Babsolution/shared/NTRedirect.dll
ghyslain311
Messages postés
18
Statut
Membre
-
2011N2 Messages postés 15850 Statut Contributeur sécurité -
2011N2 Messages postés 15850 Statut Contributeur sécurité -
depuis un certain temps j'ai un message qui s'affiche sur l'écran de mon ordinateur lorsque je l'allume(C:/user/toshiba/appdata/roaming/babsolution/shared/NTredirect.dll. je ne sais pas comment faire pour que je message cesse d'apparaitre sur mon écran quand je démarre mon ordinateur.s'il vous plait aidez moi. Merci d'avance.
A voir également:
- Babsolution/shared/NTRedirect.dll
- Borland shared - Télécharger - Édition & Programmation
- Shared subscription - Accueil - Services en ligne
- Shared audio windows 11 - Guide
- Oracle shared memory realm does not exist - Forum Oracle
- Instagram it looks like you shared your password with a service ✓ - Forum Instagram
24 réponses
Bonsoir,
Fais un diagnostic de ton PC avec ZHPDiag comme ceci et poste moi le rapport précédemment hébergé sur cjoint.
Gabriel.
Fais un diagnostic de ton PC avec ZHPDiag comme ceci et poste moi le rapport précédemment hébergé sur cjoint.
Gabriel.
j'ai telecharger le logiciel mais je ne suis pas tres calé en informatique donc
ss'il te plait explique moi comment proceder pour faire le dignostic?
ss'il te plait explique moi comment proceder pour faire le dignostic?
Re,
C'est expliqué dans le tutoriel afin de faire le diagnostic, à parti du point 3 : http://www.forum-entraide-informatique.com/support/zhpdiag-tutoriel-t4831.html
Si tu as des questions, dis moi exactement où. :)
Je repasserai demain pour la suite, je vais pas tarder à aller me coucher.
Bonne soirée,
Gabriel.
C'est expliqué dans le tutoriel afin de faire le diagnostic, à parti du point 3 : http://www.forum-entraide-informatique.com/support/zhpdiag-tutoriel-t4831.html
Si tu as des questions, dis moi exactement où. :)
Je repasserai demain pour la suite, je vais pas tarder à aller me coucher.
Bonne soirée,
Gabriel.
merci d'avance pour ton aide je compte vraiment sur toi car je suis vraiment angoissé par ce probleme aide moi s'il te plait. a demain et bonsoir.
Ghyslain311.
Ghyslain311.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3985 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 405 GB (86%) free of 465 GB
---\\ Connection to the system mode
~ Computer Name: TOSHIBA-PC
~ User Name: toshiba
~ All Users Names: toshiba, Guest, Bloquer l'ordonateur, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppData% : C:\Users\toshiba\AppData\Roaming\
~ %Desktop% : C:\Users\toshiba\Desktop\
~ %Favorites% : C:\Users\toshiba\Favorites\
~ %LocalAppData% : C:\Users\toshiba\AppData\Local\
~ %StartMenu% : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C:\ Hard drive, Flash drive, Thumb drive (Free 405 Go of 465 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/08/2013 - 12:00:59.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 03:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/29
~ Mes musiques (My Musics) : 7/437
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/63
~ Mon Bureau (My Desktop) : 1/5401
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 04s
---\\ Running Processes at system startup
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656] [PID.3164]
[MD5.D5D73AC93A4C5A09638CEEAC5A80D293] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3528128] [PID.3348]
[MD5.84092B60AA6DAB3B5E0C646AAE862A46] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe [637936] [PID.3408]
[MD5.29FB6EF1EFB1357E2883FE297F1EBC31] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536] [PID.3532]
[MD5.B2B39A866E42937E4FA071B9E12EEA4C] - (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe [827232] [PID.3612] =>Toolbar.AVGSearch
[MD5.7027F35E3AA472EC230DBCF19E4165E6] - (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [200704] [PID.3844]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [263600] [PID.3900]
[MD5.82E0EA0C23F556FB17ADB98E8E7F594E] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe [1739760] [PID.4568]
[MD5.8ADB34CD7E2536C08C8EE41EC5C2B0BC] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe [39483232] [PID.3952]
[MD5.23354229546ACE18AFABDC334698D4BB] - (...) -- C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe [1376608] [PID.4424]
[MD5.4ADCFEE16EE9978F06157634669D36FB] - (.OldTimer Tools - No Comment.) -- C:\Users\toshiba\Downloads\Programs\OTL.exe [602112] [PID.4852]
[MD5.4ADFF37E77F0ABD1D886B07F3A021C5A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7857664] [PID.3872]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1984]
[MD5.C4D15594DB5BE042D3346EA58DF87D89] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136] [PID.1028]
[MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.1176]
[MD5.64C64E7268887F661B911DEED945B898] - (.Bandoo Media Inc. - Datamngr Coordinator.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3360256] [PID.1224] =>Adware.Bandoo
[MD5.309CCA3861F1A2E1ABD23843532A9837] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [347120] [PID.1564]
