Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e) (modifié)

Bonjour à tous !!

 

Voilà mon PC (surtout le navigateur Internet) rame comme un dingue depuis un petit moment, en fait depuis que j'ai laissé ma femme s'en servir et me choper tout un tas de saloperies sur le net, et peut être aussi à cause de téléchargements de ma part il est vrai... doh.gif

 

Les pages Internet mettent 3 heures à s'ouvrir (j'éxagère bien évidemment), des pop-ups dans tous les sens, le plugin flas qui plante sans cesse, et j'en passe...

 

J'aimerai bien faire un petit nettoyage de tout ça pour retrouver un PC qui fonctionne correctement sur Internet.

 

Quelqu'un pourrait-il me conseiller s'il vous plaît ??

 

Merci d'avance.

Modifié par pecko14

Posté(e)

Bonjour pecko14,

Nous allons commencer par établir un diagnostic pour cibler les éléments néfastes avec cet outil :

  • Télécharger ZHPDiag sur votre bureau :
  • Laissez-vous guider lors de l'installation.
  • Ouvrez ZHPDiag Sur Windows Vista / 7 / 8 (clique-droit > exécuter en tant qu'administrateur
  • Cliquez sur Configurer.
    zhpdia10.png

    Clique sur le petit tournevis a droit comme sur la capture tournevis.jpg
    Puis clique sur TOUS
  • cliquez sur Rechercher
    patientez le temps du scan.
  • Héberge le rapport ZHPDiag.txt présent sur votre bureau sur le site http://www.cjoint.com
    Appuyez sur Parcourir et chercher les rapports sur le bureau
  • Cliquez sur Ouvrir
  • Cliquez sur Créer le lien CJoint,
    Puis copie/colle le lien fourni dans votre prochaine réponse.

A+

 

Posté(e)

Bonjour tomtom95 !

 

Merci de votre réponse et désolé pour le retard de la mienne.

 

Voici le rapport qui s'est ouvert après le scan (j'espère que c'est bien ça que vous vouliez...)

 

~ Rapport de ZHPDiag v2013.12.4.7 - Nicolas Coolman (04/12/2013)
~ Lancé par halley (04/12/2013 15:32:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428
MFIE: Mozilla Firefox 25.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows® 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 9 GB (7%) free of 116 GB

---\\ Mode de connexion au système
~ Computer Name: HALLEY-PC
~ User Name: halley
~ All Users Names: HomeGroupUser$, halley, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\halley\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\halley\AppData\Roaming\
~ %Desktop% : C:\Users\halley\Desktop\
~ %Favorites% : C:\Users\halley\Favorites\
~ %LocalAppData% : C:\Users\halley\AppData\Local\
~ %StartMenu% : C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 116 Go)
D: Hard drive, Flash drive, Thumb drive (Free 335 Go of 335 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/11/2013 - 16:03:50.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/890
~ Mes musiques (My Musics) : 1/48
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 1/75
~ Mon Bureau (My Desktop) : 3/5332
~ Menu demarrer (Programs) : 1/52
~ Hidden Files: Scanned in 00mn 10s



