Aller au contenu

pecko14

Membres
  • Compteur de contenus

    292
  • Inscription

  • Dernière visite

Réputation sur la communauté

0 Neutral

À propos de pecko14

  • Rang
    Mega Power Member

Profile Information

  • Sexe
    Male
  • Localisation
    Caen

Autres informations

  • Mes langues
    français ; anglais
  1. C'est bon Java s'est bien installé !! Merci encore pour ton aide, mon PC rame nettement moins. @+
  2. Bonjour, Désolé de ne répondre que maintenant mais j'ai eu un léger contretemps... Rapport SFTGC : http://cjoint.com/?3BxboPzR6t2 Rapport CTR : http://cjoint.com/?3BxbpLK3iZB Rapport Delfix : http://cjoint.com/?3BxbsR5IC93 Pour JavRa, impossible de remettre la main sur le journal mais les anciennes versions ont bien été supprimées, enfin je crois... Merci d'avance pour ton aide. @+
  3. Bonjour, La mise à jour de Java ne veut pas s'effectuer à chaque fois ça me dit "Mise àjour de Jva échouée"... Code d'erreur : 1603 Qu'est-ce que je fais ??
  4. Bonjour, Voilà le lien pour le ZHPFixReport : http://cjoint.com/?3BppI4miLNY Et le lien du rapport MBAM : http://cjoint.com/?3Bps0Fp05Cs @+
  5. Bonjour Tomtom95 ! Merci de te proposer pour m'aider. Voici le lien vers le rapport ZHP Cleaner : http://cjoint.com/?0Bpa7kQfBli Et voici le lien vers le rapport ZHP Diag : http://cjoint.com/?0Bpbj67ZhQ5 Merci encore et bon courage à toi. @+
  6. Bonjour, Mon PC rame pas mal, surtout sur Internet, et j'ai souvent des pop-ups et autres pubs dans tous les sens (je viens d'installer ABP pour voir ce que ça donne). Quelqu'un peut-il m'aider à faire un bon nettoyage et pourquoi me conseiller 2 ou 3 logiciels pour optimiser tout ça ? Je vous joins le log MBAM que je viens de faire si ça peut aider. Merci à vous ! Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 14/02/2015 Heure de l'examen: 18:23:51 Fichier journal: mbam.txt Administrateur: Oui Version: 2.00.4.1028 Base de données Malveillants: v2015.02.14.03 Base de données Rootkits: v2015.02.03.01 Licence: Gratuit Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Auto-protection: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: halley Type d'examen: Examen "Menaces" Résultat: Terminé Objets analysés: 395644 Temps écoulé: 34 min, 27 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Heuristique: Activé(e) PUP: Avertir PUM: Activé(e) Processus: 0 (Aucun élément malicieux detecté) Modules: 0 (Aucun élément malicieux detecté) Clés du Registre: 2 PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [3e1d31edc5c56bcbe0a4848d49bc49b7], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [aab1a5798604be78bec525eccc3908f8], Valeurs du Registre: 0 (Aucun élément malicieux detecté) Données du Registre: 0 (Aucun élément malicieux detecté) Dossiers: 3 PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, , [71ea5ec0e7a37db91ea28ef8798a48b8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, , [71ea5ec0e7a37db91ea28ef8798a48b8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, , [71ea5ec0e7a37db91ea28ef8798a48b8], Fichiers: 1 PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [481359c58406eb4bb3d43bd6788d748c], Secteurs physiques: 0 (Aucun élément malicieux detecté) (end)
  7. Re Mon ordinateur rame beaucoup moins en effet, et plus de pop-ups intempestifs. Super merci tomtom95 !! rapport DelFix : http://cjoint.com/?3Lir5DRkuO6
  8. Re tomtom95 ! Voilà le rapport ZHPDiag : http://cjoint.com/?3LirnekbE6s Le rapport CFTGC : http://cjoint.com/?3LirokeTW8Z Et enfin le rapport MBAM : http://cjoint.com/?3LirpgxN0wl Bonne lecture !!
  9. Salut tomtom95 !! Voici le nouveau rapport ZHPDiag : http://cjoint.com/?3LhtaHlFTgp P.S : ma femme a réinstallé µtorrent depuis le dernier scan... j'éspère que c'est pas trop gênant. @+
  10. Voilà voilà !! 1er rapport : http://cjoint.com/?3LexsIK2EEZ 2ème rapport : http://cjoint.com/?3LexKG1Mic4 Bon courage à toi tomtom95
  11. Bonjour tomtom95 ! Merci de votre réponse et désolé pour le retard de la mienne. Voici le rapport qui s'est ouvert après le scan (j'espère que c'est bien ça que vous vouliez...) ~ Rapport de ZHPDiag v2013.12.4.7 - Nicolas Coolman (04/12/2013) ~ Lancé par halley (04/12/2013 15:32:02) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16428 MFIE: Mozilla Firefox 25.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 9YQTR Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.06 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 45 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (61% free) System Restore: Activé (Enable) System drive C: has 9 GB (7%) free of 116 GB ---\\ Mode de connexion au système ~ Computer Name: HALLEY-PC ~ User Name: halley ~ All Users Names: HomeGroupUser$, halley, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\halley\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\halley\AppData\Roaming\ ~ %Desktop% : C:\Users\halley\Desktop\ ~ %Favorites% : C:\Users\halley\Favorites\ ~ %LocalAppData% : C:\Users\halley\AppData\Local\ ~ %StartMenu% : C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 116 Go) D: Hard drive, Flash drive, Thumb drive (Free 335 Go of 335 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/11/2013 - 16:03:50.) -- C:\Windows\System32\wininet.dll [2332160] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/890 ~ Mes musiques (My Musics) : 1/48 ~ Mes Favoris (My Favorites) : 1/36 ~ Mes Documents (My Documents) : 1/75 ~ Mon Bureau (My Desktop) : 3/5332 ~ Menu demarrer (Programs) : 1/52 ~ Hidden Files: Scanned in 00mn 10s ---\\ Processus lancés [MD5.6146DB81623E92A7061C4438E6283BE3] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe [4023584] [PID.680] =>Toolbar.Conduit [MD5.E982D0F5F7286A8C22730A0380700EC3] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe [2810656] [PID.2224] =>Toolbar.Conduit [MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.3024] [MD5.BA2B4E07561CF877F61B0EEED654BC96] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.1856] [MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.2196] [MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.3132] [MD5.BB4CEE22CFE1C259F5C4279349EB879C] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe [149824] [PID.3148] [MD5.0C85B24C059C0614AA506D15C9A7978D] - (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe [42784] [PID.488] =>Adware.Yontoo [MD5.DFB13D3470844B6770FFB87DFC9FD340] - (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe [884744] [PID.1188] [MD5.4BF3C4F9327BB33190603829C9F5E781] - (.Facebook - Facebook Messenger.) -- C:\Users\halley\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [248240] [PID.3352] [MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.2420] [MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe [485376] [PID.644] [MD5.32F43BE36AAC4E10C88EC24B34770C0D] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392] [PID.3008] [MD5.5666955DC9FD455A003D86A21E0483A9] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624] [PID.2984] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4116] [MD5.DCD78A37FB33BF0141A231109B052785] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4224] [MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe [13446464] [PID.4716] [MD5.3ECCDD3FE310DD8F82D085447089ADB0] - (.ASUSTek Computer Inc. - ADSMTray.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952] [PID.4256] [MD5.07E56F90546052D0574355E16AB48A6F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.4956] [MD5.74EF10CD035DE51171C98E60E53AE221] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936] [PID.4836] [MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1360] [MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5700] [MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.4592] [MD5.4909B1F447FB468FCC49C52DFED99AE8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8278528] [PID.5080] [MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1332] [MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1444] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1740] [MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1784] [MD5.9D519AAA21E622DF7DF27041E0917499] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960] [PID.1960] [MD5.24FB8DB6D1D55E2C5D0A53DFE48E6AF8] - (.Microsoft - Y2Desktop.Updater.) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552] [PID.2172] =>Adware.Yontoo [MD5.730C57652CDFB6E657992508A19E81EB] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [1735968] [PID.2264] =>Toolbar.Conduit [MD5.069E22DD49A1A962AEE3B7DCE2DC4A50] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [178816] [PID.3596] [MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] - (.Pas de propriétaire - Atouch64.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe [301624] [PID.3636] [MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.3840] [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.3860] [MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3876] [MD5.C0BF554D2277F7A4C735D475ADE2E3B2] - (.ASUSTek Computer Inc. - ADSMSrv.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280] [PID.1844] ~ Processes Running: Scanned in 00mn 03s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\prefs.js C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\user.js M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\babylon.xml =>PUP.Babylon M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\delta.xml =>Toolbar.DeltaSearch M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\holasearch.xml =>Hijacker.HolaSearch M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\utorrentbarfr-customized-web-search.xml =>Toolbar.Conduit M3 - MFPP: Plugins - [halley] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon M2 - MFEP: prefs.js [halley - og1mhgby.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch M2 - MFEP: prefs.js [halley - og1mhgby.default\plugin@yontoo.com] [] Yontoo v1.20.02 (..) =>Adware.Yontoo M2 - MFEP: prefs.js [halley - og1mhgby.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR v10.20.101.5 (..) =>P2P.µTorrent ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll =>Toolbar.DeltaSearch O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll =>Adware.Yontoo ~ BHO: 7 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Périclès.Net.lnk . (...) -- C:\Program Files (x86)\Pericles\Pericles.exe O4 - GS\Desktop [Public]: Splendid Utility.Lnk . (...) -- C:\Program Files (x86)\ASUS\Splendid\Backbone.exe O4 - GS\Desktop [Public]: WinZip.lnk . (...) -- C:\Program Files (x86)\WinZip\WINZIP64.exe (.not file.) O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Périclès.Net.lnk . (...) -- C:\Program Files (x86)\Pericles\Pericles.exe O4 - GS\QuickLaunch [halley]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe O4 - GS\QuickLaunch [halley]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [halley]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [halley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\halley\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [halley]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [halley]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [halley]: Assistance Livebox.lnk . (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe O4 - GS\Desktop [halley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\halley\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 68 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: SRS Premium Sound.