[MD5.3C23AE0B05DF45CE256E94D6F5CEDF50] - (.AVG Technologies CZ, s.r.o. - AVG Alert Manager.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe [842592] [PID.1996]
[MD5.AE40D1BC6FB02A5625516AD74CA9A309] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289472] [PID.2072]
[MD5.942E7D304E70630CFE4FC1EDDCFC1CDB] - (.TorchMedia Inc. - TorchCrashHandler.) -- C:\Users\toshiba\AppData\Local\Torch\Update\TorchCrashHandler.exe [1206624] [PID.2228]
[MD5.8A603DABD6A7FA5F31E2B6E562E0EBDF] - (.No owner - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [855904] [PID.2792] =>Toolbar.AVGSearch
[MD5.F4938525565B6AFD0F547934F20754E4] - (.Bandoo Media Inc. - Data Manager.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe [3534848] [PID.3384] =>Adware.Bandoo
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myplaycity.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://my.myplaycity.com
R3 - URLSearchHook: uTorrentBar_FR Toolbar [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.14.0.28) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: uTorrentBar_FR [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit
O2 - BHO: AVG Security Toolbar [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.No owner - AVG Secure Search.) -- C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - No Comment.) -- C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) [64Bits] - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} . (.No owner - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll =>Adware.Bandoo
~ BHO: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [NTRedirect] C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =>Hijacker.BabSolution
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [NTRedirect] C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =>Hijacker.BabSolution
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Marco Polo Turbo Français Anglais.lnk . (...) -- C:\Marco Polo Turbo Vocabulary Tutor\Marco Polo Français Anglais 4.2\Marco Anglais 420.exe
O4 - GS\QuickLaunch: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\toshiba\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Conjugaison.lnk . (...) -- C:\Users\toshiba\AppData\Roaming\Microsoft\Installer\{057AA4D8-559F-42B1-98A0-508303834B2E}\_696c15b3.exe
O4 - GS\Desktop: CyberLink YouCam.lnk . (.CyberLink Corp. - CyberLink YouCam.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
O4 - GS\Desktop: Encyclopaedia Universalis 2012.lnk . (...) -- C:\Program Files (x86)\Encyclopaedia Universalis 2012\Encyclopaedia Universalis 2012\Universalis.exe
O4 - GS\Desktop: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Desktop: Marco Polo Turbo Français Anglais.lnk . (...) -- C:\Marco Polo Turbo Vocabulary Tutor\Marco Polo Français Anglais 4.2\Marco Anglais 420.exe
O4 - GS\Desktop: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: The Logo Creator v5.exe.lnk . (...) -- C:\Program Files (x86)\The Logo Creator v5\The Logo Creator v5.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF4ADF79-69AD-4113-8A9D-3F9022A9F682}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EF4ADF79-69AD-4113-8A9D-3F9022A9F682}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EF4ADF79-69AD-4113-8A9D-3F9022A9F682}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.96.157 213.136.96.37
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: viprotocol [64Bits] - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN64C~1.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) . (.Bandoo Media Inc. - Datamngr Coordinator.) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo
O23 - Service: Torch Crash Handler (TorchCrashHandler) . (.TorchMedia Inc. - TorchCrashHandler.) - C:\Users\toshiba\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: (vToolbarUpdater) . (.No owner - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 10 Legitimates Filtered in 00mn 09s
---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll =>Adware.Bandoo
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll =>Adware.Bandoo
~ Keys: Scanned in 00mn 00s
---\\ Task Planned Automatically (039)
[MD5.ADB62392BC0711707E58E70186CC4AC2] [APT] [EPUpdater] (...) -- C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10224] =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [{32678595-9F55-49F3-9DB0-94B93F736B52}] (...) -- C:\Users\toshiba\Downloads\Programs\aquitania_setup.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Software installed (O42)
O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Hijacker.Eazel
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch
O42 - Logiciel: Marco Polo Français Anglais 4.2 - (.Marco Polo Turbo Vocabulary Tutor.) [HKLM][64Bits] -- Marco_0
O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKLM][64Bits] -- iLivid =>Adware.Bandoo
~ Logic: 63 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5c48bdfb139ee15]