---\\ Processus lancés
[MD5.6146DB81623E92A7061C4438E6283BE3] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe [4023584] [PID.680] =>Toolbar.Conduit
[MD5.E982D0F5F7286A8C22730A0380700EC3] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe [2810656] [PID.2224] =>Toolbar.Conduit
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.3024]
[MD5.BA2B4E07561CF877F61B0EEED654BC96] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.1856]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.2196]
[MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.3132]
[MD5.BB4CEE22CFE1C259F5C4279349EB879C] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe [149824] [PID.3148]
[MD5.0C85B24C059C0614AA506D15C9A7978D] - (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe [42784] [PID.488] =>Adware.Yontoo
[MD5.DFB13D3470844B6770FFB87DFC9FD340] - (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe [884744] [PID.1188]
[MD5.4BF3C4F9327BB33190603829C9F5E781] - (.Facebook - Facebook Messenger.) -- C:\Users\halley\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [248240] [PID.3352]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.2420]
[MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe [485376] [PID.644]
[MD5.32F43BE36AAC4E10C88EC24B34770C0D] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392] [PID.3008]
[MD5.5666955DC9FD455A003D86A21E0483A9] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624] [PID.2984]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4116]
[MD5.DCD78A37FB33BF0141A231109B052785] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4224]
[MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe [13446464] [PID.4716]
[MD5.3ECCDD3FE310DD8F82D085447089ADB0] - (.ASUSTek Computer Inc. - ADSMTray.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952] [PID.4256]
[MD5.07E56F90546052D0574355E16AB48A6F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.4956]
[MD5.74EF10CD035DE51171C98E60E53AE221] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [104936] [PID.4836]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1360]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5700]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.4592]
[MD5.4909B1F447FB468FCC49C52DFED99AE8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8278528] [PID.5080]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1332]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1444]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1740]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1784]
[MD5.9D519AAA21E622DF7DF27041E0917499] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960] [PID.1960]
[MD5.24FB8DB6D1D55E2C5D0A53DFE48E6AF8] - (.Microsoft - Y2Desktop.Updater.) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552] [PID.2172] =>Adware.Yontoo
[MD5.730C57652CDFB6E657992508A19E81EB] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [1735968] [PID.2264] =>Toolbar.Conduit
[MD5.069E22DD49A1A962AEE3B7DCE2DC4A50] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [178816] [PID.3596]
[MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] - (.Pas de propriétaire - Atouch64.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe [301624] [PID.3636]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.3840]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.3860]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3876]
[MD5.C0BF554D2277F7A4C735D475ADE2E3B2] - (.ASUSTek Computer Inc. - ADSMSrv.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280] [PID.1844]
~ Processes Running: Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\prefs.js
C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\user.js
M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\holasearch.xml =>Hijacker.HolaSearch
M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\utorrentbarfr-customized-web-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [halley] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon
M2 - MFEP: prefs.js [halley - og1mhgby.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [halley - og1mhgby.default\plugin@yontoo.com] [] Yontoo v1.20.02 (..) =>Adware.Yontoo
M2 - MFEP: prefs.js [halley - og1mhgby.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR v10.20.101.5 (..) =>P2P.µTorrent
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll =>Adware.Yontoo
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Périclès.Net.lnk . (...) -- C:\Program Files (x86)\Pericles\Pericles.exe
O4 - GS\Desktop [Public]: Splendid Utility.Lnk . (...) -- C:\Program Files (x86)\ASUS\Splendid\Backbone.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (...) -- C:\Program Files (x86)\WinZip\WINZIP64.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Périclès.Net.lnk . (...) -- C:\Program Files (x86)\Pericles\Pericles.exe
O4 - GS\QuickLaunch [halley]: GOM Player.lnk . (...) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch [halley]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [halley]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [halley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\halley\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [halley]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [halley]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [halley]: Assistance Livebox.lnk . (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Desktop [halley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\halley\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 68 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: SRS Premium Sound.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
O4 - GS\Startup [Public]: tmchlang.lnk . (...) -- C:\Program Files (x86)\Trend Micro\Internet Security\TmChLang.exe (.not file.)
O4 - GS\Startup [halley]: Facebook Messenger.lnk . (.Facebook - Facebook Messenger.) -- C:\Users\halley\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O4 - GS\Startup [halley]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe
O4 - HKLM\..\Run: [ufSeAgnt.exe] . (.Trend Micro Inc. - Trend Micro Server Agent.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
O4 - HKLM\..\Run: [EeeStorageBackup] . (.ECAREME - BackupService.) -- C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKCU\..\Run: [OE] . (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\halley\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\halley\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [updateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [updateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [OE] . (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\halley\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo
O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\halley\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-585068603-1640475937-3247926608-1001\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEF7B52-5B91-40F7-8ACA-6A919545A41C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9A8449-E1AD-4AA3-86EC-9CD1CEC03434}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2EEF7B52-5B91-40F7-8ACA-6A919545A41C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7A9A8449-E1AD-4AA3-86EC-9CD1CEC03434}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2EEF7B52-5B91-40F7-8ACA-6A919545A41C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7A9A8449-E1AD-4AA3-86EC-9CD1CEC03434}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll =>Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit
O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) . (.Trend Micro Inc. - Manages all components of Trend Micro Inter.) - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
~ Services: 12 Legitimates Filtered in 00mn 09s