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe O4 - GS\Startup [Public]: tmchlang.lnk . (...) -- C:\Program Files (x86)\Trend Micro\Internet Security\TmChLang.exe (.not file.) O4 - GS\Startup [halley]: Facebook Messenger.lnk . (.Facebook - Facebook Messenger.) -- C:\Users\halley\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe O4 - GS\Startup [halley]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe O4 - HKLM\..\Run: [ufSeAgnt.exe] . (.Trend Micro Inc. - Trend Micro Server Agent.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe O4 - HKLM\..\Run: [EeeStorageBackup] . (.ECAREME - BackupService.) -- C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [AmIcoSinglun64] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKCU\..\Run: [OE] . (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\halley\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\halley\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe O4 - HKLM\..\Wow6432Node\Run: [updateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [updateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [OE] . (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\halley\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\halley\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEF7B52-5B91-40F7-8ACA-6A919545A41C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9A8449-E1AD-4AA3-86EC-9CD1CEC03434}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2EEF7B52-5B91-40F7-8ACA-6A919545A41C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{7A9A8449-E1AD-4AA3-86EC-9CD1CEC03434}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{2EEF7B52-5B91-40F7-8ACA-6A919545A41C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{7A9A8449-E1AD-4AA3-86EC-9CD1CEC03434}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) . (.Trend Micro Inc. - Manages all components of Trend Micro Inter.) - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ~ Services: 12 Legitimates Filtered in 00mn 09s ---\\ Tâches planifiées en automatique (O39) [MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\halley\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution [MD5.039FEBE37F34800E50D6A029DE8CD423] [APT] [{840D895E-1B00-4A0B-A88E-175F2DC6EE7C}] (...) -- E:\.\Autorun.exe [133272] ~ Scheduled Task: 23 Legitimates Filtered in 00mn 10s ---\\ Logiciels installés (O42) O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch O42 - Logiciel: Périclès.Net - (.Périclès.) [HKLM][64Bits] -- {8AA3BEE2-AC59-469C-80BB-CA987D694525} O42 - Logiciel: Search Protect - (.Conduit.) [HKLM][64Bits] -- SearchProtect =>Toolbar.Conduit O42 - Logiciel: Yontoo 2.04 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo ~ Logic: 30 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\Delta] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\LdShih] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\delta LTD] [HKCU\Software\e28d8ae569eb49] =>Hijacker.Eazel [HKCU\Software\holasearch LTD] =>Hijacker.HolaSearch [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\Delta] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Périclès] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\babylontoolbar] =>PUP.Babylon ~ Key Software: 285 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/11/2011 - 14:07:03 - [0,609] ----D C:\Program Files (x86)\Conduit O43 - CFD: 27/09/2013 - 16:10:46 - [2,393] ----D C:\Program Files (x86)\Delta O43 - CFD: 29/09/2013 - 12:08:58 - [0,663] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster O43 - CFD: 24/10/2012 - 13:19:43 - [18,616] ----D C:\Program Files (x86)\Pericles O43 - CFD: 09/09/2013 - 11:58:12 - [0,001] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV O43 - CFD: 22/02/2013 - 16:11:39 - [0,801] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo O43 - CFD: 09/09/2013 - 11:54:08 - [0] ----D C:\ProgramData\APN O43 - CFD: 22/02/2013 - 16:11:27 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 27/09/2013 - 16:10:40 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch O43 - CFD: 18/05/2013 - 17:46:21 - [0,002] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 22/02/2013 - 16:11:32 - [2,581] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 27/09/2013 - 16:10:41 - [1,265] ----D C:\Users\halley\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 22/02/2013 - 16:11:27 - [0,028] ----D C:\Users\halley\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 26/12/2011 - 20:54:09 - [0,133] ----D C:\Users\halley\AppData\Roaming\Décorateur de surfaces O43 - CFD: 04/12/2013 - 14:22:25 - [1,107] ----D C:\Users\halley\AppData\Roaming\Yontoo =>Adware.Yontoo O43 - CFD: 28/04/2013 - 18:56:30 - [0] ----D C:\Users\halley\AppData\Local\Conduit O43 - CFD: 28/04/2013 - 07:39:00 - [0,002] ----D C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV O43 - CFD: 30/09/2011 - 08:05:00 - [0,001] ----D C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Surveillance sur Internet 2011 ~ Program Folder: 165 Legitimates Filtered in 00mn 36s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 04/12/2013 - 15:24:07 ---A- . (...) -- C:\Windows\SysNative\acovcnt.exe [45056] O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 