[HKCU\Software\APN DTX]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Marco Polo Turbo Vocabulary Tutor]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\5c48bdfb139ee15]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
~ Key Software: 174 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 06/08/2013 - 13:48:43 - [0,609] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 06/08/2013 - 13:46:43 - [2,390] ----D C:\Program Files (x86)\Delta
O43 - CFD: 08/08/2013 - 18:21:24 - [157,451] ----D C:\Program Files (x86)\LHSP
O43 - CFD: 13/08/2013 - 10:28:10 - [22,958] ----D C:\Program Files (x86)\Movies Toolbar =>Adware.Bandoo
O43 - CFD: 06/08/2013 - 13:46:12 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 06/08/2013 - 13:46:41 - [8,084] ----D C:\ProgramData\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 22/08/2013 - 22:42:19 - [0,011] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 22/08/2013 - 22:41:24 - [0,004] ----D C:\ProgramData\TorchCrashHandler
O43 - CFD: 06/08/2013 - 13:46:33 - [1,279] ----D C:\Users\toshiba\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 06/08/2013 - 13:46:12 - [0,003] ----D C:\Users\toshiba\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 06/08/2013 - 13:48:39 - [0,083] ----D C:\Users\toshiba\AppData\Local\Conduit
O43 - CFD: 13/08/2013 - 10:58:03 - [60,091] ----D C:\Users\toshiba\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 06/08/2013 - 13:46:51 - [0,001] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 08/08/2013 - 18:09:45 - [0,003] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marco Polo Turbo Vocabulary Tutor
~ Program Folder: 124 Legitimates Filtered in 00mn 30s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.AAAEBBAE9B181771B6C1B27CDC3EAD2B] - 22/08/2013 - 14:07:50 ---A- . (...) -- C:\Windows\IE10_main.log [28118]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 09/08/2013 - 07:29:41 ---A- . (...) -- C:\Windows\win.ini [478]
~ Files: 298 Legitimates Filtered in 00mn 10s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{b206a1a8-fa43-11e2-9050-7c05079cde22}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 01:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 31/07/2013 - 13:56:54 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\SysWOW64\drivers\ewdcsc.sys [32768]
~ Drivers: Scanned in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 02/08/2012 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 108 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <OperaStable>[HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> <OperaStable>[HKCU\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> <OperaStable>[HKCR\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <OperaStable> <Opera Stable>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {94125E87-9EAF-4DE8-BF37-356F577C79A2} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - https://isearch.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} [DefaultScope] - (MyPlayCity) - http://my.myplaycity.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3De71e508e6f0b6f35%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9421F1B2E6DDEEEBEA82516C5E9B4A4A] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\apnuserid.dat [16]
[MD5.85D8CE590AD8981CA2C8286F79F59954] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\appid.dat [3]
[MD5.F3C37E60733738EE1B5B85D02AE60B6B] [SPRF][16/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\defaultCache.reg [81526]
[MD5.04144F7159DBE2105DA27A824630819F] [SPRF][20/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\instloffer.exe [376296]
[MD5.DC29C682BAF5DB06E8F7860010442D3F] [SPRF][22/08/2013] (.TeamDev Ltd - JNIWrapper Native Library.) -- C:\Users\toshiba\AppData\Local\Temp\jniwrap.dll [45112]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF][28/10/2006] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\toshiba\AppData\Local\Temp\ose00000.exe [145184]
[MD5.8CB22BDD0B7BA1AB13D742E22EED8DA2] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\sysid.dat [3]
[MD5.BDEE9D936EFB7C76DF778F45F1CF130D] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\trackid.dat [6]
[MD5.3D5B9EDB303C6D3D598B8D6C81A570E1] [SPRF][08/02/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\Uninstall.exe [104117]
[MD5.48A895570D7E3EB6150B1FC8F24843FE] [SPRF][06/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\uttD2AE.tmp.exe [8844800]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{7DFE1E0F-2B4F-402E-8299-1D571EEF3F7F}" | In - Public - P6 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{F47C7110-6B3B-4176-BFA9-2140611F664D}" | In - Public - P17 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{5FAA9887-CF99-4FEE-9167-21250880EABA}" | In - None - P17 - TRUE | .(.Torch Media Inc. - Torch Torrent.) -- C:\Users\toshiba\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
O87 - FAEL: "{B0F42D79-B9D3-435B-8DD9-5DEE9CD3582A}" |In - None - P17 - TRUE | .(...) -- C:\Users\toshiba\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe (.not file.)