---\\ Tâches planifiées en automatique (O39)
[MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\halley\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution
[MD5.039FEBE37F34800E50D6A029DE8CD423] [APT] [{840D895E-1B00-4A0B-A88E-175F2DC6EE7C}] (...) -- E:\.\Autorun.exe [133272]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 10s



---\\ Logiciels installés (O42)
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch
O42 - Logiciel: Périclès.Net - (.Périclès.) [HKLM][64Bits] -- {8AA3BEE2-AC59-469C-80BB-CA987D694525}
O42 - Logiciel: Search Protect - (.Conduit.) [HKLM][64Bits] -- SearchProtect =>Toolbar.Conduit
O42 - Logiciel: Yontoo 2.04 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo
~ Logic: 30 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\LdShih]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\delta LTD]
[HKCU\Software\e28d8ae569eb49] =>Hijacker.Eazel
[HKCU\Software\holasearch LTD] =>Hijacker.HolaSearch
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Périclès]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\babylontoolbar] =>PUP.Babylon
~ Key Software: 285 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/11/2011 - 14:07:03 - [0,609] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 27/09/2013 - 16:10:46 - [2,393] ----D C:\Program Files (x86)\Delta
O43 - CFD: 29/09/2013 - 12:08:58 - [0,663] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 24/10/2012 - 13:19:43 - [18,616] ----D C:\Program Files (x86)\Pericles
O43 - CFD: 09/09/2013 - 11:58:12 - [0,001] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV
O43 - CFD: 22/02/2013 - 16:11:39 - [0,801] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo
O43 - CFD: 09/09/2013 - 11:54:08 - [0] ----D C:\ProgramData\APN
O43 - CFD: 22/02/2013 - 16:11:27 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 27/09/2013 - 16:10:40 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 18/05/2013 - 17:46:21 - [0,002] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 22/02/2013 - 16:11:32 - [2,581] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 27/09/2013 - 16:10:41 - [1,265] ----D C:\Users\halley\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 22/02/2013 - 16:11:27 - [0,028] ----D C:\Users\halley\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 26/12/2011 - 20:54:09 - [0,133] ----D C:\Users\halley\AppData\Roaming\Décorateur de surfaces
O43 - CFD: 04/12/2013 - 14:22:25 - [1,107] ----D C:\Users\halley\AppData\Roaming\Yontoo =>Adware.Yontoo
O43 - CFD: 28/04/2013 - 18:56:30 - [0] ----D C:\Users\halley\AppData\Local\Conduit
O43 - CFD: 28/04/2013 - 07:39:00 - [0,002] ----D C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV
O43 - CFD: 30/09/2011 - 08:05:00 - [0,001] ----D C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Surveillance sur Internet 2011
~ Program Folder: 165 Legitimates Filtered in 00mn 36s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 04/12/2013 - 15:24:07 ---A- . (...) -- C:\Windows\SysNative\acovcnt.exe [45056]
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 04/12/2013 - 15:24:07 ---A- . (...) -- C:\Windows\System32\acovcnt.exe [45056]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 28/11/2013 - 16:03:50 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [16284]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 28/11/2013 - 16:03:50 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.0B68444AE0343D2D9CFF42E798A23613] - 28/11/2013 - 16:11:21 ---A- . (...) -- C:\Windows\IE11_main.log [24581]
~ Files: 132 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E7C677CC871A1DA0A0BDFD39CB86579B] - 04/12/2013 - 14:22:45 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-0A264CF2.pf =>Adware.Yontoo
O45 - LFCP:[MD5.A087FC55711D1488BBFEF55B266B3C95] - 29/11/2013 - 22:11:31 ---A- - C:\Windows\Prefetch\TISSPWIZ.EXE-14F0BD7B.pf
~ Prefetcher: 86 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{1a2e8ecb-e629-11de-8a56-806e6f6e6963}\AutoRun\command. (.Pas de propriétaire - Setup Application.) -- E:\.\Autorun.exe
