Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2015.6.16.57 - Nicolas Coolman (6/16/2015)
~ Launched by Adam (6/26/2015 7:59:48 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://www.forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v43.0.2357.130 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ System protection software
AVG 2015 v15.0.6037
Malwarebytes Anti-Malware version 2.1.6.1022
Windows Defender W7 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 17 NPAPI
Adobe Reader XI
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8182.0 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 112 GB (48%) free of 232 GB
---\\ Connection to the system mode
~ Computer Name: ADAM-PC
~ User Name: Adam
~ All Users Names: HomeGroupUser$, Guest, Administrator, Adam,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Adam\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Adam\AppData\Roaming\
~ %Desktop% : C:\Users\Adam\Desktop\
~ %Favorites% : C:\Users\Adam\Favorites\
~ %LocalAppData% : C:\Users\Adam\AppData\Local\
~ %StartMenu% : C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 112 Go of 232 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 189 Go of 233 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2/25/2011 - 1:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/13/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/26/2013 - 2:07:57 AM.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/20/2010 - 10:24:29 PM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.11/20/2010 - 10:24:16 PM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/27/2013 - 8:09:10 PM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 10:24:32 PM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.7/13/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/26/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 10:23:51 PM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.4/12/2013 - 9:45:08 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.7/13/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 10:24:33 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 10:25:07 PM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 10:24:32 PM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/45
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/48
~ Mes Documents (My Documents) : 1/38
~ Mon Bureau (My Desktop) : 1/13492
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 11mn AMs
---\\ Process running
[MD5.7E212E742BF06BF678AE35E9C1B74B8F] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6212920] [PID.2328]
[MD5.1101EEE8D2CD363529BF592A564E5552] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496] [PID.2384]
[MD5.D7A01FF6CBD83D2D4A1967D19390F4F0] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2639144] [PID.2560]
[MD5.5E12A39937EF2C6471B2E9DA68CBC56A] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19549320] [PID.2668]
[MD5.1EF8A78DCA63352A9050F5126D9983BE] - (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4924288] [PID.2724]
[MD5.35048D8E8A0BF7A797CD5757ACD7EED0] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816] [PID.2876]
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.2884]
[MD5.7A14226EA967021C42EC17E506B0A6CE] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912] [PID.2912]
[MD5.763CF780485BE99AB60418294C2167C9] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704] [PID.2988]
[MD5.64093FC9034F0679D5E1F3875856FA7A] - (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112] [PID.3008] =>Toolbar.AVGSafeGuard
[MD5.3CAEB7B257EB2AA242D41D783DD483F1] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824] [PID.3032]
[MD5.91E41689E06FF48B029E877E2AD0E638] - (.AVG Secure Search - avgcefrend.) -- C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe [1402392] [PID.3684] =>Toolbar.AVGSearch
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.2344]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8218112] [PID.7564]
[MD5.FFD80DC0CDA145C3376A5076360162C8] - (...) -- C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056] [PID.736] =>Toolbar.AVGSafeGuard
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1492]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1512]
[MD5.5EDFC87A771F26CBD9B2D7BEA77B661D] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1526936] [PID.1592]
[MD5.0A1C51FF7110134896066107ED9A4D6C] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072] [PID.1712]
[MD5.AA8BF3CBEAACB3AC8B6FAF66B74661AF] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816] [PID.1824]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2036]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2280]
[MD5.47A543ECF4D8D1BA5E5DC8F7EF08BF91] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480] [PID.2708] =>Toolbar.AVGSearch
[MD5.97F77CF7821BF4676B16B5C2D534398A] - (.No owner - loggings Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe [159768] [PID.2936] =>Toolbar.AVGSearch
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 6 Legitimates Filtered in 00mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\prefs.js
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\user.js
M3 - MFPP: Plugins - [Adam] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Adam] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\searchplugins\avg-secure-search.xml =>Toolbar.AVGSearch
M3 - MFPP: Plugins - [Adam] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Adam] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml =>PUP.SearchResults
M3 - MFPP: Plugins - [Adam] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wtu-secure-search.xml
M0 - MFSP: prefs.js [Adam - driak909.default] http://mysearch.avg.com
M2 - MFEP: prefs.js [Adam - driak909.default\{ef8e675b-6f9f-45a0-bae1-7c026a1f477b}] [] Lasaoren Search v2.1.1 (..) =>PUP.Lasaoren
M2 - MFEP: Extension [Adam - driak909.default] {ef8e675b-6f9f-45a0-bae1-7c026a1f477b}
~ Firefox Browser: 18 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn AMs
---\\ Browser Helper Objects (O2)
O2 - BHO: Wondershare Video Converter Ultimate 7.1.0 [64Bits] - {451C804F-C205-4F03-B48E-537EC94937BF} . (.Wondershare - Browser Helper Object.) -- C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll
O2 - BHO: AVG Web TuneUp [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG - AVG Web TuneUp.dll.) -- C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll =>Toolbar.AVGSafeGuard