O87 - FAEL: "{2759578E-722A-44DB-BE3E-C19E35B4535B}" |In - None - P17 - TRUE | .(...) -- C:\Users\toshiba\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe (.not file.)
~ Firewall: 196 Legitimates Filtered in 00mn 01s
---\\ Random Export Key (REK) (O91)
[HKCU\Software\5c48bdfb139ee15]:version="2.6.1519.190"
[HKLM\Software\Wow6432Node\5c48bdfb139ee15]:version="2.6.1519.190"
~ Export Key Software: Scanned in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.B1C861317B5A5D0755FBC53352C4B0A3] [WIS][06/08/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\124a8b.msi [22614016]
[MD5.66697CC6FB5EE64EAE12EF48FAEF65C8] [WIS][04/10/2010] (.homework - Conjugaison.) -- C:\Windows\Installer\1bd657.msi [2266624]
~ WIS: 34 Legitimates Filtered in 00mn 03s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/11/2011 167264 | (AVG Security Toolbar Service) . (...) - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
SR - | Auto 31/07/2013 308136 | (avg9wd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
SS - | Disabled 26/07/2013 2847696 | (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe =>Hijacker.Eazel
SS - | Demand 25/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 12/08/2013 3360256 | (DatamngrCoordinator) . (.Bandoo Media Inc..) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo
SS - | Auto 06/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 23/10/2012 347120 | (InternetEverywhere_Service) . (...) - C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
SR - | Auto 12/07/2013 3289472 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 20/07/2013 1206624 | (TorchCrashHandler) . (.TorchMedia Inc..) - C:\Users\toshiba\AppData\Local\Torch\Update\TorchCrashHandler.exe
SR - | Auto 17/03/2009 189808 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 31/07/2013 855904 | (vToolbarUpdater) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 00\00\0000 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12862 - (22/08/2013)
Clés trouvées (Keys found) : 131
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 20
Fichiers trouvés (Files found) : 19
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>Hijacker.Eazel^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta] =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\SearchQUIEHelper.DNSGuard] =>Adware.Bandoo
[HKLM\Software\Classes\SearchQUIEHelper.DNSGuard.1] =>Adware.Bandoo
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKCU\Software\APN DTX] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\uTorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NTRedirect =>Hijacker.BabSolution^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSearch^
C:\Program Files (x86)\Movies Toolbar =>Adware.Bandoo^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\ProgramData\BrowserDefender =>Hijacker.Eazel^
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\Users\toshiba\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\toshiba\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\toshiba\AppData\Local\iLivid =>Adware.Bandoo^
C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel^
C:\Program Files (x86)\AVG Secure Search =>Toolbar.AVGSearch
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\uTorrentBar_FR =>Toolbar.Conduit
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\toshiba\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\toshiba\AppData\LocalLow\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\toshiba\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\toshiba\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\toshiba\AppData\LocalLow\uTorrentBar_FR =>Toolbar.Conduit
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Program Files (x86)\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe =>Adware.Bandoo^
C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit^
C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch^
C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll =>Toolbar.DeltaSearch^
C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll =>Adware.Bandoo^
C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo^
C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo^
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe =>Hijacker.Eazel^
C:\Users\toshiba\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
~ Additionnel Scan: 200288 Items scanned in 00mn 18s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ MSI: 16 link(s) detected in 00mn 18s
~ 1200 Legitimates filtered by white list
End of the scan (716 lines in 01mn 38s)(0)
---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3985 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 405 GB (86%) free of 465 GB
---\\ Connection to the system mode
~ Computer Name: TOSHIBA-PC
~ User Name: toshiba
~ All Users Names: toshiba, Guest, Bloquer l'ordonateur, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppData% : C:\Users\toshiba\AppData\Roaming\
~ %Desktop% : C:\Users\toshiba\Desktop\
~ %Favorites% : C:\Users\toshiba\Favorites\
~ %LocalAppData% : C:\Users\toshiba\AppData\Local\