O51 - MPSK:{1f730f17-cefe-11e0-8624-e0cb4e3d4d33}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{79483211-92d5-11e2-8603-e0cb4e3d4d33}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3C38648375B7F3988691F53A7AAE10A9] - 15/10/2009 - 17:23:20 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [117760]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/07/2009 - 10:29:39 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.1CDADE078F46F10919F21E08E22D227D] - 29/12/2008 - 10:14:27 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35456]
O58 - SDL:[MD5.2D280B5799F9C143FA7D49E032FBCE46] - 20/05/2009 - 09:11:05 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1799680]
O58 - SDL:[MD5.41AC348DBD378F618CB4FDEE54270692] - 06/02/2013 - 07:42:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102936]
O58 - SDL:[MD5.B4C983DA20E2970E21893BF0E4EE2AD8] - 06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 16 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 04/12/2013 - 15:34:22 ---A- . (...) -- C:\Users\halley\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat [104926] =>Toolbar.Conduit
O61 - LFC: 04/12/2013 - 15:34:22 ---A- . (...) -- C:\Users\halley\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat [3542] =>Toolbar.Conduit
O61 - LFC: 04/12/2013 - 15:34:26 ---A- . (...) -- C:\Users\halley\AppData\Roaming\BabSolution\Shared\chu.js [2] =>Hijacker.BabSolution
O61 - LFC: 04/12/2013 - 15:34:26 ---A- . (...) -- C:\Users\halley\AppData\Roaming\fr.orange.assistancelivebox\Local Store\ALB.db [4096] =>.Orange Corporation
O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\Yontoo\PlugIns.cache [23] =>Adware.Yontoo
O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll [13600] =>Adware.Yontoo
O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\ZHP\Log.txt [19028] =>.Nicolas Coolman
O61 - LFC: 04/12/2013 - 15:34:29 ---A- . (...) -- C:\Users\halley\AppData\Roaming\ZHP\TestsZHPDiag.txt [2885] =>.Nicolas Coolman
~ Files: 13 Legitimates Filtered in 00mn 19s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639..clientLogIsEnabled", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.BrowserCompStateIsOpen_130064413660070508", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.BrowserCompStateIsOpen_1359634298000", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.CT2851639.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2851639[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.CTID", "CT2851639");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ConfigurationLastCheckTime", "Mon Nov 11 2013 22:50:10 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.CurrentServerDate", "12-11-2013");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DSInstall", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DialogsGetterLastCheckTime", "Tue Nov 05 2013 14:19:05 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.DownloadReferralCookieData", "");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstServerDate", "18-5-2013");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstTime", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstTimeFF3", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FirstTimeHiddenVer", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.HPInstall", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.HasUserGlobalKeys", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.Initialize", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InstallationType", "Unknown");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.InstalledDate", "Sat May 18 2013 19:49:37 GMT+0200");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsGrouping", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsInitSetupIni", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsMulticommunity", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsOpenThankYouPage", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LanguagePackLastCheckTime", "Mon Nov 11 2013 22:50:10 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LastLogin_3.18.0.7", "Tue Jul 23 2013 11:10:19 GMT+0200");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LastLogin_3.19.0.3", "Mon Sep 09 2013 12:58:55 GMT+0200");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LastLogin_3.20.0.4", "Mon Nov 11 2013 22:50:09 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.LatestVersion", "3.20.0.4");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.Locale", "fr");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.MCDetectTooltipHeight", "83");