~ BHO: 9 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: DAEMON Tools Toolbar - [HKLM]{32099AAC-C132-4136-9E9A-4E364A424E17} . (...) -- (.not file.)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{32099AAC-C132-4136-9E9A-4E364A424E17} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{064B7C36-A156-4233-8D06-921F8A60FB6A} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{15183E47-09E8-49A5-B8C2-F4DD9356C3E8} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42435041-312D-5637-00A7-7A786E7484D7} Orphan key
~ Toolbar: Scanned in 00mn AMs
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: iLivid Download Manager.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Program Files (x86)\iLivid\ilivid.exe =>Adware.Bandoo
O4 - GS\QuickLaunch [Adam]: Sparta.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://plarium.com =>Hijacker.Browsers
O4 - GS\QuickLaunch [Adam]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Adam]: Video Downloader.lnk . (...) -- C:\Program Files (x86)\vGrabber-software\VideoDownloader.exe =>PUP.vGrabber
~ Global Startup: 4 Legitimates Filtered in 01mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Apple_KbdMgr] . (.Apple Inc. - Boot Camp Manager.) -- C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [AgentAntidote32] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
O4 - HKLM\..\Run: [AgentAntidote64] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
O4 - HKCU\..\Run: [Power2GoExpress] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [DelaypluginInstall] . (...) -- C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe =>Toolbar.AVGSafeGuard
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKUS\.DEFAULT\..\Run: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\.DEFAULT\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-18\..\Run: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-18\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-891616305-3290006810-284611649-1001\..\Run: [Power2GoExpress] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
O4 - HKUS\S-1-5-21-891616305-3290006810-284611649-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-891616305-3290006810-284611649-1001\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
~ Application: Scanned in 00mn AMs
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
~ Objets ActiveX: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{49350254-6131-40C1-9F34-E39DFD8D9C07}: DhcpNameServer = 66.28.0.45 66.28.0.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{49350254-6131-40C1-9F34-E39DFD8D9C07}: DhcpNameServer = 66.28.0.45 66.28.0.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{49350254-6131-40C1-9F34-E39DFD8D9C07}: DhcpNameServer = 66.28.0.45 66.28.0.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.28.0.45 66.28.0.61
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: WSWSVCUchrome [64Bits] - {1CA93FF0-A218-44F1-lSet . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) . (.No owner - Provides support for switching between Mac.) - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: (vToolbarUpdater18.4.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WtuSystemSupport (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard
~ Services: 15 Legitimates Filtered in 16mn AMs
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [4552] (...) -- C:\Users\Adam\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [{55F60B6D-41EA-4270-865F-FEFDCE8FD16F}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{927E7F3E-BCE3-45A4-85D7-573926EB1F9D}] (...) -- F:\apprendre anglais\learn to speak english\LTSSETUP.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Norton Security Scan for Adam [450]
~ Scheduled Task: 17 Legitimates Filtered in 03mn AMs
---\\ Software installed (O42)
O42 - Logiciel: BackUpDutyLite - (.BackUpDutyLite.) [HKLM][64Bits] -- BackUpDutyLite
O42 - Logiciel: Files Opened - (...) [HKLM][64Bits] -- Files Opened
O42 - Logiciel: Update for PriceFountain - (.Update for PriceFountain.) [HKCU][64Bits] -- Price Fountain =>PUP.PriceFountain
O42 - Logiciel: WeLoveFilms - US Toolbar - (.WeLoveFilms - US.) [HKLM][64Bits] -- WeLoveFilms_-_US Toolbar
O42 - Logiciel: iLivid - (.Bandoo Media Inc..) [HKLM][64Bits] -- iLivid =>Adware.Bandoo
O42 - Logiciel: iLivid - (.Bandoo Media Inc..) [HKLM][64Bits] -- {8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} =>Adware.Bandoo
~ Logic: 49 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Captaindownloads]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Mixi.DJ]
[HKCU\Software\PrcFountain]
[HKCU\Software\PriceFountain] =>PUP.PriceFountain
[HKCU\Software\Reg]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\WeLoveFilms_-_US]
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\reimagerepair] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\OverTheEdge]
[HKLM\Software\Wow6432Node\Produtools_Manuals_2.1]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SearchquMediabarTb] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\WeLoveFilms_-_US]
[HKLM\Software\Wow6432Node\iLividSRTB] =>Adware.Bandoo
~ Key Software: 346 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 9/21/2014 - 2:25:42 PM - [0] ----D C:\Program Files (x86)\ASP
O43 - CFD: 12/24/2013 - 2:29:19 PM - [] ----D C:\Program Files (x86)\BackUpDutyLite
O43 - CFD: 1/10/2012 - 5:50:28 PM - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 12/24/2013 - 2:29:23 PM - [] ----D C:\Program Files (x86)\Files Opened
O43 - CFD: 11/18/2014 - 6:33:01 PM - [] ----D C:\Program Files (x86)\iLivid =>Adware.Bandoo
O43 - CFD: 9/16/2014 - 9:02:35 PM - [0] ----D C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar
O43 - CFD: 10/13/2014 - 5:35:58 PM - [] ----D C:\Program Files (x86)\OverTheEdge
O43 - CFD: 8/30/2012 - 11:32:05 PM - [0] ----D C:\Program Files (x86)\Produtools_Manuals_2.1
O43 - CFD: 9/16/2014 - 9:02:35 PM - [0] ----D C:\Program Files (x86)\Search Results Toolbar =>PUP.SearchResults
O43 - CFD: 6/21/2015 - 10:54:01 PM - [] ----D C:\Program Files (x86)\WeLoveFilms_-_US
O43 - CFD: 12/24/2013 - 2:29:16 PM - [] ----D C:\ProgramData\APN
O43 - CFD: 1/10/2012 - 5:51:16 PM - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 12/24/2013 - 2:33:48 PM - [0] ----D C:\ProgramData\FilesOpened
O43 - CFD: 3/13/2014 - 11:36:02 AM - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 12/24/2013 - 2:29:23 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FilesOpened
O43 - CFD: 1/10/2012 - 5:52:56 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid =>Adware.Bandoo
O43 - CFD: 11/21/2010 - 3:16:46 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 11/12/2014 - 8:20:20 PM - [] ----D C:\Users\Adam\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
