Rapport de ZHPDiag v2013.4.14.74 par Nicolas Coolman, Update du 13/04/2013
Run by Karim at 14/04/2013 18:04:08
State : Your version is update.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v26.0.1410.64 (Defaut)
OBIE: Safari v5.34.57.2

---\\ Windows Product Information
~ Langage: Anglais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.2678
Windows Defender W7

---\\ System Optimizer
CCleaner v3.16

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Java 7 Update 17

---\\ System Information
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3884 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 481 GB (83%) free of 577 GB

---\\ Logged in mode
~ Computer Name: KARIM-PC
~ User Name: Karim
~ All Users Names: UpdatusUser, Karim, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Karim\AppData\Roaming\
~ %Desktop% : C:\Users\Karim\Desktop\
~ %Favorites% : C:\Users\Karim\Favorites\
~ %LocalAppData% : C:\Users\Karim\AppData\Local\
~ %StartMenu% : C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 481 Go of 577 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B8965FB53551B5455630A4B804D0791F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 07:04:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1655656]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/708
~ Mes musiques (My Musics) : 3/40
~ Mes Videos (My Videos) : 1/39
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 4/1870
~ Mon Bureau (My Desktop) : 2/263
~ Menu demarrer (Programs) : 1/71
~ Hidden Files:  Scanned in 00mn 07s



---\\ Running Processes
[MD5.868E3486E7EC522330344152A5535783] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe   [305720] [PID.2912]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Unknown owner - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe   [51768] [PID.2936]
[MD5.FA127AC8BDF668903543D29C96B31632] - (...) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe   [2561488] [PID.1916]  =>Toolbar.Babylon
[MD5.3ECCDD3FE310DD8F82D085447089ADB0] - (.ASUSTek Computer Inc. - ADSMTray.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe   [272952] [PID.4176]
[MD5.AC43952EA7D028BD35099391DB2FF599] - (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe   [370480] [PID.4368]
[MD5.B46955FD4D8AD8ED42669C4AC988BE76] - (.Strish Technologies - No comment.) -- C:\Program Files (x86)\Subliminal Master\smTray.exe   [77312] [PID.4176]
[MD5.0822AAA9E0014C2412322EF12DD68CB7] - (.Smartbar - Smartbar.) -- C:\Users\Karim\AppData\Local\Smartbar\Application\QuickShare.exe   [13824] [PID.4500]  =>Hijacker.SmartBar
[MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe   [3054136] [PID.4584]
[MD5.019659C7754D1F381751A658B95E81E8] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe   [144688] [PID.4688]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe   [103720] [PID.4776]
[MD5.D36DA0A5C531353C5FF5E29242649257] - (.Boingo Wireless, Inc. - Boingo Wi-Fi.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe   [365936] [PID.4272]
[MD5.A092258F26296C791D982E83814685BD] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe   [6806144] [PID.5044]
[MD5.D98BC64645C2DAEDC1E79B4CCCCBBC8E] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe   [170624] [PID.4808]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe   [105016] [PID.4304]
[MD5.F477F57732AFFC5460FCC5302DC08394] - (.Unknown owner - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe   [1597440] [PID.4208]
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [345312] [PID.4440]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [252848] [PID.244]
[MD5.BEE83619A26F90A6C8273F9CA9680397] - (.asus - ControlDeck.) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe   [1080448] [PID.5388]
[MD5.8E53B67FA3816E854B07C5DC66E10730] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe   [296056] [PID.8808]