~ %StartMenu% : C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C:\ Hard drive, Flash drive, Thumb drive (Free 405 Go of 465 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/08/2013 - 12:00:59.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 03:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/29
~ Mes musiques (My Musics) : 7/437
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/63
~ Mon Bureau (My Desktop) : 1/5401
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 04s
---\\ Running Processes at system startup
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656] [PID.3164]
[MD5.D5D73AC93A4C5A09638CEEAC5A80D293] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3528128] [PID.3348]
[MD5.84092B60AA6DAB3B5E0C646AAE862A46] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe [637936] [PID.3408]
[MD5.29FB6EF1EFB1357E2883FE297F1EBC31] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536] [PID.3532]
[MD5.B2B39A866E42937E4FA071B9E12EEA4C] - (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe [827232] [PID.3612] =>Toolbar.AVGSearch
[MD5.7027F35E3AA472EC230DBCF19E4165E6] - (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [200704] [PID.3844]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [263600] [PID.3900]
[MD5.82E0EA0C23F556FB17ADB98E8E7F594E] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe [1739760] [PID.4568]
[MD5.8ADB34CD7E2536C08C8EE41EC5C2B0BC] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\15.0.1147.153\opera.exe [39483232] [PID.3952]
[MD5.23354229546ACE18AFABDC334698D4BB] - (...) -- C:\Program Files (x86)\Opera\15.0.1147.153\opera_crashreporter.exe [1376608] [PID.4424]
[MD5.4ADCFEE16EE9978F06157634669D36FB] - (.OldTimer Tools - No Comment.) -- C:\Users\toshiba\Downloads\Programs\OTL.exe [602112] [PID.4852]
[MD5.4ADFF37E77F0ABD1D886B07F3A021C5A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7857664] [PID.3872]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1984]
[MD5.C4D15594DB5BE042D3346EA58DF87D89] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136] [PID.1028]
[MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.1176]
[MD5.64C64E7268887F661B911DEED945B898] - (.Bandoo Media Inc. - Datamngr Coordinator.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3360256] [PID.1224] =>Adware.Bandoo
[MD5.309CCA3861F1A2E1ABD23843532A9837] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [347120] [PID.1564]
[MD5.3C23AE0B05DF45CE256E94D6F5CEDF50] - (.AVG Technologies CZ, s.r.o. - AVG Alert Manager.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe [842592] [PID.1996]
[MD5.AE40D1BC6FB02A5625516AD74CA9A309] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289472] [PID.2072]
[MD5.942E7D304E70630CFE4FC1EDDCFC1CDB] - (.TorchMedia Inc. - TorchCrashHandler.) -- C:\Users\toshiba\AppData\Local\Torch\Update\TorchCrashHandler.exe [1206624] [PID.2228]
[MD5.8A603DABD6A7FA5F31E2B6E562E0EBDF] - (.No owner - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [855904] [PID.2792] =>Toolbar.AVGSearch
[MD5.F4938525565B6AFD0F547934F20754E4] - (.Bandoo Media Inc. - Data Manager.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe [3534848] [PID.3384] =>Adware.Bandoo
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myplaycity.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://my.myplaycity.com
R3 - URLSearchHook: uTorrentBar_FR Toolbar [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.14.0.28) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: uTorrentBar_FR [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit
O2 - BHO: AVG Security Toolbar [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.No owner - AVG Secure Search.) -- C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - No Comment.) -- C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) [64Bits] - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} . (.No owner - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll =>Adware.Bandoo
~ BHO: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [NTRedirect] C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =>Hijacker.BabSolution
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Wow6432Node\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [NTRedirect] C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (.not file.) =>Hijacker.BabSolution
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2034115077-1308621816-2593219460-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Marco Polo Turbo Français Anglais.lnk . (...) -- C:\Marco Polo Turbo Vocabulary Tutor\Marco Polo Français Anglais 4.2\Marco Anglais 420.exe
O4 - GS\QuickLaunch: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\toshiba\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Conjugaison.lnk . (...) -- C:\Users\toshiba\AppData\Roaming\Microsoft\Installer\{057AA4D8-559F-42B1-98A0-508303834B2E}\_696c15b3.exe
O4 - GS\Desktop: CyberLink YouCam.lnk . (.CyberLink Corp. - CyberLink YouCam.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