O43 - CFD: 9/1/2014 - 6:48:19 PM - [] ----D C:\Users\Adam\AppData\Roaming\sparta111
O43 - CFD: 9/1/2014 - 6:52:53 PM - [0] ----D C:\Users\Adam\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 9/21/2014 - 3:11:47 PM - [] ----D C:\Users\Adam\AppData\Local\Conduit
O43 - CFD: 3/26/2013 - 3:40:19 PM - [] ----D C:\Users\Adam\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 1/8/2012 - 7:12:42 PM - [] ----D C:\Users\Adam\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 12/10/2014 - 6:58:59 PM - [] ----D C:\Users\Adam\AppData\Local\Sparta
O43 - CFD: 9/1/2014 - 7:26:19 PM - [0] ----D C:\Users\Adam\AppData\Local\WorldofTanks
O43 - CFD: 12/24/2013 - 2:29:19 PM - [] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BackUpDutyLite
O43 - CFD: 12/24/2013 - 2:29:23 PM - [0] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesOpened
O43 - CFD: 6/25/2015 - 12:20:13 AM - [] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain =>PUP.PriceFountain
O43 - CFD: 9/1/2014 - 6:48:19 PM - [] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta
~ Program Folder: 244 Legitimates Filtered in 00mn AMs
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{de847586-4a3e-11e1-b667-78ca39c888e2}\AutoRun\command. (...) -- F:\HPLauncher.exe (.not file.)
O51 - MPSK:{de84758a-4a3e-11e1-b667-78ca39c888e2}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.)
O51 - MPSK:{ee04767f-fdfa-11e0-adb7-806e6f6e6963}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:7/13/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:6/10/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:1/1/1601 - 5:00:00 AM ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:7/13/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:3/18/2013 - 3:51:08 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 79 Legitimates Filtered in 01mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("CT3268934.installId", "conduitinstaller.exe"); =>Adware.Bloson
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("CT3268934.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("CT3287768.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("Smartbar.ConduitHomepagesList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("Smartbar.ConduitSearchEngineList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("Smartbar.ConduitSearchUrlList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("browser.search.defaultthis.engineName", "Vgrabber v1 Customized Web Search"); =>PUP.vGrabber
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI,http://search.cond[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2,http[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.homepageList", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI,http://search.conduit.com[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.originalSearchEngine", "Search Results"); =>PUP.SearchResults
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.searchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2,http://sear[...] =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {064E7738-821C-4CC1-8E2A-0834F6FB092D} - (uTorrentControl_v2 Customized Web Search) - http://search.conduit.com =>PUP.UTorrentControl
O69 - SBI: SearchScopes [HKCU] {57ABA643-6C84-490A-8CD4-CB574A263378} - (Vgrabber v1 Customized Web Search) - http://search.conduit.com =>PUP.vGrabber
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9879384D-916A-43C2-B31C-8CA54CCB58D7} - (WeLoveFilms - US Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [DefaultScope] - (Lasaoren) - http://Lasaoren.com =>PUP.Lasaoren
O69 - SBI: SearchScopes [HKCU] {A25AC313-DD19-4238-ACA2-401D6BEE4321} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} - (FreezbGames B Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {F1BE25A2-73DA-4B73-8483-30BA000DD882} - (Ask Search) - http://www.search.ask.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.577FC9FEE894C211E3992D13215C9537] [SPRF][1/29/2015] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.A629C780C12A1A5964968125E0184912] [SPRF][8/3/2012] (...) -- C:\Users\Adam\Desktop\CopyTransContacts.exe [8108600]
~ Files: 2 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{2B0060C4-C683-4A98-AF1C-6BB4CE873C84}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{36871D61-E4E8-4B5C-A892-192DB7A6B06F}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{46E9246F-CC8D-47B3-9AA7-3CAABA6A7F21}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A6A816E0-3B0D-4E8F-BBBA-DDFBF6F2A2C7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 01mn AMs
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.B98594799B739D62D1BC2E78CF460267] [WIS][1/10/2012] (.Bandoo Media Inc. - iLivid Installation.) -- C:\Windows\Installer\17a277.msi [290816] =>Adware.Bandoo
~ WIS: 1 Legitimates Filtered in 01mn AMs
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Deal Boat_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Deal Boat_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividMediaBar_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividMediaBar_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASAPI32 =>PUP.PaybyAds
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASMANCS =>PUP.PaybyAds
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2AutoUpdateHelper_RASAPI32 =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2AutoUpdateHelper_RASMANCS =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2ToolbarHelper_RASAPI32 =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2ToolbarHelper_RASMANCS =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent[1]_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent[1]_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_B_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_B_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-17E0_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-17E0_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 271 Legitimates Filtered in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 6/24/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/6/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/6/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8/12/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2/21/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 6/5/2013 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 7/13/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/19/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/14/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 2/12/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/15/2011 224640 | (AppleOSSMgr) . (...) - C:\Windows\system32\AppleOSSMgr.exe