04/12/2013 - 15:24:07 ---A- . (...) -- C:\Windows\System32\acovcnt.exe [45056] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 28/11/2013 - 16:03:50 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [16284] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 28/11/2013 - 16:03:50 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284] O44 - LFC:[MD5.0B68444AE0343D2D9CFF42E798A23613] - 28/11/2013 - 16:11:21 ---A- . (...) -- C:\Windows\IE11_main.log [24581] ~ Files: 132 Legitimates Filtered in 00mn 09s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.E7C677CC871A1DA0A0BDFD39CB86579B] - 04/12/2013 - 14:22:45 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-0A264CF2.pf =>Adware.Yontoo O45 - LFCP:[MD5.A087FC55711D1488BBFEF55B266B3C95] - 29/11/2013 - 22:11:31 ---A- - C:\Windows\Prefetch\TISSPWIZ.EXE-14F0BD7B.pf ~ Prefetcher: 86 Legitimates Filtered in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{1a2e8ecb-e629-11de-8a56-806e6f6e6963}\AutoRun\command. (.Pas de propriétaire - Setup Application.) -- E:\.\Autorun.exe O51 - MPSK:{1f730f17-cefe-11e0-8624-e0cb4e3d4d33}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.) O51 - MPSK:{79483211-92d5-11e2-8603-e0cb4e3d4d33}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.3C38648375B7F3988691F53A7AAE10A9] - 15/10/2009 - 17:23:20 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [117760] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/07/2009 - 10:29:39 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416] O58 - SDL:[MD5.1CDADE078F46F10919F21E08E22D227D] - 29/12/2008 - 10:14:27 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35456] O58 - SDL:[MD5.2D280B5799F9C143FA7D49E032FBCE46] - 20/05/2009 - 09:11:05 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1799680] O58 - SDL:[MD5.41AC348DBD378F618CB4FDEE54270692] - 06/02/2013 - 07:42:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102936] O58 - SDL:[MD5.B4C983DA20E2970E21893BF0E4EE2AD8] - 06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 16 Legitimates Filtered in 00mn 04s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 04/12/2013 - 15:34:22 ---A- . (...) -- C:\Users\halley\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [104926] =>Toolbar.Conduit O61 - LFC: 04/12/2013 - 15:34:22 ---A- . (...) -- C:\Users\halley\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3542] =>Toolbar.Conduit O61 - LFC: 04/12/2013 - 15:34:26 ---A- . (...) -- C:\Users\halley\AppData\Roaming\BabSolution\Shared\chu.js [2] =>Hijacker.BabSolution O61 - LFC: 04/12/2013 - 15:34:26 ---A- . (...) -- C:\Users\halley\AppData\Roaming\fr.orange.assistancelivebox\Local Store\ALB.db [4096] =>.Orange Corporation O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\Yontoo\PlugIns.cache [23] =>Adware.Yontoo O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll [13600] =>Adware.Yontoo O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\ZHP\Log.txt [19028] =>.Nicolas Coolman O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\ZHP\TestsZHPDiag.txt [2885] =>.Nicolas Coolman ~ Files: 13 Legitimates Filtered in 00mn 19s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639..clientLogIsEnabled", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.BrowserCompStateIsOpen_130064413660070508", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.BrowserCompStateIsOpen_1359634298000", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.CT2851639.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2851639[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.CTID", "CT2851639"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ConfigurationLastCheckTime", "Mon Nov 11 2013 22:50:10 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.CurrentServerDate", "12-11-2013"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DSInstall", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DialogsAlignMode", "LTR"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DialogsGetterLastCheckTime", "Tue Nov 05 2013 14:19:05 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DownloadReferralCookieData", ""); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstServerDate", "18-5-2013"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstTime", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstTimeFF3", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstTimeHiddenVer", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FixPageNotFoundErrors", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.GroupingServerCheckInterval", 1440); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.GroupingServiceUrl", "http://grouping.services.conduit.com/"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.HPInstall", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.HasUserGlobalKeys", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.Initialize", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InitializeCommonPrefs", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InstallationAndCookieDataSentCount", 3); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InstallationType", "Unknown"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InstalledDate", "Sat May 18 2013 19:49:37 GMT+0200"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsGrouping", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsInitSetupIni", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsMulticommunity", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsOpenThankYouPage", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsOpenUninstallPage", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LanguagePackLastCheckTime", "Mon