O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.MyStuffEnabledAtInstallation", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.OriginalFirstVersion", "3.18.0.7");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SavedHomepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchAPILastCheckTime", "Mon Nov 11 2013 22:50:09 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchCaption", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=SB_CUI[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabLastCheckTime", "Mon Sep 09 2013 12:58:54 GMT+0200");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"); =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT2851639&octid=CT2851639&SearchSource=15&C[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SendProtectorDataViaLogin", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ServiceMapLastCheckTime", "Mon Nov 11 2013 22:50:09 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SettingsLastCheckTime", "Mon Nov 11 2013 22:50:07 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.SettingsLastUpdate", "1384160275");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.ToolbarShrinkedFromSetup", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.UserID", "UN25097416976593134");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.alertChannelId", "1243674");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.browser.search.defaultthis.engineName", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.countryCode", "FR");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.firstTimeDialogOpened", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.fixPageNotFoundErrorByUser", "TRUE");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.fullUserID", "UN25097416976593134.UP.2036004809");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.homepageProtectorEnableByLogin", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.initDone", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.installType", "Unknown");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.keyword", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2851639&octid=CT2[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.lastVersion", "10.20.101.5");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffEnabled", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.navigateToUrlOnSearch", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fforum.zebulon.fr%2Fmon-pc-rame-besoin-daide-t2[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.originalHomepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.originalSearchAddressUrl", "");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.originalSearchEngine", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.revertSettingsEnabled", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchFromAddressBarEnabledByUser", "true");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchProtectorDialogDelayInSec", 10); =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchProtectorEnableByLogin", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchSuggestEnabledByUser", "false");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.searchUserMode", "2");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851639\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrent[...] =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_FR [...] =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_Configuration_lastUpdate", "1386163457607");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_login_10.20.101.5_lastUpdate", "1386163456890");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1386163457615");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1386163457417");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1386163457462");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1386163457229");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.settingsINI", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.showToolbarPermission", "false");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.CTID", "CT2851639"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.homepage", true); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.testingCtid", "");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Mon Nov 11 2013 22:50:10 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarBornServerTime", "18-5-2013");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarCurrentServerTime", "4-12-2013");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.toolbarLoginClientTime", "Tue Nov 12 2013 00:48:16 GMT+0100");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639.usagesFlag", 2);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386167119016,\"isWithState\"[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13,http://search.condui[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_FR Customized Web Search,uTorrentBar_FR Customized Web Search,uTorren[...] =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2851639/CT2851639", "\"0814eced0f57718ea0d24cc9[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", "\"1361967766\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:16ac[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"")[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\""[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2851639&UM=UM_ID", "\"2a84ff-82f-49024409b8900\"[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851639", "\"52c3f1538cb4af4ada257fcbc6[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"6fc9ef41c3231ec925076c942468a37c\[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ToolbarsList", "CT2851639");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2851639");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2851639");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.globalUserId", "be368fd1-8d1c-4d89-9032-2b92646059dc");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851639");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.originalHomepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("CommunityToolbar.originalSearchEngine", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("Smartbar.ConduitHomepagesList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_FR Customized Web Search"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?CUI=UN25097416976593134&ctid=CT2851639&Searc[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.newtab.url", "http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.defaultenginename", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.defaultthis.engineName", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("browser.search.selectedEngine", "uTorrentBar_FR Customized Web Search"); =>P2P.µTorrent
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.bbDpng", "4");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.cntry", "FR");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.hdrMd5", "17DAF84116D5895A923986667EEEF558");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.id", "e4ccae780000000000000625d3e125e0");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.instlDay", "15975");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.lastVrsnTs", "1.8.24.617:10:47");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.smplGrp", "azb");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.vrsn", "1.8.24.6");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.vrsnTs", "1.8.24.617:10:47");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta.vrsni", "1.8.24.6");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta_i.babTrack", "affID=119982&tt=240913_246&tsp=5018");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=UN25097416976593134&UM=2&q="[...]
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13,http://search.conduit.com/?ct[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [halley - og1mhgby.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=SB_[...] =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - http://www.searchgol.com =>Hijacker.SearchGol
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {A4DF5635-20B1-44B2-A890-035CA5C1436C} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {DD7FBFC3-982C-4361-969E-27BB14C61D34} - (Ask Search) - http://www.search.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [sPRF][10/09/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.3E7A52653DA302A77C08A8F3D4BBDE70] [sPRF][13/11/2013] (...) -- C:\Users\halley\AppData\Local\Temp\JSaHCMAPI_2.2.504274273509789744034.dll [266240]
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsd11.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsd20EA.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsdFBBC.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][18/10/2013] (.Conduit - SP Usage Sender.) -- C:\Users\halley\AppData\Local\Temp\nsy24C2.exe [167812] =>Toolbar.Conduit
[MD5.2E575012FD49F34380630F8662DA5C03] [sPRF][31/10/2013] (.Conduit - Search Protect by Conduit.) -- C:\Users\halley\AppData\Local\Temp\SPSetup.exe [5591784] =>Toolbar.Conduit
[MD5.04DD28648AD90E6C9442DB208BA4A2BA] [sPRF][23/10/2013] (...) -- C:\Users\halley\AppData\Local\Temp\utt5F5.tmp.bat [96]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [sPRF][23/10/2013] (...) -- C:\Users\halley\AppData\Local\Temp\utt6F8F.tmp.bat [77]
[MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [sPRF][23/10/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\halley\AppData\Local\Temp\utt7EAE.tmp.exe [66368] =>Toolbar.Conduit
[MD5.24AEB20C4D857A431FE82AAC1A95C005] [sPRF][23/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\halley\AppData\Local\Temp\uttD725.tmp.exe [902736] =>P2P.BitTorrent
[MD5.2155FC1467A7E1429E4DF8303692B79B] [sPRF][18/05/2013] (.Pas de propriétaire - Installer.) -- C:\Users\halley\Desktop\pcpholasetup.exe [592120]
~ Files: 14 Legitimates Filtered in 00mn 01s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\e28d8ae569eb49] =>PUP.Babylon^
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 29/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Demand 22/08/2009 570632 | (TMBMServer) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
SS - | Demand 22/08/2009 917768 | (TmProxy) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 31/10/2013 1735968 | (CltMngSvc) . (.Conduit.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit
SR - | Auto 10/06/2013 1966960 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
SR - | Demand 23/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 15/08/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 09/10/2010 859712 | (SfCtlCom) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 15/02/2013 23552 | (Yontoo Desktop Updater) . (.Microsoft.) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo

~ Services: Scanned in 00mn 22s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by halley at 04/12/2013 15:35:54
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by halley at 04/12/2013 15:35:56

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13007 - (04/12/2013)
Clés trouvées (Keys found) : 203
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 21
Fichiers trouvés (Files found) : 28

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta] =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo^
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKCU\Software\delta LTD] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje] =>Hijacker.TornTV
[HKLM\Software\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Yontoo Desktop =>Adware.Yontoo^
C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\ffxtlbr@delta.com =>Toolbar.DeltaSearch^
C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\plugin@yontoo.com =>Adware.Yontoo^
C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>P2P.µTorrent^
C:\Program Files (x86)\Iminent =>Adware.IMBooster^
C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV^
C:\Program Files (x86)\Yontoo =>Adware.Yontoo^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\halley\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\halley\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\halley\AppData\Roaming\Yontoo =>Adware.Yontoo^
C:\Users\halley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit
C:\Users\halley\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\halley\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\halley\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\halley\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\Smartbar =>Hijacker.SmartBar
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo^
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo^
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\holasearch LTD] =>Hijacker.HolaSearch^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\babylontoolbar] =>PUP.Babylon^
C:\Users\halley\AppData\Local\Temp\nsd11.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Local\Temp\nsd20EA.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Local\Temp\nsdFBBC.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Local\Temp\nsy24C2.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Local\Temp\utt7EAE.tmp.exe =>Toolbar.Conduit^
C:\Users\halley\AppData\Local\Temp\uttD725.tmp.exe =>P2P.BitTorrent^
[HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\e28d8ae569eb49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\e28d8ae569eb49] =>PUP.Babylon^^
~ Additionnel Scan: 330158 Items scanned in 00mn 47s



---\\ Récapitulatif des détections trouvées sur votre station
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~ MSI: 23 link(s) detected in 00mn 48s



~ 1376 Legitimates filtered by white list
End of the scan (1019 lines in 04mn 44s)(0)

 

 

Merci de votre aide !

 

@+

Posté(e)

Bonsoir pecko14,

  • Je vais vous demandez de ne pas posté directement vos rapports sur le forum la prochaine fois.
    De les Héberger sur le site http://www.cjoint.com
    Sur le site vous cliquez sur Parcourir et chercher les rapports sur votre bureau
  • Cliquez sur Ouvrir retour sur le site
  • Cliquez sur Créer le lien CJoint,
    Puis copie/colle le lien fourni dans votre prochaine réponse.