SR - | Auto 10/6/2010 110904 | (AppleTimeSrv) . (.Apple Inc..) - C:\Windows\system32\AppleTimeSrv.exe
SR - | Auto 6/16/2015 1526936 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
SR - | Auto 6/16/2015 3461072 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 6/16/2015 312816 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 8/31/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 4/14/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 4/14/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 5/15/2015 2967864 | (TuneUp.UtilitiesSvc) . (.AVG Technologies.) - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
SR - | Auto 3/4/2015 1875480 | (vToolbarUpdater18.4.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 7/22/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 6/18/2015 620056 | (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard
SR - | Auto 7/13/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 08mn AMs
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:1/1/1601 - 5:00:00 AM ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 08mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13008 - (6/16/2015)
Clés trouvées (Keys found) : 69
Valeurs trouvées (Values found) : 7
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 15
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSafeGuard^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.4.0] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\WtuSystemSupport] =>Toolbar.AVGSafeGuard^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain] =>PUP.PriceFountain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] =>Adware.Bandoo^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>PUP.Conduit
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\DNSBHO.dll] =>Adware.Bandoo
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\DnsBHO.BHO] =>Adware.Bandoo
[HKLM\Software\Classes\DnsBHO.BHO.1] =>Adware.Bandoo
[HKLM\Software\Classes\ilivid] =>
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3] =>Adware.Bandoo
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\iLividSRTB] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\SearchquMediabarTb] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo
[HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>PUP.Conduit
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Classes\Toolbar.CT3063386] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3282140] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3063386] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3282140] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271147}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSafeGuard^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\extensions\{ef8e675b-6f9f-45a0-bae1-7c026a1f477b} =>PUP.Lasaoren^
C:\Program Files (x86)\iLivid =>Adware.Bandoo^
C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar^
C:\Program Files (x86)\Search Results Toolbar =>PUP.SearchResults^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid =>Adware.Bandoo^
C:\Users\Adam\AppData\Local\iLivid =>Adware.Bandoo^
C:\Users\Adam\AppData\Local\Ilivid Player =>Adware.Bandoo^
C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain =>PUP.PriceFountain^
C:\Program Files (x86)\Conduit =>PUP.Conduit
C:\Program Files (x86)\DAEMON Tools Toolbar =>Toolbar.Agent
C:\Program Files (x86)\vGrabber-software =>PUP.vGrabber
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\Adam\AppData\Local\Conduit =>PUP.Conduit
C:\Users\Adam\AppData\LocalLow\Conduit =>PUP.Conduit
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\searchqutoolbar =>Adware.Bandoo
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\Smartbar =>Hijacker.SmartBar
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe =>Toolbar.AVGSafeGuard^
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe =>Toolbar.AVGSearch^
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect^
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\PriceFountain] =>PUP.PriceFountain^
[HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKCU\Software\reimagerepair] =>Rogue.ReimageRepair^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
C:\Windows\Installer\17a277.msi =>Adware.Bandoo^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 295771 Items scanned in 30mn AMs
---\\ Additional information about modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://www.nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://www.nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Toolbar.AVGSafeGuard
http://www.nicolascoolman.fr/pup-searchresults =>PUP.SearchResults
http://www.nicolascoolman.fr/blog/ =>PUP.Lasaoren
http://www.nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://www.nicolascoolman.fr/pup-vgrabber =>PUP.vGrabber
http://www.nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.PriceFountain
http://www.nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://www.nicolascoolman.fr/pup-vittalia =>PUP.Vittalia
http://www.nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://www.nicolascoolman.fr/pup-moviestoolbar =>PUP.MoviesToolbar
http://www.nicolascoolman.fr/adware-bloson =>Adware.Bloson
http://www.nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://www.nicolascoolman.fr/blog/ =>PUP.UTorrentControl
http://www.nicolascoolman.fr/adware-domaiq =>Adware.DomaIQ
http://www.nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://www.nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://www.nicolascoolman.fr/pup-paybyads =>PUP.PaybyAds
http://www.nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://www.nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://www.nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Toolbar.MixiDJ
http://www.nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>Toolbar.DaemonTools
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
~ MSI: 31 link(s) detected in 00mn AMs
~ 919 Legitimates filtered by white list
End of the scan (726 lines in 40mn AMs)(0.11)
~ Launched by Adam (6/26/2015 7:59:48 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://www.forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v43.0.2357.130 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ System protection software
AVG 2015 v15.0.6037
Malwarebytes Anti-Malware version 2.1.6.1022