[MD5.1B0A990A25190363CDB442A99BB3A3AA] - (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files (x86)\Free Download Manager\fdm.exe   [6860288] [PID.11180]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [1312720] [PID.9048]
[MD5.0B8FAC5A31E7ED0EA42F8BC46EC80F0F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6747136] [PID.10820]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe   [84536] [PID.1408]
[MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe   [96896] [PID.1448]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe   [86752] [PID.1616]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe   [110816] [PID.1792]
[MD5.F401929EE0CC92BFE7F15161CA535383] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [55184] [PID.1820]
[MD5.93B5CD0AC126BE95F65B28AF3D9542DC] - (.Microsoft - CaptureLibService.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe   [8704] [PID.1992]
[MD5.A1C148801B4AF64847AEB9F3AD9594EF] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [262144] [PID.1196]
[MD5.9A2E80361B18CD734D97B20D91C55F27] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe   [1616488] [PID.1660]
[MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe   [213384] [PID.2688]
[MD5.8E4179A38CF72AC6D8D651A72AE88580] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe   [182912] [PID.3096]
[MD5.C0BF554D2277F7A4C735D475ADE2E3B2] - (.ASUSTek Computer Inc. - ADSMSrv.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe   [225280] [PID.3568]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe   [2488888] [PID.3180]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe   [174648] [PID.1260]
[MD5.41118D920B2B268C0ADC36421248CDCF] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe   [2314240] [PID.4568]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\prefs.js
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\user.js
M3 - MFPP: Plugins - [Karim] -- C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Karim] -- C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [Karim] -- C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\freemake-customized-web-search.xml
M3 - MFPP: Plugins - [Karim] -- C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\search-here.xml
M3 - MFPP: Plugins - [Karim] -- C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\Searchab.xml
M3 - MFPP: Plugins - [Karim] -- C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\sweetim.xml  =>PUP.SweetIM
M3 - MFPP: Plugins - [Karim] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml  =>Toolbar.Babylon
M0 - MFSP: prefs.js [Karim - h5o1u259.default] http://search.conduit.com
M2 - MFEP: prefs.js [Karim - h5o1u259.default\addon@keydownload.com] [] Key Download v (..)
M2 - MFEP: prefs.js [Karim - h5o1u259.default\amo@dealplyshopping.com] [] DealPly Shopping v2.0 (..)  =>PUP.DealPly
M2 - MFEP: prefs.js [Karim - h5o1u259.default\crossriderapp4479@crossrider.com] [] Giant Savings v2.0 (..)  =>PUP.CrossRider
M2 - MFEP: prefs.js [Karim - h5o1u259.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [Karim - h5o1u259.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR Community Toolbar v3.18.0.7 (..)
M2 - MFEP: prefs.js [Karim - h5o1u259.default\{3d2284dc-7296-4555-88c5-58df17f99769}] [] QuickShare Widget v3.18.0.7 (..)  =>PUP.QuickShare
M2 - MFEP: prefs.js [Karim - h5o1u259.default\{adca5064-9e30-43fe-9856-58b07a3149fe}] [] FreemakeTB  v10.14.65.43 (..)
~ Firefox Browser: 20 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inwi.ma
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R3 - URLSearchHook: FreeMake Toolbar [64Bits] - {adca5064-9e30-43fe-9856-58b07a3149fe} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\FreeMake\prxtbFree.dll  =>Toolbar.Conduit
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 20 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects (O2)