Votre ordinateur est infecté (Adware, PUP, Toolbar néfaste....)
Il faut être vigilant sur ce que tu valides lors de l'installation de logiciels gratuits, bien lire les conditions d'utilisation et ne pas accepter tout ce qui est proposé avec (cases pré-cochées)
Les installateurs et l'opt out

 

pour commencer:
Désinstaller le programme P2P source d'infections multiples
Dans Panneau de configuration >> Programmes et fonctionnalités >> puis désinstaller
BitTorrent µTorrent
Yontoo

Ensuite

  • Télécharges Adwcleaner (de Xplode) sur ton Bureau
    Désactive tes protections: antivirus, ... Ferme toutes les applications en cours (notamment ton navigateur)
    Fais clique droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Choisi l'option Scanner
  • Choisi l'option Nettoyer
  • Accepte l'avertissement en cliquant sur OK
  • Héberge le contenu du rapport qui apparaît au redémarrage du PC
    sur le site http://www.cjoint.com
    Puis copie/colle le lien fourni dans ta prochaine réponse.

  • Télécharge Junkware Removal Tool par Thisisu sur le bureau
    Sur la page clique sur Download Now
  • Pour Vista/7/8, clique droit sur l'icône JRT exécuter en tant qu'administrateur.
    Puis taper sur une touche lorsque cela sera demandé.
    Note : Le bureau disparaitra un instant, c'est normal.
  • Clique sur Oui pour créer une sauvegarde du registre avec Erunt.
    Le scanne va ce lancer.
    Attendre l'affichage du rapport il sera enregistré sur le bureau
  • Héberge le rapport sur le site http://www.cjoint.com
    puis copie/colle le lien fourni dans ta prochaine réponse.
    importante:
    Ne pas relancer l'outil une seconde fois sinon le rapport sera écrasé par le nouveau

A+

 

Posté(e)

Bonjour pecko14,

Important : exécute les outils depuis ton bureau et non dans le dossier téléchargement pour éviter tous problèmes.icon_wink.gif
Une bonne partie du ménage a été fait, pour continuer
refais une analyse avec l'outil ZHPDiag ,reprend la procédure du post #4

A+

Posté(e)

Bonsoir pecko14,

ma femme a réinstallé µtorrent depuis le dernier scan... j'éspère que c'est pas trop gênant.

Vous être prévenu des conséquences (Mon PC rame - besoin d'aide)
il ne faudra pas étonner si votre ordinateur est de nouveau infecté
Vous pouvez lire
Les risques du peer-to-peer

Pourquoi éviter le P2P ? Point législatif & dangers.

En plus vous avez de nouveau téléchargé un programme néfaste (Adware.MyWebSearch) icon_evil.gif

Votre partition lecteur ( C ) a plus assez de place pour un bon fonctionnement
C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 116 Go) il ne reste que 9 Go de libre
Il faut faire de la place ou supprimer des programmes inutile.

  • Cliquer sur l'icône ZHPFix,présent sur ton Bureau pour vista/W7/W8 clique-droit > exécuter en tant qu'administrateur
  • Surligne le texte ci-dessous puis clique droit Copier