Windows Defender W7 (Deactivate)
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 17 NPAPI
Adobe Reader XI
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8182.0 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 112 GB (48%) free of 232 GB
---\\ Connection to the system mode
~ Computer Name: ADAM-PC
~ User Name: Adam
~ All Users Names: HomeGroupUser$, Guest, Administrator, Adam,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Adam\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Adam\AppData\Roaming\
~ %Desktop% : C:\Users\Adam\Desktop\
~ %Favorites% : C:\Users\Adam\Favorites\
~ %LocalAppData% : C:\Users\Adam\AppData\Local\
~ %StartMenu% : C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 112 Go of 232 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 189 Go of 233 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2/25/2011 - 1:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/13/2009 - 8:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/26/2013 - 2:07:57 AM.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/20/2010 - 10:24:29 PM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.11/20/2010 - 10:24:16 PM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/27/2013 - 8:09:10 PM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 8:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 6:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 10:24:32 PM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.7/13/2009 - 6:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 7:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/26/2011 - 9:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 10:23:51 PM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.4/12/2013 - 9:45:08 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.7/13/2009 - 7:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 10:24:33 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 10:25:07 PM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 7:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 10:24:32 PM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/45
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/48
~ Mes Documents (My Documents) : 1/38
~ Mon Bureau (My Desktop) : 1/13492
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 11mn AMs
---\\ Process running
[MD5.7E212E742BF06BF678AE35E9C1B74B8F] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6212920] [PID.2328]
[MD5.1101EEE8D2CD363529BF592A564E5552] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1214496] [PID.2384]
[MD5.D7A01FF6CBD83D2D4A1967D19390F4F0] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2639144] [PID.2560]
[MD5.5E12A39937EF2C6471B2E9DA68CBC56A] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19549320] [PID.2668]
[MD5.1EF8A78DCA63352A9050F5126D9983BE] - (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4924288] [PID.2724]
[MD5.35048D8E8A0BF7A797CD5757ACD7EED0] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816] [PID.2876]
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.2884]
[MD5.7A14226EA967021C42EC17E506B0A6CE] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912] [PID.2912]
[MD5.763CF780485BE99AB60418294C2167C9] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704] [PID.2988]
[MD5.64093FC9034F0679D5E1F3875856FA7A] - (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112] [PID.3008] =>Toolbar.AVGSafeGuard
[MD5.3CAEB7B257EB2AA242D41D783DD483F1] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824] [PID.3032]
[MD5.91E41689E06FF48B029E877E2AD0E638] - (.AVG Secure Search - avgcefrend.) -- C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe [1402392] [PID.3684] =>Toolbar.AVGSearch
[MD5.CC02FE4520CA886508069245D9A6962F] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.2344]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8218112] [PID.7564]
[MD5.FFD80DC0CDA145C3376A5076360162C8] - (...) -- C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056] [PID.736] =>Toolbar.AVGSafeGuard
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1492]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1512]
[MD5.5EDFC87A771F26CBD9B2D7BEA77B661D] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1526936] [PID.1592]
[MD5.0A1C51FF7110134896066107ED9A4D6C] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072] [PID.1712]
[MD5.AA8BF3CBEAACB3AC8B6FAF66B74661AF] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816] [PID.1824]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2036]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2280]
[MD5.47A543ECF4D8D1BA5E5DC8F7EF08BF91] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480] [PID.2708] =>Toolbar.AVGSearch
[MD5.97F77CF7821BF4676B16B5C2D534398A] - (.No owner - loggings Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe [159768] [PID.2936] =>Toolbar.AVGSearch
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 6 Legitimates Filtered in 00mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\prefs.js
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\user.js
M3 - MFPP: Plugins - [Adam] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Adam] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\searchplugins\avg-secure-search.xml =>Toolbar.AVGSearch
M3 - MFPP: Plugins - [Adam] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Adam] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml =>PUP.SearchResults
M3 - MFPP: Plugins - [Adam] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wtu-secure-search.xml
M0 - MFSP: prefs.js [Adam - driak909.default] http://mysearch.avg.com
M2 - MFEP: prefs.js [Adam - driak909.default\{ef8e675b-6f9f-45a0-bae1-7c026a1f477b}] [] Lasaoren Search v2.1.1 (..) =>PUP.Lasaoren
M2 - MFEP: Extension [Adam - driak909.default] {ef8e675b-6f9f-45a0-bae1-7c026a1f477b}
~ Firefox Browser: 18 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn AMs
---\\ Browser Helper Objects (O2)
O2 - BHO: Wondershare Video Converter Ultimate 7.1.0 [64Bits] - {451C804F-C205-4F03-B48E-537EC94937BF} . (.Wondershare - Browser Helper Object.) -- C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll
O2 - BHO: AVG Web TuneUp [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG - AVG Web TuneUp.dll.) -- C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll =>Toolbar.AVGSafeGuard