O2 - BHO: e-Carte Bleue Browser Helper Object [64Bits] - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} . (.Orbiscom Ltd. All rights reserved. - FTO CMB.) -- C:\Windows\SysWow64\BhoECart.dll
O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - No comment.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll  =>Toolbar.Babylon
O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: FreeMake [64Bits] - {adca5064-9e30-43fe-9856-58b07a3149fe} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\FreeMake\prxtbFree.dll  =>Toolbar.Conduit
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - No comment.) -- C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll  =>Toolbar.DeltaSearch
O2 - BHO: KeyDownload [64Bits] - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} . (.KeyDownload - KeyDownload.) -- C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll
O2 - BHO: iToolsBHO [64Bits] - {E1499FE7-129D-4B6E-B681-DDF21E14172C} . (.iTools.hk - No comment.) -- C:\Users\Karim\Documents\iTools\Plugin\iToolsBHO.dll
O2 - BHO: DealPly [64Bits] - {EF7BD87A-8024-11E2-F316-F3E56188709B} . (.DealPly - DealPly for Internet Explorer.) -- C:\Program Files (x86)\DealPly\DealPlyIE.dll  =>PUP.DealPly
O2 - BHO: PricePeep [64Bits] - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} . (.PricePeep - PricePeep.) -- C:\Program Files (x86)\PricePeep\pricepeep.dll  =>Toolbar.PricePeep
O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll  =>PUP.Yontoo
~ BHO: 20 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: QuickShare Widget [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>PUP.QuickShare
~ Toolbar:  Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) 
O4 - HKLM\..\Run: [ASUS WebStorage] . (...) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 
O4 - HKLM\..\Run: [SmartAudio] . (.Unknown owner - SAIICpl MFC Application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe 
O4 - HKCU\..\Run: [Syncables] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe 
O4 - HKCU\..\Run: [Subliminal Master] . (.Strish Technologies - No comment.) -- C:\Program Files (x86)\Subliminal Master\smTray.exe 
O4 - HKCU\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\Karim\AppData\Local\Smartbar\Application\QuickShare.exe   =>Hijacker.SmartBar
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Wow6432Node\Run: [Boingo Wi-Fi] . (...) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk 
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe 
O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.Unknown owner - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe 
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe 
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\Wow6432Node\RunOnce: [MessengerPlusLiveUninstall] . (.Yuna Software - Messenger Plus! 6 Uninstaller.) -- C:\Users\Karim\AppData\Local\Temp\MsgPlusUninstall.exe 
O4 - HKUS\S-1-5-21-2853821913-1160506838-912117070-1001\..\Run: [Syncables] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe 
O4 - HKUS\S-1-5-21-2853821913-1160506838-912117070-1001\..\Run: [Subliminal Master] . (.Strish Technologies - No comment.) -- C:\Program Files (x86)\Subliminal Master\smTray.exe 
O4 - HKUS\S-1-5-21-2853821913-1160506838-912117070-1001\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\Karim\AppData\Local\Smartbar\Application\QuickShare.exe   =>Hijacker.SmartBar
O4 - HKUS\S-1-5-21-2853821913-1160506838-912117070-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
~ Application:  Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Modem OT-X080C.lnk . (...)  -- C:\Program Files\Modem OT-X080C\Modem OT-X080C\Modem OT-X080C.exe (.not file.)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Editeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\Desktop: Modem OT-X080C.lnk . (...)  -- C:\Program Files\Modem OT-X080C\Modem OT-X080C\Modem OT-X080C.exe (.not file.)