    Script ZHPFix
    C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\ffxtlbr@mysearchdial.com
    C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    C:\Program Files (x86)\Mysearchdial
    C:\Users\halley\AppData\Roaming\mysearchdial
    C:\Windows\Tasks\MySearchDial.job
    C:\Users\halley\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe
    M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\Mysearchdial.xml
    M3 - MFPP: Plugins - [halley] -- C:\Users\halley\AppData\Roaming\Mozilla\Firefox\Profiles\og1mhgby.default\searchplugins\utorrentbarfr-customized-web-search.xml
    M2 - MFEP: prefs.js [halley - og1mhgby.default\ffxtlbr@mysearchdial.com] [] mysearchdial.com v1.6.0 (..)
    M2 - MFEP: prefs.js [halley - og1mhgby.default\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] [] MySearchDial NewTab v1.2.5.0 (..)
    R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com
    R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com
    R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com
    O2 - BHO: mysearchdial Helper Object [64Bits] - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} . (.Ironsource Israel (2011) LTD - Pas de description.) -- C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll
    O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline
    O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MySearchDial.job [296]
    O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM][64Bits] -- mysearchdial
    O43 - CFD: 05/12/2013 - 23:36:20 - [2,654] ----D C:\Program Files (x86)\Mysearchdial
    O43 - CFD: 05/12/2013 - 23:36:30 - [0,174] ----D C:\Users\halley\AppData\Roaming\mysearchdial
    O61 - LFC: 05/12/2013 - 18:57:00 ---A- . (...) -- C:\Users\halley\AppData\Roaming\mysearchdial\icons_2.2.14.1379\62.ico [39438]
    O61 - LFC: 05/12/2013 - 18:57:00 ---A- . (...) -- C:\Users\halley\AppData\Roaming\mysearchdial\icons_2.2.14.1379\80.ico [36894]
    O69 - SBI: SearchScopes [HKCU] {A4DF5635-20B1-44B2-A890-035CA5C1436C} - (Mysearchdial) - http://start.mysearchdial.com
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial]
    [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
    [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
    [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
    [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}]
    [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
    [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
    [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
    [HKLM\Software\Classes\AppID\escort.dll]
    [HKLM\Software\Classes\AppID\escortapp.dll]
    [HKLM\Software\Classes\AppID\escorteng.dll]
    [HKLM\Software\Classes\AppID\esrv.EXE]
    [HKLM\Software\Classes\escort.escortIEPane]
    [HKLM\Software\Classes\escort.escortIEPane.1]
    [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]
    [HKCU\Software\LdShih]
    [HKCU\Software\mysearchdial.com]
    [HKCU\Software\mysearchdial]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}]
    [HKLM\Software\Classes\esrv.mysearchdialESrvc]
    [HKLM\Software\Classes\esrv.mysearchdialESrvc.1]
    [HKLM\Software\Classes\mysearchdial.mysearchdialappCore]
    [HKLM\Software\Classes\mysearchdial.mysearchdialappCore.1]
    [HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd]
    [HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd.1]
    [HKLM\Software\Classes\mysearchdial.mysearchdialHlpr]
    [HKLM\Software\Classes\mysearchdial.mysearchdialHlpr.1]
    [HKLM\Software\Classes\AppID\escorTlbr.DLL]
    [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane]
    [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1]
    [HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc]
    [HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1]
    [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore]
    [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore.1]
    [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd]
    [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd.1]
    [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialHlpr]
    [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialHlpr.1]
    [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL]
    [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL]
    [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL]
    [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL]
    [MD5.CCFEE663F7DD308FFC47CD29D0861C17] [APT] [MySearchDial] (...) -- C:\Users\halley\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe [106496]
    [MD5.039FEBE37F34800E50D6A029DE8CD423] [APT] [{840D895E-1B00-4A0B-A88E-175F2DC6EE7C}] (...) -- E:\.\Autorun.exe [133272]


    EmptyCLSID
    ShortcutFix
    FirewallRaz
    EmptyTemp
    EmptyFlash
    Sysrestore

  • Dans l'interface de ZHPFix Cliquer Importer
    zhpfix10.png

    Attention :vérifier que que toutes les lignes se sont collées
  • Puis Clique sur "GO"
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé le fichier ZHPFixReport à été crée sur le bureau.
  • Héberge le rapport ZHPFixReport sur le site http://www.cjoint.com
    puis copie/colle le lien fourni dans ta prochaine réponse.

  • Télécharger sur le bureau pas ailleur SFTGC.exe de pierre 13
  • Si l'antivirus fait des siennes: désactive-le provisoirement.
    Si tu ne sais pas comment faire, reporte-toi à cet article.
  • Sous Vista, Win 7 et Win 8, Faire un clique droit sur le fichier et exécuter en tant qu'administrateur
    sftg210.jpg
  • Pour lancer le nettoyage, il suffit de cliquer sur Go.
  • A la fin du nettoyage, un rapport va s'ouvrir.
  • Ce rapport est enregistré sur le bureau (SFT.txt)
    Ce rapport étant trop long pour le forum, héberge le :
  • Sur Cjoint.fr et copie-colle le lien fourni dans ta réponse

  • Télécharge MalwareByte's V1.75 sur ton Bureau.
  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware.
  • sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche
  • clique sur"Rechercher".
  • Coche toutes les cases de tes lecteurs
  • clique sur"Rechercher"pour lancer le scanne.
  • Une fois le scan terminé une fenêtre s'ouvre clique sur OK.
  • Si des infections sont présentes
  • clique sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    IMPORTANT : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression accepte en cliquant sur Ok

Héberge le rapport sur le site http://www.cjoint.com
puis copie/colle le lien fourni dans ta prochaine réponse.

 

A+

 

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...