~ BHO: 9 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: DAEMON Tools Toolbar - [HKLM]{32099AAC-C132-4136-9E9A-4E364A424E17} . (...) -- (.not file.)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{32099AAC-C132-4136-9E9A-4E364A424E17} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{064B7C36-A156-4233-8D06-921F8A60FB6A} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{15183E47-09E8-49A5-B8C2-F4DD9356C3E8} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42435041-312D-5637-00A7-7A786E7484D7} Orphan key
~ Toolbar: Scanned in 00mn AMs
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: iLivid Download Manager.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Program Files (x86)\iLivid\ilivid.exe =>Adware.Bandoo
O4 - GS\QuickLaunch [Adam]: Sparta.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://plarium.com =>Hijacker.Browsers
O4 - GS\QuickLaunch [Adam]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Adam]: Video Downloader.lnk . (...) -- C:\Program Files (x86)\vGrabber-software\VideoDownloader.exe =>PUP.vGrabber
~ Global Startup: 4 Legitimates Filtered in 01mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Apple_KbdMgr] . (.Apple Inc. - Boot Camp Manager.) -- C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [AgentAntidote32] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
O4 - HKLM\..\Run: [AgentAntidote64] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
O4 - HKCU\..\Run: [Power2GoExpress] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [DelaypluginInstall] . (...) -- C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.No owner - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe =>Toolbar.AVGSafeGuard
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKUS\.DEFAULT\..\Run: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\.DEFAULT\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-18\..\Run: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-18\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-891616305-3290006810-284611649-1001\..\Run: [Power2GoExpress] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
O4 - HKUS\S-1-5-21-891616305-3290006810-284611649-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-891616305-3290006810-284611649-1001\..\Run: [Exetender] . (.Exent Technologies Ltd. - EXETender Player.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
~ Application: Scanned in 00mn AMs
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
~ Objets ActiveX: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{49350254-6131-40C1-9F34-E39DFD8D9C07}: DhcpNameServer = 66.28.0.45 66.28.0.61
O17 - HKLM\System\CS1\Services\Tcpip\..\{49350254-6131-40C1-9F34-E39DFD8D9C07}: DhcpNameServer = 66.28.0.45 66.28.0.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{49350254-6131-40C1-9F34-E39DFD8D9C07}: DhcpNameServer = 66.28.0.45 66.28.0.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.28.0.45 66.28.0.61
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: WSWSVCUchrome [64Bits] - {1CA93FF0-A218-44F1-lSet . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) . (.No owner - Provides support for switching between Mac.) - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: (vToolbarUpdater18.4.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WtuSystemSupport (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard
~ Services: 15 Legitimates Filtered in 16mn AMs
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [4552] (...) -- C:\Users\Adam\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [{55F60B6D-41EA-4270-865F-FEFDCE8FD16F}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{927E7F3E-BCE3-45A4-85D7-573926EB1F9D}] (...) -- F:\apprendre anglais\learn to speak english\LTSSETUP.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Norton Security Scan for Adam [450]
~ Scheduled Task: 17 Legitimates Filtered in 03mn AMs
---\\ Software installed (O42)
O42 - Logiciel: BackUpDutyLite - (.BackUpDutyLite.) [HKLM][64Bits] -- BackUpDutyLite
O42 - Logiciel: Files Opened - (...) [HKLM][64Bits] -- Files Opened
O42 - Logiciel: Update for PriceFountain - (.Update for PriceFountain.) [HKCU][64Bits] -- Price Fountain =>PUP.PriceFountain
O42 - Logiciel: WeLoveFilms - US Toolbar - (.WeLoveFilms - US.) [HKLM][64Bits] -- WeLoveFilms_-_US Toolbar
O42 - Logiciel: iLivid - (.Bandoo Media Inc..) [HKLM][64Bits] -- iLivid =>Adware.Bandoo
O42 - Logiciel: iLivid - (.Bandoo Media Inc..) [HKLM][64Bits] -- {8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} =>Adware.Bandoo
~ Logic: 49 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Captaindownloads]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Mixi.DJ]
[HKCU\Software\PrcFountain]
[HKCU\Software\PriceFountain] =>PUP.PriceFountain
[HKCU\Software\Reg]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\WeLoveFilms_-_US]
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\reimagerepair] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\OverTheEdge]
[HKLM\Software\Wow6432Node\Produtools_Manuals_2.1]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SearchquMediabarTb] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\WeLoveFilms_-_US]
[HKLM\Software\Wow6432Node\iLividSRTB] =>Adware.Bandoo
~ Key Software: 346 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 9/21/2014 - 2:25:42 PM - [0] ----D C:\Program Files (x86)\ASP
O43 - CFD: 12/24/2013 - 2:29:19 PM - [] ----D C:\Program Files (x86)\BackUpDutyLite
O43 - CFD: 1/10/2012 - 5:50:28 PM - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 12/24/2013 - 2:29:23 PM - [] ----D C:\Program Files (x86)\Files Opened
O43 - CFD: 11/18/2014 - 6:33:01 PM - [] ----D C:\Program Files (x86)\iLivid =>Adware.Bandoo
O43 - CFD: 9/16/2014 - 9:02:35 PM - [0] ----D C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar
O43 - CFD: 10/13/2014 - 5:35:58 PM - [] ----D C:\Program Files (x86)\OverTheEdge
O43 - CFD: 8/30/2012 - 11:32:05 PM - [0] ----D C:\Program Files (x86)\Produtools_Manuals_2.1
O43 - CFD: 9/16/2014 - 9:02:35 PM - [0] ----D C:\Program Files (x86)\Search Results Toolbar =>PUP.SearchResults
O43 - CFD: 6/21/2015 - 10:54:01 PM - [] ----D C:\Program Files (x86)\WeLoveFilms_-_US
O43 - CFD: 12/24/2013 - 2:29:16 PM - [] ----D C:\ProgramData\APN
O43 - CFD: 1/10/2012 - 5:51:16 PM - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 12/24/2013 - 2:33:48 PM - [0] ----D C:\ProgramData\FilesOpened
O43 - CFD: 3/13/2014 - 11:36:02 AM - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 12/24/2013 - 2:29:23 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FilesOpened
O43 - CFD: 1/10/2012 - 5:52:56 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid =>Adware.Bandoo