O4 - GS\Desktop: PC Chrono.lnk . (.highspheres.com - PC Chrono.)  -- C:\Program Files (x86)\PC Chrono\PCChrono.exe 
O4 - GS\Desktop: PhotoFiltre Studio X.lnk . (...)  -- C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe (.not file.)
O4 - GS\Desktop: TimeAdjuster.lnk . (...)  -- C:\Program Files (x86)\TimeAdjuster\time_adjuster.exe
O4 - GS\Desktop: Tunatic.lnk . (.Wildbits - Tunatic 1.0.1b.)  -- C:\Program Files (x86)\Tunatic\tunatic.exe 
O4 - GS\Desktop: Virtualis.lnk . (.Orbiscom Ltd. All rights reserved. - FTO CMB.)  -- C:\Program Files (x86)\Virtualis\CMB.exe 
O4 - GS\TaskBar: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.)  -- C:\Windows\system32\notepad.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Apple Safari.lnk . (...)  -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: CodeBlocks.lnk . (...)  -- C:\Program Files (x86)\CodeBlocks\codeblocks.exe
O4 - GS\QuickLaunch: Foxit Reader.lnk . (...)  -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.)  -- C:\Program Files (x86)\Paltalk Messenger\paltalk.exe 
O4 - GS\QuickLaunch: Streaming Video Recorder.lnk . (.Apowersoft - Streaming Video Recorder.)  -- C:\Program Files\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe 
O4 - GS\QuickLaunch: Upgrade to Paltalk Extreme.lnk - Orphean Key
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.)  -- C:\Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe 
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.)  -- C:\Program Files (x86)\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe 
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.)  -- C:\Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - GS\Desktop: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.)  -- C:\Program Files (x86)\Audacity\audacity.exe 
O4 - GS\Desktop: Google Drive.lnk . (...)  -- C:\Users\Karim\Google Drive 
~ Global Startup:  Scanned in 00mn 01s



---\\ IE Options icon not visible in Control Panel (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 9 Legitimates Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFA38D05-3525-4906-9890-8926D4F70D48}: DhcpNameServer = 10.188.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BFA38D05-3525-4906-9890-8926D4F70D48}: DhcpNameServer = 10.188.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BFA38D05-3525-4906-9890-8926D4F70D48}: DhcpNameServer = 10.188.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.188.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Compatible NVIDIA shim initializatio.) - C:\Windows\System32\nvinitx.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe  =>Toolbar.Babylon
O23 - Service: DefaultTabSearch (DefaultTabSearch) . (...) - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: Intel(R) Management & Security Applicati (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 16 Legitimates Scanned in 00mn 06s



---\\ Windows Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ 
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\AmiUpdXp.job   [356]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\AutoKMS.job   [264]
[MD5.861DDA2A5B38AC54B2469DD04D35A935] [APT] [AmiUpdXp] (.Amonetize ltd..) -- C:\Users\Karim\AppData\Local\SwvUpdater\Updater.exe   [301608]
[MD5.F30AA962D602D1A0377DFB99031E7B5C] [APT] [ASPG] (.ASUS.) -- C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe   [163384]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.)   [0]
[MD5.534C82F1D7246EDF654B5257CA82FE70] [APT] [DealPly] (...) -- C:\Users\Karim\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe   [93728]  =>PUP.DealPly
[MD5.99ADB71192790BD6DEE85233ED31F659] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe   [78424]  =>PUP.DealPly
[MD5.60F6DBCAC959A6BB78ECA58CAC6F95BD] [APT] [reveil] (...) -- C:\Users\Karim\Downloads\zaid-shafa3a.mp3    [2951732]
~ Scheduled Task: 33 Legitimates Scanned in 00mn 06s



