [MD5.67B6E86F5D9FA2EB52DB6ED5AD183DC6] [APT] [Reimage Reminder] (.Reimage ltd..) -- C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [4478312] (.Activate.) =>.Superfluous.ReimageRepair [MD5.1283D0E726A546D58650070BE76DFA7C] [APT] [ReimageUpdater] (.Reimage®.) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8515952] (.Activate.) =>.Superfluous.ReimageRepair [MD5.A1CDB91704711DE3B455FEBA2D49A3FD] [APT] [Traffic Exchange] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [468720] (.Activate.) =>.Superfluous.Microleaves [MD5.A1CDB91704711DE3B455FEBA2D49A3FD] [APT] [Traffic Exchange Guard] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [468720] (.Activate.) =>.Superfluous.Microleaves [MD5.A1CDB91704711DE3B455FEBA2D49A3FD] [APT] [Traffic Exchange Guardian] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [468720] (.Activate.) =>.Superfluous.Microleaves [MD5.E04EF7F4C47414B4901135D60CA6E0F0] [APT] [Traffic Exchange Updater] (.Microleaves.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [879456] (.Activate.) =>.Superfluous.Microleaves [MD5.3F2E8E25F44CE81AEDE2B5E5165B7166] [APT] [Traffic Exchange v2 - 1] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [554992] (.Activate.) =>.Superfluous.Microleaves [MD5.3F2E8E25F44CE81AEDE2B5E5165B7166] [APT] [Traffic Exchange v2 - 2] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [554992] (.Activate.) =>.Superfluous.Microleaves [MD5.3F2E8E25F44CE81AEDE2B5E5165B7166] [APT] [Traffic Exchange v2 - 3] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [554992] (.Activate.) =>.Superfluous.Microleaves [MD5.EA1C32CA7A8923FE8FAD4286D369570E] [APT] [Traffic Exchange v209 - 1] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [555104] (.Activate.) =>.Superfluous.Microleaves [MD5.EA1C32CA7A8923FE8FAD4286D369570E] [APT] [Traffic Exchange v209 - 2] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [555104] (.Activate.) =>.Superfluous.Microleaves [MD5.EA1C32CA7A8923FE8FAD4286D369570E] [APT] [Traffic Exchange v209 - 3] (.Microleaves LTD.) -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [555104] (.Activate.) =>.Superfluous.Microleaves [MD5.A64BCA5821D54E60DE5DF3B47928398B] [APT] [Updater_Online_Application] (.Microleaves.) -- C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [879984] (.Activate.) =>.Superfluous.Microleaves [MD5.50703ACB9A26062000F8E4B6925E3934] [APT] [Updater_Online_Special_Application] (.Microleaves.) -- C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe [880000] (.Activate.) =>.Superfluous.Microleaves O39 - APT: Online Application Updater - (.Microleaves.) -- C:\WINDOWS\Tasks\Online Application Updater.job [420] =>.Superfluous.Microleaves O39 - APT: Online Application v2 Guard - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application v2 Guard.job [364] =>.Superfluous.Microleaves O39 - APT: Online Application v2 Guardian - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application v2 Guardian.job [364] =>.Superfluous.Microleaves O39 - APT: Online Application v2 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application v2.job [364] =>.Superfluous.Microleaves O39 - APT: Online Application v209 Guard - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application v209 Guard.job [374] =>.Superfluous.Microleaves O39 - APT: Online Application v209 Guardian - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application v209 Guardian.job [374] =>.Superfluous.Microleaves O39 - APT: Online Application v209 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application v209.job [374] =>.Superfluous.Microleaves O39 - APT: Online Application v2 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application V2G2.job [382] =>.Superfluous.Microleaves O39 - APT: Online Application v2 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Online Application V2G3.job [382] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange Updater - (.Microleaves.) -- C:\WINDOWS\Tasks\Traffic Exchange Updater.job [406] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v2 - 1 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job [354] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v2 - 2 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job [354] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v2 - 3 