O43 - CFD: 11/21/2010 - 3:16:46 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 11/12/2014 - 8:20:20 PM - [] ----D C:\Users\Adam\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
O43 - CFD: 9/1/2014 - 6:48:19 PM - [] ----D C:\Users\Adam\AppData\Roaming\sparta111
O43 - CFD: 9/1/2014 - 6:52:53 PM - [0] ----D C:\Users\Adam\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 9/21/2014 - 3:11:47 PM - [] ----D C:\Users\Adam\AppData\Local\Conduit
O43 - CFD: 3/26/2013 - 3:40:19 PM - [] ----D C:\Users\Adam\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 1/8/2012 - 7:12:42 PM - [] ----D C:\Users\Adam\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 12/10/2014 - 6:58:59 PM - [] ----D C:\Users\Adam\AppData\Local\Sparta
O43 - CFD: 9/1/2014 - 7:26:19 PM - [0] ----D C:\Users\Adam\AppData\Local\WorldofTanks
O43 - CFD: 12/24/2013 - 2:29:19 PM - [] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BackUpDutyLite
O43 - CFD: 12/24/2013 - 2:29:23 PM - [0] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesOpened
O43 - CFD: 6/25/2015 - 12:20:13 AM - [] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain =>PUP.PriceFountain
O43 - CFD: 9/1/2014 - 6:48:19 PM - [] ----D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta
~ Program Folder: 244 Legitimates Filtered in 00mn AMs
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{de847586-4a3e-11e1-b667-78ca39c888e2}\AutoRun\command. (...) -- F:\HPLauncher.exe (.not file.)
O51 - MPSK:{de84758a-4a3e-11e1-b667-78ca39c888e2}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.)
O51 - MPSK:{ee04767f-fdfa-11e0-adb7-806e6f6e6963}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:7/13/2009 - 8:47:48 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:6/10/2009 - 3:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:1/1/1601 - 5:00:00 AM ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:7/13/2009 - 8:45:55 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:3/18/2013 - 3:51:08 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 79 Legitimates Filtered in 01mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("CT3268934.installId", "conduitinstaller.exe"); =>Adware.Bloson
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("CT3268934.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("CT3287768.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("Smartbar.ConduitHomepagesList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("Smartbar.ConduitSearchEngineList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("Smartbar.ConduitSearchUrlList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("browser.search.defaultthis.engineName", "Vgrabber v1 Customized Web Search"); =>PUP.vGrabber
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI,http://search.cond[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2,http[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.homepageList", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI,http://search.conduit.com[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.originalSearchEngine", "Search Results"); =>PUP.SearchResults
O69 - SBI: prefs.js [Adam - driak909.default] user_pref("smartbar.searchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2,http://sear[...] =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {064E7738-821C-4CC1-8E2A-0834F6FB092D} - (uTorrentControl_v2 Customized Web Search) - http://search.conduit.com =>PUP.UTorrentControl
O69 - SBI: SearchScopes [HKCU] {57ABA643-6C84-490A-8CD4-CB574A263378} - (Vgrabber v1 Customized Web Search) - http://search.conduit.com =>PUP.vGrabber
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9879384D-916A-43C2-B31C-8CA54CCB58D7} - (WeLoveFilms - US Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [DefaultScope] - (Lasaoren) - http://Lasaoren.com =>PUP.Lasaoren
O69 - SBI: SearchScopes [HKCU] {A25AC313-DD19-4238-ACA2-401D6BEE4321} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} - (FreezbGames B Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {F1BE25A2-73DA-4B73-8483-30BA000DD882} - (Ask Search) - http://www.search.ask.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.577FC9FEE894C211E3992D13215C9537] [SPRF][1/29/2015] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.A629C780C12A1A5964968125E0184912] [SPRF][8/3/2012] (...) -- C:\Users\Adam\Desktop\CopyTransContacts.exe [8108600]
~ Files: 2 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{2B0060C4-C683-4A98-AF1C-6BB4CE873C84}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{36871D61-E4E8-4B5C-A892-192DB7A6B06F}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{46E9246F-CC8D-47B3-9AA7-3CAABA6A7F21}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A6A816E0-3B0D-4E8F-BBBA-DDFBF6F2A2C7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 01mn AMs
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.B98594799B739D62D1BC2E78CF460267] [WIS][1/10/2012] (.Bandoo Media Inc. - iLivid Installation.) -- C:\Windows\Installer\17a277.msi [290816] =>Adware.Bandoo
~ WIS: 1 Legitimates Filtered in 01mn AMs
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Deal Boat_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Deal Boat_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividMediaBar_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividMediaBar_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASAPI32 =>PUP.PaybyAds
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASMANCS =>PUP.PaybyAds
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2AutoUpdateHelper_RASAPI32 =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2AutoUpdateHelper_RASMANCS =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2ToolbarHelper_RASAPI32 =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2ToolbarHelper_RASMANCS =>PUP.UTorrentControl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent[1]_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent[1]_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_B_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_B_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-17E0_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-17E0_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 271 Legitimates Filtered in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 6/24/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/6/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/6/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8/12/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2/21/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 6/5/2013 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 7/13/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/19/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/14/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 2/12/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/15/2011 224640 | (AppleOSSMgr) . (...) - C:\Windows\system32\AppleOSSMgr.exe