O4 - GS\Desktop: Encyclopaedia Universalis 2012.lnk . (...) -- C:\Program Files (x86)\Encyclopaedia Universalis 2012\Encyclopaedia Universalis 2012\Universalis.exe
O4 - GS\Desktop: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Desktop: Marco Polo Turbo Français Anglais.lnk . (...) -- C:\Marco Polo Turbo Vocabulary Tutor\Marco Polo Français Anglais 4.2\Marco Anglais 420.exe
O4 - GS\Desktop: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: The Logo Creator v5.exe.lnk . (...) -- C:\Program Files (x86)\The Logo Creator v5\The Logo Creator v5.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF4ADF79-69AD-4113-8A9D-3F9022A9F682}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EF4ADF79-69AD-4113-8A9D-3F9022A9F682}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EF4ADF79-69AD-4113-8A9D-3F9022A9F682}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C78B614-912F-4914-A51D-7A693E345E0E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.96.157 213.136.96.37
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: viprotocol [64Bits] - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN64C~1.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) . (.Bandoo Media Inc. - Datamngr Coordinator.) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo
O23 - Service: Torch Crash Handler (TorchCrashHandler) . (.TorchMedia Inc. - TorchCrashHandler.) - C:\Users\toshiba\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: (vToolbarUpdater) . (.No owner - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 10 Legitimates Filtered in 00mn 09s
---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll =>Adware.Bandoo
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll =>Adware.Bandoo
~ Keys: Scanned in 00mn 00s
---\\ Task Planned Automatically (039)
[MD5.ADB62392BC0711707E58E70186CC4AC2] [APT] [EPUpdater] (...) -- C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10224] =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [{32678595-9F55-49F3-9DB0-94B93F736B52}] (...) -- C:\Users\toshiba\Downloads\Programs\aquitania_setup.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Software installed (O42)
O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Hijacker.Eazel
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch
O42 - Logiciel: Marco Polo Français Anglais 4.2 - (.Marco Polo Turbo Vocabulary Tutor.) [HKLM][64Bits] -- Marco_0
O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKLM][64Bits] -- iLivid =>Adware.Bandoo
~ Logic: 63 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5c48bdfb139ee15]
[HKCU\Software\APN DTX]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Marco Polo Turbo Vocabulary Tutor]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\5c48bdfb139ee15]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
~ Key Software: 174 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 06/08/2013 - 13:48:43 - [0,609] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 06/08/2013 - 13:46:43 - [2,390] ----D C:\Program Files (x86)\Delta
O43 - CFD: 08/08/2013 - 18:21:24 - [157,451] ----D C:\Program Files (x86)\LHSP
O43 - CFD: 13/08/2013 - 10:28:10 - [22,958] ----D C:\Program Files (x86)\Movies Toolbar =>Adware.Bandoo
O43 - CFD: 06/08/2013 - 13:46:12 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 06/08/2013 - 13:46:41 - [8,084] ----D C:\ProgramData\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 22/08/2013 - 22:42:19 - [0,011] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 22/08/2013 - 22:41:24 - [0,004] ----D C:\ProgramData\TorchCrashHandler
O43 - CFD: 06/08/2013 - 13:46:33 - [1,279] ----D C:\Users\toshiba\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 06/08/2013 - 13:46:12 - [0,003] ----D C:\Users\toshiba\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 06/08/2013 - 13:48:39 - [0,083] ----D C:\Users\toshiba\AppData\Local\Conduit
O43 - CFD: 13/08/2013 - 10:58:03 - [60,091] ----D C:\Users\toshiba\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 06/08/2013 - 13:46:51 - [0,001] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel
O43 - CFD: 08/08/2013 - 18:09:45 - [0,003] ----D C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marco Polo Turbo Vocabulary Tutor
~ Program Folder: 124 Legitimates Filtered in 00mn 30s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.AAAEBBAE9B181771B6C1B27CDC3EAD2B] - 22/08/2013 - 14:07:50 ---A- . (...) -- C:\Windows\IE10_main.log [28118]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.3D9D1FAF25C9014438C8CB6897DD57E7] - 20/08/2013 - 11:55:17 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 09/08/2013 - 07:29:41 ---A- . (...) -- C:\Windows\win.ini [478]
~ Files: 298 Legitimates Filtered in 00mn 10s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{b206a1a8-fa43-11e2-9050-7c05079cde22}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 01:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 31/07/2013 - 13:56:54 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\SysWOW64\drivers\ewdcsc.sys [32768]