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job [354] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v209 - 1 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job [364] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v209 - 2 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job [364] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v209 - 3 - (.Microleaves LTD.) -- C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job [364] =>.Superfluous.Microleaves O39 - APT: Updater_Online_Application - (.Microleaves.) -- C:\WINDOWS\Tasks\Updater_Online_Application.job [414] =>.Superfluous.Microleaves O39 - APT: Updater_Online_Special_Application - (.Microleaves.) -- C:\WINDOWS\Tasks\Updater_Online_Special_Application.job [446] =>.Superfluous.Microleaves O39 - APT: f4bRmUEPlwIq - (...) -- C:\WINDOWS\System32\Tasks\f4bRmUEPlwIq [18272] (.Orphan.) =>.Superfluous.Orphan O39 - APT: Milimili - (...) -- C:\WINDOWS\System32\Tasks\Milimili [3692] =>.Superfluous.Tencent O39 - APT: Online Application - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application [2824] =>.Superfluous.Microleaves O39 - APT: Online Application Guard - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application Guard [2836] =>.Superfluous.Microleaves O39 - APT: Online Application Guardian - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application Guardian [2842] =>.Superfluous.Microleaves O39 - APT: Online Application Updater - (.Microleaves.) -- C:\WINDOWS\System32\Tasks\Online Application Updater [2768] =>.Superfluous.Microleaves O39 - APT: Online Application v2 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application v2 [2702] =>.Superfluous.Microleaves O39 - APT: Online Application v2 Guard - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application v2 Guard [2714] =>.Superfluous.Microleaves O39 - APT: Online Application v2 Guardian - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application v2 Guardian [2720] =>.Superfluous.Microleaves O39 - APT: Online Application v209 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application v209 [2716] =>.Superfluous.Microleaves O39 - APT: Online Application v209 Guard - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application v209 Guard [2728] =>.Superfluous.Microleaves O39 - APT: Online Application v209 Guardian - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Online Application v209 Guardian [2734] =>.Superfluous.Microleaves O39 - APT: Qulersyqfot - (...) -- C:\WINDOWS\System32\Tasks\Qulersyqfot [4028] (.Orphan.) =>.Superfluous.Orphan O39 - APT: Reimage Reminder - (.Reimage ltd..) -- C:\WINDOWS\System32\Tasks\Reimage Reminder [3588] =>.Superfluous.ReimageRepair O39 - APT: ReimageUpdater - (.Reimage®.) -- C:\WINDOWS\System32\Tasks\ReimageUpdater [4372] =>.Superfluous.ReimageRepair O39 - APT: Traffic Exchange - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange [2810] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange Guard - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange Guard [2822] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange Guardian - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian [2828] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange Updater - (.Microleaves.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange Updater [2804] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v2 - 1 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 [2696] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v2 - 2 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 [2696] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v2 - 3 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 [2696] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v209 - 1 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 [2710] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v209 - 2 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 [2710] =>.Superfluous.Microleaves O39 - APT: Traffic Exchange v209 - 3 - (.Microleaves LTD.) -- C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 [2710] =>.Superfluous.Microleaves O39 - APT: Updater_Online_Application - (.Microleaves.) -- C:\WINDOWS\System32\Tasks\Updater_Online_Application [2762] =>.Superfluous.Microleaves O39 - APT: Updater_Online_Special_Application - (.Microleaves.) -- C:\WINDOWS\System32\Tasks\Updater_Online_Special_Application [2810] =>.Superfluous.Microleaves [MD5.6FEA419122DCFABD79A17FC6C9FFB0A6] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024] [PID.1492] =>.Superfluous.Elex [MD5.EBA35D35628CEB8ACAA2302F9698A8D0] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [131024] [PID.2952] =>.Superfluous.Elex [MD5.D6F9E3A60884DB1222A014CD180E8B92] - (...) -- C:\Windows\SysWOW64\NetUtils2016.exe [470592] [PID.3312] =>.Superfluous.HDWallPaper [MD5.BA71A6462C57F923141ABDBA40E13403] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [468736] [PID.3904] =>.Superfluous.Microleaves [MD5.627506E7CEB7233B48ED9C5B47646141] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [555008] [PID.4308] =>.Superfluous.Microleaves [MD5.627506E7CEB7233B48ED9C5B47646141] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [555008] [PID.4372] =>.Superfluous.Microleaves [MD5.5CD990681476C1089D3AC89EE2D92AE5] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [380704] [PID.5316] =>.Superfluous.Elex [MD5.1283D0E726A546D58650070BE76DFA7C] - (.Reimage® - Reimage Real Time Protection.) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8515952] [PID.5936] =>.Superfluous.ReimageRepair [MD5.264C5475A0EAB94B00EA3138152D15E9] - (.Reimage® - Reimage System Protection.) -- C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe [8062832] [PID.8424] =>.Superfluous.ReimageRepair [MD5.ADE494CAF7B25D8589E2B5710BAFF5DA] - (.reimage - Reimage. Making PCs work like new, everyday.) -- C:\Program Files\Reimage\Reimage Repair\Reimage.exe [9053032] [PID.4760] =>.Superfluous.ReimageRepair [MD5.E1AE537E2C139A412294353137FA281A] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [555120] [PID.4024] =>.Superfluous.Microleaves [MD5.E1AE537E2C139A412294353137FA281A] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [555120] [PID.2360] =>.Superfluous.Microleaves [MD5.E1AE537E2C139A412294353137FA281A] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [555120] [PID.11080] =>.Superfluous.Microleaves [MD5.627506E7CEB7233B48ED9C5B47646141] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [555008] [PID.10308] =>.Superfluous.Microleaves [MD5.BA71A6462C57F923141ABDBA40E13403] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [468736] [PID.10492] =>.Superfluous.Microleaves [MD5.BA71A6462C57F923141ABDBA40E13403] - (.Microleaves LTD - Online.io Application.) -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [468736] [PID.8820] =>.Superfluous.Microleaves [MD5.746F81ACFE661CF78658CCFB5FE7EBB4] - (.Microleaves LTD - Online.io Application.) -- C:\AppData\Roaming\Microleaves\Online Special Application 2.6.0\install\977E0FE\Version 2.6.0\Online-Guardian.exe [555136] [PID.10176] =>.Superfluous.Microleaves O42 - Logiciel: Amazon 1Button App - (.Amazon.) [HKLM][64Bits] -- {B6DCCCD3-520D-4485-B642-FCC136CE12C3} =>.Superfluous.Amazon1ButtonApp O42 - Logiciel: Online Application - (.Microleaves.) [HKLM][64Bits] -- {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} =>.Superfluous.Microleaves O42 - Logiciel: Online Special Application - (.Microleaves.) [HKLM][64Bits] -- {57281722-3238-4A30-AAE7-85D93977E0FE} =>.Superfluous.Microleaves O42 - Logiciel: Online.io Application - (.Microleaves.) [HKLM][64Bits] -- {F0847AE0-465A-4D7B-A555-AABB43B550F0} =>.Superfluous.Microleaves O42 - Logiciel: Reimage Repair - (.Reimage.) [HKLM][64Bits] -- Reimage Repair =>.Superfluous.ReimageRepair O42 - Logiciel: Traffic Exchange - (.Microleaves.) [HKLM][64Bits] -- {52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D} =>.Superfluous.Microleaves O42 - Logiciel: WINSNARE - (.WINSNARE.) [HKLM][64Bits] -- {56D19032-B59F-4020-994B-15912A49CD96} =>.Superfluous.WinSnare O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe =>.Superfluous.Elex HKLM\SOFTWARE\Wow6432Node\Elex-tech =>.Superfluous.Elex HKLM\SOFTWARE\Wow6432Node\Microleaves =>.Superfluous.Microleaves HKCU\SOFTWARE\Host App Service =>.Superfluous.SweetLabs HKCU\SOFTWARE\Reimage =>.Superfluous.ReimageRepair HKCU\SOFTWARE\undefined =>.Superfluous.Downloader HKCU\SOFTWARE\WinSnare =>.Superfluous.WinSnare O43 - CFD: 25/03/2017 - [] D -- C:\Program Files\ByteFence =>.Superfluous.ByteFence O43 - CFD: 27/06/2017 - [] D -- C:\Program Files\Reimage =>.Superfluous.ReimageRepair O43 - CFD: 11/04/2017 - [] D -- C:\Program Files (x86)\Elex-tech =>.Superfluous.Elex O43 - CFD: 21/04/2017 - [] D -- C:\Program Files (x86)\Microleaves =>.Superfluous.Microleaves O43 - CFD: 28/05/2017 - [] AD -- C:\Program Files (x86)\WINSNARE(4.4.6) =>.Superfluous.WinSnare O43 - CFD: 27/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>.Superfluous.ReimageRepair O43 - CFD: 25/03/2017 - [] D -- C:\ProgramData\ByteFence =>.Superfluous.ByteFence O43 - CFD: 21/04/2017 - [] D -- C:\ProgramData\Microleaves =>.Superfluous.Microleaves O43 - CFD: 27/06/2017 - [] D -- C:\ProgramData\Reimage Protector =>.Superfluous.ReimageRepair O43 - CFD: 25/06/2017 - [0] D -- C:\ProgramData\SWCUTemp O43 - CFD: 11/04/2017 - [] D -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Elex-tech =>.Superfluous.Elex O43 - CFD: 25/03/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Microleaves =>.Superfluous.Microleaves O43 - CFD: 30/03/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Roaming\WINSNARE =>.Superfluous.WinSnare O43 - CFD: 25/03/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\Anahaty O43 - CFD: 12/06/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\CSHMDR O43 - CFD: 28/05/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\CWASRE O43 - CFD: 12/06/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\glory O43 - CFD: 27/06/2017 - [] D -- C:\Users\Anaëlle Jolivet\AppData\Local\Host App Service =>.Superfluous.SweetLabs O43 - CFD: 28/05/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\NPASRE O43 - CFD: 13/06/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\SNARE O43 - CFD: 28/05/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\SNAREA O43 - CFD: 11/04/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\SNARER O43 - CFD: 13/06/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\terana O43 - CFD: 28/05/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\VNASRE O43 - CFD: 28/05/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Local\WANARE O43 - CFD: 25/10/2016 - [] D -- C:\Users\Default\AppData\Local\Host App Service =>.Superfluous.SweetLabs O43 - CFD: 25/10/2016 - [] D -- C:\Users\Default User\AppData\Local\Host App Service =>.Superfluous.SweetLabs O45 - LFCP:[MD5.CD7792B5942AD73EA968D5408118FC93] 27/06/2017 A -- C:\WINDOWS\Prefetch\REIMAGE.EXE-02B30964.pf =>.Superfluous.ReimageRepair O45 - LFCP:[MD5.EAF6CDE246CDD9190D002DD4B47D67A4] 27/06/2017 A -- C:\WINDOWS\Prefetch\REIMAGEPACKAGE.EXE-BA0A90E8.pf =>.Superfluous.ReimageRepair O45 - LFCP:[MD5.13608A02BAE9AF7C8B1D106B29A9FD9C] 27/06/2017 A -- C:\WINDOWS\Prefetch\REIMAGEREPAIR.EXE-C0EF3449.pf =>.Superfluous.ReimageRepair O46 - SEH:ShellExecuteHooks - (no name) - [HKLM] [64Bits] - {A65771C6-0D5A-11E7-9DEF-64006A5CFC23} . (...) -- (.not file.) O58 - SDL:2016/05/23 04:41:44 A . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\WINDOWS\System32\drivers\iSafeKrnlBoot.sys [55056] =>.Superfluous.Elex O58 - SDL:2016/05/19 08:42:01 A . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\WINDOWS\System32\drivers\iSafeNetFilter.sys [52392] =>.Superfluous.Elex O58 - SDL:2017/03/25 19:38:09 A . (.Auteurs - .) -- C:\WINDOWS\System32\drivers\NetUtils2016.sys [909944] =>.Superfluous.HDWallPaper O61 - LFC: 2017/06/27 12:46:36 A . (.Reimage.) -- C:\Users\Anaëlle Jolivet\Downloads\ReimageRepair.exe [604928] =>.Superfluous.ReimageRepair O87 - FAEL: "{C735A025-8077-4DB5-BC90-F70AAEBF1093}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (.not file.) O87 - FAEL: "{A139C14F-2C32-44A3-90F0-0CFD987EEBAB}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\MIO\loader\st1000lm024xhn-m101mbb_s31qj9ch528666.dat (.not file.) O87 - FAEL: "{B7F705E6-46CE-4F91-8D54-FA38D6094DD7}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\MIO\loader\st1000lm024xhn-m101mbb_s31qj9ch528666.dat (.not file.) O90 - PUC: "23091D65F95B020499B45119A294DC69" . (.WINSNARE.) -- C:\WINDOWS\Installer\{56D19032-B59F-4020-994B-15912A49CD96}\_853F67D554F05449430E7E.exe =>.Superfluous.WinSnare [HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>.Superfluous.Elex C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>.Superfluous.Elex [HKLM\SYSTEM\CurrentControlSet\Services\NetUtils2016srv] =>.Superfluous.HDWallPaper [HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector] =>.Superfluous.ReimageRepair