SR - | Auto 10/6/2010 110904 | (AppleTimeSrv) . (.Apple Inc..) - C:\Windows\system32\AppleTimeSrv.exe
SR - | Auto 6/16/2015 1526936 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
SR - | Auto 6/16/2015 3461072 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 6/16/2015 312816 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 8/31/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 4/14/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 4/14/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 5/15/2015 2967864 | (TuneUp.UtilitiesSvc) . (.AVG Technologies.) - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
SR - | Auto 3/4/2015 1875480 | (vToolbarUpdater18.4.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 7/22/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 6/18/2015 620056 | (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard
SR - | Auto 7/13/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 08mn AMs
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:1/1/1601 - 5:00:00 AM ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 08mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13008 - (6/16/2015)
Clés trouvées (Keys found) : 69
Valeurs trouvées (Values found) : 7
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 15
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSafeGuard^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.4.0] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\WtuSystemSupport] =>Toolbar.AVGSafeGuard^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain] =>PUP.PriceFountain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] =>Adware.Bandoo^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>PUP.Conduit
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\DNSBHO.dll] =>Adware.Bandoo
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\DnsBHO.BHO] =>Adware.Bandoo
[HKLM\Software\Classes\DnsBHO.BHO.1] =>Adware.Bandoo
[HKLM\Software\Classes\ilivid] =>
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3] =>Adware.Bandoo
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\iLividSRTB] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\SearchquMediabarTb] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo
[HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>PUP.Conduit
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Classes\Toolbar.CT3063386] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3282140] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3063386] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3282140] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271147}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:vProt =>Toolbar.AVGSafeGuard^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\extensions\{ef8e675b-6f9f-45a0-bae1-7c026a1f477b} =>PUP.Lasaoren^
C:\Program Files (x86)\iLivid =>Adware.Bandoo^
C:\Program Files (x86)\Movies Toolbar =>PUP.MoviesToolbar^
C:\Program Files (x86)\Search Results Toolbar =>PUP.SearchResults^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid =>Adware.Bandoo^
C:\Users\Adam\AppData\Local\iLivid =>Adware.Bandoo^
C:\Users\Adam\AppData\Local\Ilivid Player =>Adware.Bandoo^
C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain =>PUP.PriceFountain^
C:\Program Files (x86)\Conduit =>PUP.Conduit
C:\Program Files (x86)\DAEMON Tools Toolbar =>Toolbar.Agent
C:\Program Files (x86)\vGrabber-software =>PUP.vGrabber
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\Adam\AppData\Local\Conduit =>PUP.Conduit
C:\Users\Adam\AppData\LocalLow\Conduit =>PUP.Conduit
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\searchqutoolbar =>Adware.Bandoo
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\driak909.default\Smartbar =>Hijacker.SmartBar
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe =>Toolbar.AVGSafeGuard^
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe =>Toolbar.AVGSafeGuard^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe =>Toolbar.AVGSearch^
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect^
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q \SearchProtect =>PUP.SearchProtect^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\PriceFountain] =>PUP.PriceFountain^
[HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKCU\Software\reimagerepair] =>Rogue.ReimageRepair^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
C:\Windows\Installer\17a277.msi =>Adware.Bandoo^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 295771 Items scanned in 30mn AMs
---\\ Additional information about modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://www.nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://www.nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Toolbar.AVGSafeGuard
http://www.nicolascoolman.fr/pup-searchresults =>PUP.SearchResults
http://www.nicolascoolman.fr/blog/ =>PUP.Lasaoren
http://www.nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://www.nicolascoolman.fr/pup-vgrabber =>PUP.vGrabber
http://www.nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.PriceFountain
http://www.nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://www.nicolascoolman.fr/pup-vittalia =>PUP.Vittalia
http://www.nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://www.nicolascoolman.fr/pup-moviestoolbar =>PUP.MoviesToolbar
http://www.nicolascoolman.fr/adware-bloson =>Adware.Bloson
http://www.nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://www.nicolascoolman.fr/blog/ =>PUP.UTorrentControl
http://www.nicolascoolman.fr/adware-domaiq =>Adware.DomaIQ
http://www.nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://www.nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://www.nicolascoolman.fr/pup-paybyads =>PUP.PaybyAds
http://www.nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://www.nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://www.nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Toolbar.MixiDJ
http://www.nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>Toolbar.DaemonTools
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
~ MSI: 31 link(s) detected in 00mn AMs
~ 919 Legitimates filtered by white list
End of the scan (726 lines in 40mn AMs)(0.11)