~ Drivers: Scanned in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 02/08/2012 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 108 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <OperaStable>[HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> <OperaStable>[HKCU\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O67 - Shell Spawning: <.html> <OperaStable>[HKCR\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <OperaStable> <Opera Stable>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {94125E87-9EAF-4DE8-BF37-356F577C79A2} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - https://isearch.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} [DefaultScope] - (MyPlayCity) - http://my.myplaycity.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3De71e508e6f0b6f35%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9421F1B2E6DDEEEBEA82516C5E9B4A4A] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\apnuserid.dat [16]
[MD5.85D8CE590AD8981CA2C8286F79F59954] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\appid.dat [3]
[MD5.F3C37E60733738EE1B5B85D02AE60B6B] [SPRF][16/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\defaultCache.reg [81526]
[MD5.04144F7159DBE2105DA27A824630819F] [SPRF][20/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\instloffer.exe [376296]
[MD5.DC29C682BAF5DB06E8F7860010442D3F] [SPRF][22/08/2013] (.TeamDev Ltd - JNIWrapper Native Library.) -- C:\Users\toshiba\AppData\Local\Temp\jniwrap.dll [45112]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF][28/10/2006] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\toshiba\AppData\Local\Temp\ose00000.exe [145184]
[MD5.8CB22BDD0B7BA1AB13D742E22EED8DA2] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\sysid.dat [3]
[MD5.BDEE9D936EFB7C76DF778F45F1CF130D] [SPRF][13/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\trackid.dat [6]
[MD5.3D5B9EDB303C6D3D598B8D6C81A570E1] [SPRF][08/02/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\Uninstall.exe [104117]
[MD5.48A895570D7E3EB6150B1FC8F24843FE] [SPRF][06/08/2013] (...) -- C:\Users\toshiba\AppData\Local\Temp\uttD2AE.tmp.exe [8844800]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{7DFE1E0F-2B4F-402E-8299-1D571EEF3F7F}" | In - Public - P6 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{F47C7110-6B3B-4176-BFA9-2140611F664D}" | In - Public - P17 - TRUE | .(.APN LLC - DtUser.) -- C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo
O87 - FAEL: "{5FAA9887-CF99-4FEE-9167-21250880EABA}" | In - None - P17 - TRUE | .(.Torch Media Inc. - Torch Torrent.) -- C:\Users\toshiba\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
O87 - FAEL: "{B0F42D79-B9D3-435B-8DD9-5DEE9CD3582A}" |In - None - P17 - TRUE | .(...) -- C:\Users\toshiba\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe (.not file.)
O87 - FAEL: "{2759578E-722A-44DB-BE3E-C19E35B4535B}" |In - None - P17 - TRUE | .(...) -- C:\Users\toshiba\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe (.not file.)
~ Firewall: 196 Legitimates Filtered in 00mn 01s
---\\ Random Export Key (REK) (O91)
[HKCU\Software\5c48bdfb139ee15]:version="2.6.1519.190"
[HKLM\Software\Wow6432Node\5c48bdfb139ee15]:version="2.6.1519.190"
~ Export Key Software: Scanned in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.B1C861317B5A5D0755FBC53352C4B0A3] [WIS][06/08/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\124a8b.msi [22614016]
[MD5.66697CC6FB5EE64EAE12EF48FAEF65C8] [WIS][04/10/2010] (.homework - Conjugaison.) -- C:\Windows\Installer\1bd657.msi [2266624]
~ WIS: 34 Legitimates Filtered in 00mn 03s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/11/2011 167264 | (AVG Security Toolbar Service) . (...) - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
SR - | Auto 31/07/2013 308136 | (avg9wd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
SS - | Disabled 26/07/2013 2847696 | (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe =>Hijacker.Eazel
SS - | Demand 25/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 12/08/2013 3360256 | (DatamngrCoordinator) . (.Bandoo Media Inc..) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo
SS - | Auto 06/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 23/10/2012 347120 | (InternetEverywhere_Service) . (...) - C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
SR - | Auto 12/07/2013 3289472 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 20/07/2013 1206624 | (TorchCrashHandler) . (.TorchMedia Inc..) - C:\Users\toshiba\AppData\Local\Torch\Update\TorchCrashHandler.exe
SR - | Auto 17/03/2009 189808 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 31/07/2013 855904 | (vToolbarUpdater) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 00\00\0000 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12862 - (22/08/2013)
Clés trouvées (Keys found) : 131
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 20
Fichiers trouvés (Files found) : 19
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>Hijacker.Eazel^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta] =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\SearchQUIEHelper.DNSGuard] =>Adware.Bandoo