C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>.Superfluous.ReimageRepair [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] =>.Superfluous.Orphan [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] =>.Superfluous.Orphan [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] =>.Superfluous.Orphan [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56D19032-B59F-4020-994B-15912A49CD96}] =>.Superfluous.WinSnare [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57281722-3238-4A30-AAE7-85D93977E0FE}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}] =>.Superfluous.Amazon1ButtonApp [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0847AE0-465A-4D7B-A555-AABB43B550F0}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56D19032-B59F-4020-994B-15912A49CD96}] =>.Superfluous.WinSnare [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57281722-3238-4A30-AAE7-85D93977E0FE}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}] =>.Superfluous.Amazon1ButtonApp [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0847AE0-465A-4D7B-A555-AABB43B550F0}] =>.Superfluous.Microleaves C:\Program Files (x86)\WINSNARE(4.4.6) =>.Superfluous.WinSnare C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>.Superfluous.ReimageRepair C:\ProgramData\ByteFence =>.Superfluous.ByteFence C:\ProgramData\Microleaves =>.Superfluous.Microleaves C:\ProgramData\Reimage Protector =>.Superfluous.ReimageRepair C:\Users\Anaëlle Jolivet\AppData\Roaming\Elex-tech =>.Superfluous.Elex C:\Users\Anaëlle Jolivet\AppData\Roaming\Microleaves =>.Superfluous.Microleaves C:\Users\Anaëlle Jolivet\AppData\Roaming\WINSNARE =>.Superfluous.WinSnare C:\Users\Anaëlle Jolivet\AppData\Local\Host App Service =>.Superfluous.SweetLabs C:\Users\Default\AppData\Local\Host App Service =>.Superfluous.SweetLabs C:\Users\Default User\AppData\Local\Host App Service =>.Superfluous.SweetLabs C:\WINDOWS\Prefetch\REIMAGE.EXE-02B30964.pf =>.Superfluous.ReimageRepair C:\WINDOWS\Prefetch\REIMAGEPACKAGE.EXE-BA0A90E8.pf =>.Superfluous.ReimageRepair C:\WINDOWS\Prefetch\REIMAGEREPAIR.EXE-C0EF3449.pf =>.Superfluous.ReimageRepair C:\WINDOWS\System32\drivers\iSafeKrnlBoot.sys =>.Superfluous.Elex C:\WINDOWS\System32\drivers\iSafeNetFilter.sys =>.Superfluous.Elex C:\WINDOWS\System32\drivers\NetUtils2016.sys =>.Superfluous.HDWallPaper C:\WINDOWS\Installer\{56D19032-B59F-4020-994B-15912A49CD96}\_853F67D554F05449430E7E.exe =>.Superfluous.WinSnare [HKLM\Software\Classes\Installer\Products\23091D65F95B020499B45119A294DC69] =>.Superfluous.WinSnare [HKLM\Software\Classes\Installer\Features\23091D65F95B020499B45119A294DC69] =>.Superfluous.WinSnare C:\WINDOWS\Installer\MSIB69E.tmp =>.Superfluous.MSIInstaller [HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\dnqgp2d0] =>.Superfluous.Elex [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\Windows-PG [2576] G0 - GCSP: Preferences [User Data\Default][HomePage] http://ww-searchings.com HKLM\SOFTWARE\Wow6432Node\Antanna HKLM\SOFTWARE\Wow6432Node\Bookness HKLM\SOFTWARE\Wow6432Node\f4bRmUEPlwIq Updater HKLM\SOFTWARE\Wow6432Node\Dunoiederpesy HKLM\SOFTWARE\Wow6432Node\Gromcultclujuied HKLM\SOFTWARE\Wow6432Node\Kerkeleghugitain HKLM\SOFTWARE\Wow6432Node\MicroRay HKLM\SOFTWARE\Wow6432Node\Plovght HKLM\SOFTWARE\Wow6432Node\Reerut HKLM\SOFTWARE\Wow6432Node\startpageing123Software HKLM\SOFTWARE\Wow6432Node\Tkchnogesp HKLM\SOFTWARE\Wow6432Node\ToughQueen HKLM\SOFTWARE\Wow6432Node\xfercsp.exe HKLM\SOFTWARE\Wow6432Node\xvb`lj HKLM\SOFTWARE\Wow6432Node\Zerkaphhiguk HKCU\SOFTWARE\Antanna HKCU\SOFTWARE\Bookness HKCU\SOFTWARE\heheelibom O43 - CFD: 11/05/2017 - [] D -- C:\Program Files\MK O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\BIT O43 - CFD: 16/10/2016 - [] HD -- C:\ProgramData\O949 O43 - CFD: 26/03/2017 - [0] D -- C:\Users\Anaëlle Jolivet\AppData\Roaming\Reazaskese O43 - CFD: 11/04/2017 - [] D -- C:\Users\Anaëlle Jolivet\AppData\Local\Antanna O43 - CFD: 28/05/2017 - [] D -- C:\Users\Anaëlle Jolivet\AppData\Local\background_fault O43 - CFD: 09/05/2017 - [] D -- C:\Users\Anaëlle Jolivet\AppData\Local\Bookness O43 - CFD: 25/03/2017 - [] D -- C:\Users\Default\AppData\Local\AdvinstAnalytics O43 - CFD: 25/03/2017 - [] D -- C:\Users\Default User\AppData\Local\AdvinstAnalytics SysRestore FirewallRaz EmptyPrefetch EmptyCLSID EmptyFlash Emptytemp ShortcutFix