---\\ ActiveSetup Installed Components (O40)
~ Active Setup: 11 Legitimates Scanned in 00mn 00s



---\\ Drivers launched at startup (O41)
~ Drivers: 69 Legitimates Scanned in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: ALO RM to MP3 Converter 7.0 - (.ALO SOFT, Inc..) [HKLM][64Bits] -- {EA5E8895-08E6-4CE5-9034-074BED87B71A}_is1
O42 - Logiciel: Acoustica Mixcraft 6 - (.Acoustica.) [HKLM][64Bits] -- Acoustica Mixcraft 6
O42 - Logiciel: Advanced Mouse Auto Clicker 3.6 - (.Advanced Mouse Auto Clicker Ltd..) [HKLM][64Bits] -- {ABB3A44C-97D0-466E-A0E8-562FAEBEF689}_is1
O42 - Logiciel: Antares Autotune Evo VST RTAS v6.0.9 - (...) [HKLM][64Bits] -- Antares Autotune Evo VST RTAS_is1
O42 - Logiciel: Art Effects for PDR10 - (.NewBlue.) [HKLM][64Bits] -- NewBlue Art Effects for PDR10
O42 - Logiciel: Babylon toolbar  - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar  =>Toolbar.Babylon
O42 - Logiciel: Beyluxe Messenger - (.Hichatters Srl.) [HKLM][64Bits] -- Beyluxe Messenger1
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}  =>Toolbar.Babylon
O42 - Logiciel: DealPly (remove only) - (.DealPly Technologies Ltd..) [HKLM][64Bits] -- DealPly  =>PUP.DealPly
O42 - Logiciel: DealPly - (...) [HKCU][64Bits] -- DealPly  =>PUP.DealPly
O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM][64Bits] -- DefaultTab
O42 - Logiciel: Delta toolbar   - (.Delta.) [HKLM][64Bits] -- delta
O42 - Logiciel: Giant Savings - (.215 Apps.) [HKLM][64Bits] -- Giant Savings  =>PUP.SpecialSavings
O42 - Logiciel: KeyDownload - (.KeyDownload.) [HKLM][64Bits] -- KeyDownload
O42 - Logiciel: Open-Sankoré - (.Open-Sankore.) [HKLM][64Bits] -- {E63D17F8-D9DA-479D-B9B5-0D101A03703B}_is1
O42 - Logiciel: PC Chrono 1.1.0.6 - (.highspheres.com.) [HKLM][64Bits] -- {C1C910A7-0B89-4260-8845-FE221D9285E8}_is1
O42 - Logiciel: PricePeep - (.betwikx LLC.) [HKLM][64Bits] -- PricePeep  =>Toolbar.PricePeep
O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM][64Bits] -- {57EA96CA-4648-4CB3-8594-3E1A9E37E86F}  =>PUP.QuickShare
O42 - Logiciel: RedMon - Redirection Port Monitor - (...) [HKLM][64Bits] -- Redirection Port Monitor
O42 - Logiciel: Subliminal Master - (.Human Potential Technology.) [HKLM][64Bits] -- SublMstrF_is1
O42 - Logiciel: Update Manager for SweetPacks 1.0 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {FB697452-8CA4-46B4-98B1-165C922A2EF3}  =>PUP.SweetIM
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B}  =>PUP.Yontoo
~ Logic: 179 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5b0db8ae73be443]
[HKCU\Software\APN PIP]
[HKCU\Software\Acoustica]
[HKCU\Software\Amazon]
[HKCU\Software\AppDataLow\Software\Crossrider]  =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\Giant Savings]  =>Adware.VidSaver
[HKCU\Software\AppDataLow\Software\Smartbar]  =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\Applied Acoustics Systems]
[HKCU\Software\Axmapresse]
[HKCU\Software\BabylonToolbar]  =>Toolbar.Babylon
[HKCU\Software\Beyluxe Messenger]
[HKCU\Software\Cr_Installer]
[HKCU\Software\DataMngr]  =>PUP.Datamngr
[HKCU\Software\Default Tab]
[HKCU\Software\Delta]
[HKCU\Software\InstallCore]  =>PUP.InstallCore
[HKCU\Software\Nonoh]
[HKCU\Software\PC Chrono]
[HKCU\Software\SXkNE]
[HKCU\Software\Sankore]
[HKCU\Software\SmartbarBackup]  =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog]  =>Hijacker.SmartBar
[HKCU\Software\Smartbar]  =>Hijacker.SmartBar
[HKCU\Software\Softonic]
[HKCU\Software\StartSearch]
[HKCU\Software\SweetIM]  =>PUP.SweetIM
[HKCU\Software\TTKWWLB]
[HKCU\Software\aMSN]
[HKCU\Software\awac]
[HKCU\Software\delta LTD]
[HKLM\Software\Open-Sankore]
[HKLM\Software\Tarma Installer]  =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\5b0db8ae73be443]
[HKLM\Software\Wow6432Node\Acoustica]
[HKLM\Software\Wow6432Node\Babylon]  =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\DataMngr]  =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Default Tab]