[HKLM\Software\Classes\SearchQUIEHelper.DNSGuard.1] =>Adware.Bandoo
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKCU\Software\APN DTX] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\uTorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NTRedirect =>Hijacker.BabSolution^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSearch^
C:\Program Files (x86)\Movies Toolbar =>Adware.Bandoo^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\ProgramData\BrowserDefender =>Hijacker.Eazel^
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\Users\toshiba\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\toshiba\AppData\Roaming\Babylon =>Toolbar.Babylon^
C:\Users\toshiba\AppData\Local\iLivid =>Adware.Bandoo^
C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel^
C:\Program Files (x86)\AVG Secure Search =>Toolbar.AVGSearch
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\uTorrentBar_FR =>Toolbar.Conduit
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\toshiba\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\toshiba\AppData\LocalLow\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\toshiba\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\toshiba\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\toshiba\AppData\LocalLow\uTorrentBar_FR =>Toolbar.Conduit
C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Program Files (x86)\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>Adware.Bandoo^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe =>Adware.Bandoo^
C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit^
C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch^
C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll =>Toolbar.DeltaSearch^
C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll =>Adware.Bandoo^
C:\Users\toshiba\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo^
C:\Users\toshiba\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe =>Adware.Bandoo^
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe =>Hijacker.Eazel^
C:\Users\toshiba\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
~ Additionnel Scan: 200288 Items scanned in 00mn 18s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ MSI: 16 link(s) detected in 00mn 18s
~ 1200 Legitimates filtered by white list
End of the scan (716 lines in 01mn 38s)(0)
ce qui précède est sans doute le resultat du diagnostic dont tu me parlais. le voici donc j'attend impatiemment ta solution.Merci d'avance.
Re,
Ne sois pas angoissé, tout va bien se passer. :)
Tu me diras où tu en es dans la procédure pour ZHPDiag.
À demain.
Gabriel.
Ne sois pas angoissé, tout va bien se passer. :)
Tu me diras où tu en es dans la procédure pour ZHPDiag.
À demain.
Gabriel.
le diagnostic est beaucoup trop long pour <ue je te l'envoie par message sur ceux comment te l'envoyer par l'intermediaire d'un lien?
Salut,
Oui par un lien stp, car là il n'est pas tout à fait complet : suis ce tutoriel pour héberger le rapport : http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html
Gabriel.
Oui par un lien stp, car là il n'est pas tout à fait complet : suis ce tutoriel pour héberger le rapport : http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html
Gabriel.
Re,
Ok, passe AdwCleaner comme ceci et poste moi le rapport : http://www.forum-entraide-informatique.com/support/adwcleaner-tutoriel-t875.html
Gabriel.
Ok, passe AdwCleaner comme ceci et poste moi le rapport : http://www.forum-entraide-informatique.com/support/adwcleaner-tutoriel-t875.html
Gabriel.
Oui je l'ai reçu je t'ai demandé ceci : https://forums.commentcamarche.net/forum/affich-28565320-babsolution-shared-ntredirect-dll#15
ok. j'ai suivi tes instructions et voici le lien; https://www.cjoint.com/c/CHxntoYK1Sr
Merci pour tout ce que tu fais pour m'aider. Dieu te benisse.
encore Merci et j'attend impatiemment tes instructions.
Merci Ghyslain311.
Merci pour tout ce que tu fais pour m'aider. Dieu te benisse.
encore Merci et j'attend impatiemment tes instructions.
Merci Ghyslain311.
Re,
Très bien.
Passe Junkware Removal Tool comme ceci : http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html
Gabriel.
Très bien.
Passe Junkware Removal Tool comme ceci : http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html
Gabriel.
j'ai fini tout en suivant tes instructions à la lettre ainsi voici ce qui c'est affiché. voici le lien:https://www.cjoint.com/c/CHxnVpLqAqy
j'attend ta réponse et encore Merci.
j'attend ta réponse et encore Merci.
Re,
Parfait. :)
Fais moi un nouveau rapport ZHPDiag à présent.
Toujours en cliquant sur Configurer puis la loupe la plus à droite, et en hébergeant le rapport.
Gabriel.
Parfait. :)
Fais moi un nouveau rapport ZHPDiag à présent.
Toujours en cliquant sur Configurer puis la loupe la plus à droite, et en hébergeant le rapport.
Gabriel.
j'ai terminer voici le lien:https://www.cjoint.com/c/CHxooAU7iZg
j'attend ta reponse maintenant.
Merci.
Ghyslain311.
j'attend ta reponse maintenant.
Merci.
Ghyslain311.