Nov 11 2013 22:50:10 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LastLogin_3.18.0.7", "Tue Jul 23 2013 11:10:19 GMT+0200"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LastLogin_3.19.0.3", "Mon Sep 09 2013 12:58:55 GMT+0200"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LastLogin_3.20.0.4", "Mon Nov 11 2013 22:50:09 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LatestVersion", "3.20.0.4"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.Locale", "fr"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.MCDetectTooltipHeight", "83"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.MCDetectTooltipWidth", "295"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.MyStuffEnabledAtInstallation", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.OriginalFirstVersion", "3.18.0.7"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SavedHomepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchAPILastCheckTime", "Mon Nov 11 2013 22:50:09 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchCaption", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchFromAddressBarIsInit", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=SB_CUI[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabEnabled", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabIntervalMM", 1440); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabLastCheckTime", "Mon Sep 09 2013 12:58:54 GMT+0200"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"); =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT2851639&octid=CT2851639&SearchSource=15&C[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SendProtectorDataViaLogin", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ServiceMapLastCheckTime", "Mon Nov 11 2013 22:50:09 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SettingsLastCheckTime", "Mon Nov 11 2013 22:50:07 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SettingsLastUpdate", "1384160275"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ToolbarShrinkedFromSetup", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.UserID", "UN25097416976593134"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.alertChannelId", "1243674"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.browser.search.defaultthis.engineName", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.countryCode", "FR"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.firstTimeDialogOpened", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.fixPageNotFoundErrorByUser", "TRUE"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.fullUserID", "UN25097416976593134.UP.2036004809"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.homepageProtectorEnableByLogin", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.initDone", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.installType", "Unknown"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isCheckedStartAsHidden", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isFirstTimeToolbarLoading", "false"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.keyword", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2851639&octid=CT2[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.lastVersion", "10.20.101.5"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffEnabled", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffPublihserMinWidth", 400); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffServiceIntervalMM", 1440); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.navigateToUrlOnSearch", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fforum.zebulon.fr%2Fmon-pc-rame-besoin-daide-t2[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.originalHomepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.originalSearchAddressUrl", ""); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.originalSearchEngine", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.revertSettingsEnabled", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchFromAddressBarEnabledByUser", "true"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchInNewTabEnabledByUser", "true"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchInNewTabEnabledInHidden", "true"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchProtectorDialogDelayInSec", 10); =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchProtectorEnableByLogin", true); =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchSuggestEnabledByUser", "false"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchUserMode", "2"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851639\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrent[...] =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_FR [...] =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_Configuration_lastUpdate", "1386163457607"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_login_10.20.101.5_lastUpdate", "1386163456890"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1386163457615"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1386163457417"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1386163457462"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1386163457229"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.settingsINI", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.showToolbarPermission", "false"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.CTID", "CT2851639"); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.Uninstall", "0"); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.homepage", true); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR "); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.testingCtid", ""); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Mon Nov 11 2013 22:50:10 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarBornServerTime", "18-5-2013"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarCurrentServerTime", "4-12-2013"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarLoginClientTime", "Tue Nov 12 2013 00:48:16 GMT+0100"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.usagesFlag", 2); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386167119016,\"isWithState\"[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13,http://search.condui[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_FR Customized Web Search,uTorrentBar_FR Customized Web Search,uTorren[...] =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2851639/CT2851639", "\"0814eced0f57718ea0d24cc9[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", "\"1361967766\""); =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:16ac[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"")[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\""[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2851639&UM=UM_ID", "\"2a84ff-82f-49024409b8900\"[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851639", "\"52c3f1538cb4af4ada257fcbc6[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"6fc9ef41c3231ec925076c942468a37c\[...] =>Toolbar.Conduit O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ToolbarsList", "CT2851639"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2851639"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2851639"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.globalUserId", "be368fd1-8d1c-4d89-9032-2b92646059dc"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851639"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.originalHomepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.originalSearchEngine", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("Smartbar.ConduitHomepagesList", ""); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_FR Customized Web Search"); =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?CUI=UN25097416976593134&ctid=CT2851639&Searc[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.newtab.url", "http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.defaultenginename", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.defaultthis.engineName", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.selectedEngine", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.bbDpng", "4"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.cntry", "FR"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.dfltLng", "fr"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.ffxUnstlRst", true); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.hdrMd5", "17DAF84116D5895A923986667EEEF558"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.id", "e4ccae780000000000000625d3e125e0"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.instlDay", "15975"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.lastVrsnTs", "1.8.24.617:10:47"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.sg", "azb"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.smplGrp", "azb"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.vrsn", "1.8.24.6"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.vrsnTs", "1.8.24.617:10:47"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.vrsni", "1.8.24.6"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta_i.babExt", ""); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta_i.babTrack", "affID=119982&tt=240913_246&tsp=5018"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta_i.srcExt", "ss"); O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=UN25097416976593134&UM=2&q="[...] O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13,http://search.conduit.com/?ct[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=SB_[...] =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - http://www.searchgol.com =>Hijacker.SearchGol O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr O69 - SBI: SearchScopes [HKCU] {A4DF5635-20B1-44B2-A890-035CA5C1436C} - (Google) - http://www.google.fr O69 - SBI: SearchScopes [HKCU] {DD7FBFC3-982C-4361-969E-27BB14C61D34} - (Ask Search) - http://www.search.ask.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [sPRF][10/09/2009] (...) -- C:\ProgramData\FullRemove.exe [131368] [MD5.3E7A52653DA302A77C08A8F3D4BBDE70] [sPRF][13/11/2013] (...) -- C:\Users\halley\AppData\Local\Temp\JSaHCMAPI_2.2.504274273509789744034.dll [266240] [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsd11.exe [167812] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsd20EA.exe [167812] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsdFBBC.exe [167812] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsy24C2.exe [167812] =>Toolbar.Conduit [MD5.2E575012FD49F34380630F8662DA5C03] [sPRF][31/10/2013] (.Conduit - Search Protect by Conduit.) -- C:\Users\halley\AppData\Local\Temp\SPSetup.exe [5591784] =>Toolbar.Conduit [MD5.04DD28648AD90E6C9442DB208BA4A2BA] [sPRF][23/10/2013] (...) -- C:\Users\halley\AppData\Local\Temp\utt5F5.tmp.bat [96] [MD5.CBF9C44A4C35599989CA8BDA97DDC586] [sPRF][23/10/2013] (...) -- C:\Users\halley\AppData\Local\Temp\utt6F8F.tmp.bat [77] [MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [sPRF][23/10/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\halley\AppData\Local\Temp\utt7EAE.tmp.exe [66368] =>Toolbar.Conduit [MD5.24AEB20C4D857A431FE82AAC1A95C005] [sPRF][23/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\halley\AppData\Local\Temp\uttD725.tmp.exe [902736] =>P2P.BitTorrent [MD5.2155FC1467A7E1429E4DF8303692B79B] [sPRF][18/05/2013] (.Pas de propriétaire - Installer.) -- C:\Users\halley\Desktop\pcpholasetup.exe [592120] ~ Files: 14 Legitimates Filtered in 00mn 01s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel [HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel [HKCU\Software\e28d8ae569eb49] =>PUP.Babylon^ ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 29/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 30/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 30/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 18/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SS - | Demand 22/08/2009 570632 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe SS - | Demand 22/08/2009 917768 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 31/10/2013 1735968 | (CltMngSvc) . (.Conduit.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit SR - | Auto 10/06/2013 1966960 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe SR - | Demand 23/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 15/08/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 09/10/2010 859712 | (SfCtlCom) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 15/02/2013 23552 | (Yontoo Desktop Updater) . (.Microsoft.) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo ~ Services: Scanned in 00mn 22s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by halley at 04/12/2013 15:35:54 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by halley at 04/12/2013 15:35:56 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13007 - (04/12/2013) Clés trouvées (Keys found) : 203 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 21 Fichiers trouvés (Files found) : 28 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo^ [HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta] =>Toolbar.DeltaSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo^ [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje] =>Hijacker.TornTV [HKLM\Software\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Yontoo Desktop =>Adware.Yontoo^ C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\ffxtlbr@delta.com =>Toolbar.DeltaSearch^ C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\plugin@yontoo.com =>Adware.Yontoo^ C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>P2P.µTorrent^ C:\Program Files (x86)\Iminent =>Adware.IMBooster^ C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV^ C:\Program Files (x86)\Yontoo =>Adware.Yontoo^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^ C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\Users\halley\AppData\Roaming\BabSolution =>Hijacker.BabSolution^ C:\Users\halley\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\halley\AppData\Roaming\Yontoo =>Adware.Yontoo^ C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV^ C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit C:\Users\halley\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\halley\AppData\Local\SearchProtect =>Toolbar.Conduit C:\Users\halley\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\halley\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\Smartbar =>Hijacker.SmartBar C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^ C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo^ C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo^ C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\holasearch LTD] =>Hijacker.HolaSearch^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\babylontoolbar] =>PUP.Babylon^ C:\Users\halley\AppData\Local\Temp\nsd11.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Local\Temp\nsd20EA.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Local\Temp\nsdFBBC.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Local\Temp\nsy24C2.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Local\Temp\utt7EAE.tmp.exe =>Toolbar.Conduit^ C:\Users\halley\AppData\Local\Temp\uttD725.tmp.exe =>P2P.BitTorrent^ [HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKCU\Software\e28d8ae569eb49] =>PUP.Babylon^^ ~ Additionnel Scan: 330158 Items scanned in 00mn 47s ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ MSI: 23 link(s) detected in 00mn 48s ~ 1376 Legitimates filtered by white list End of the scan (1019 lines in 04mn 44s)(0) Merci de votre aide ! @+
  12. Personne n'a une solution un peu moins radicale ?...
  13. Bonjour à tous !! Voilà mon PC (surtout le navigateur Internet) rame comme un dingue depuis un petit moment, en fait depuis que j'ai laissé ma femme s'en servir et me choper tout un tas de saloperies sur le net, et peut être aussi à cause de téléchargements de ma part il est vrai... Les pages Internet mettent 3 heures à s'ouvrir (j'éxagère bien évidemment), des pop-ups dans tous les sens, le plugin flas qui plante sans cesse, et j'en passe... J'aimerai bien faire un petit nettoyage de tout ça pour retrouver un PC qui fonctionne correctement sur Internet. Quelqu'un pourrait-il me conseiller s'il vous plaît ?? Merci d'avance.
  14. pecko14

    Impossible lire carte SD

    Re Fifi29 ! Oui je l'ai testé sur un autre PC et elle fonctionne sans aucun problème...
×
×
  • Créer...