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Human Potential Technology]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\SweetIM]  =>PUP.SweetIM
~ Key Software: 331 Legitimates Scanned in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 26/10/2012 - 00:50:09 - [285,003] ----D C:\Program Files (x86)\Acoustica Mixcraft 6
O43 - CFD: 26/10/2012 - 22:16:06 - [1,405] ----D C:\Program Files (x86)\Advanced Mouse Auto Clicker
O43 - CFD: 25/03/2012 - 09:51:12 - [98,434] ----D C:\Program Files (x86)\ahl_alhadeeth
O43 - CFD: 30/06/2012 - 23:51:43 - [7,681] ----D C:\Program Files (x86)\Alo RM Converter
O43 - CFD: 09/09/2012 - 18:28:03 - [55,045] ----D C:\Program Files (x86)\aMSN
O43 - CFD: 04/02/2013 - 04:08:51 - [7,871] ----D C:\Program Files (x86)\Antares Audio Technologies
O43 - CFD: 05/06/2012 - 23:40:49 - [0,003] ----D C:\Program Files (x86)\Axmapresse
O43 - CFD: 29/10/2012 - 00:26:30 - [2,399] ----D C:\Program Files (x86)\BabylonToolbar  =>Toolbar.Babylon
O43 - CFD: 23/12/2012 - 16:42:42 - [19,424] ----D C:\Program Files (x86)\Beyluxe Messenger
O43 - CFD: 30/03/2013 - 05:07:21 - [1,206] ----D C:\Program Files (x86)\DealPly  =>PUP.DealPly
O43 - CFD: 08/03/2013 - 21:21:31 - [0,863] ----D C:\Program Files (x86)\DefaultTab
O43 - CFD: 03/03/2013 - 00:28:05 - [2,769] ----D C:\Program Files (x86)\Delta
O43 - CFD: 27/06/2012 - 14:19:07 - [2,903] ----D C:\Program Files (x86)\Giant Savings  =>Adware.VidSaver
O43 - CFD: 08/03/2013 - 21:21:37 - [0,291] ----D C:\Program Files (x86)\KeyDownload-Addon
O43 - CFD: 31/01/2013 - 19:02:48 - [0,392] ----D C:\Program Files (x86)\No-IP
O43 - CFD: 23/03/2012 - 20:32:19 - [20,749] ----D C:\Program Files (x86)\Nonoh.net
O43 - CFD: 13/04/2013 - 23:47:16 - [128,796] ----D C:\Program Files (x86)\Open-Sankore
O43 - CFD: 09/05/2012 - 22:42:11 - [1,453] ----D C:\Program Files (x86)\PC Chrono
O43 - CFD: 21/10/2012 - 21:03:09 - [0,621] ----D C:\Program Files (x86)\PricePeep  =>Toolbar.PricePeep
O43 - CFD: 12/01/2013 - 02:38:14 - [1,891] ----D C:\Program Files (x86)\Subliminal Master
O43 - CFD: 15/08/2012 - 21:52:13 - [2,484] ----D C:\Program Files (x86)\SweetIM  =>PUP.SweetIM
O43 - CFD: 10/04/2013 - 01:00:34 - [0] ----D C:\Program Files (x86)\TornTV.com  =>Hijacker.TornTV
O43 - CFD: 06/06/2012 - 12:18:39 - [0,303] ----D C:\Program Files (x86)\Virtualis
O43 - CFD: 29/10/2012 - 00:27:30 - [6,524] ----D C:\Program Files (x86)\Webplayer decompression
O43 - CFD: 18/11/2012 - 04:07:36 - [0,319] ----D C:\Program Files (x86)\Yontoo  =>PUP.Yontoo
O43 - CFD: 26/10/2012 - 00:49:17 - [0,848] ----D C:\ProgramData\Acoustica
O43 - CFD: 29/10/2012 - 00:26:03 - [0] ----D C:\ProgramData\Babylon  =>Toolbar.Babylon
O43 - CFD: 03/03/2013 - 00:28:14 - [9,289] ----D C:\ProgramData\BrowserProtect  =>Toolbar.Babylon
O43 - CFD: 03/02/2013 - 08:17:17 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 12/01/2013 - 02:38:14 - [0,000] ----D C:\ProgramData\Subliminal Master
O43 - CFD: 15/08/2012 - 21:51:59 - [0,001] ----D C:\ProgramData\SweetIM  =>PUP.SweetIM
O43 - CFD: 18/11/2012 - 04:07:35 - [1,662] ----D C:\ProgramData\Tarma Installer  =>Toolbar.Tarma
O43 - CFD: 26/10/2012 - 00:52:56 - [0,033] ----D C:\Users\Karim\AppData\Roaming\Acoustica
O43 - CFD: 04/02/2013 - 04:08:51 - [0,001] ----D C:\Users\Karim\AppData\Roaming\Antares
O43 - CFD: 03/03/2013 - 00:28:07 - [1,446] ----D C:\Users\Karim\AppData\Roaming\BabSolution  =>Hijacker.BabSolution
O43 - CFD: 29/10/2012 - 00:26:03 - [0,029] ----D C:\Users\Karim\AppData\Roaming\Babylon  =>Toolbar.Babylon
O43 - CFD: 17/03/2012 - 21:09:18 - [0] ----D C:\Users\Karim\AppData\Roaming\Beyluxe
O43 - CFD: 30/03/2013 - 05:07:24 - [0,090] ----D C:\Users\Karim\AppData\Roaming\DealPly  =>PUP.DealPly
O43 - CFD: 08/03/2013 - 21:21:27 - [0,606] ----D C:\Users\Karim\AppData\Roaming\DefaultTab
O43 - CFD: 03/03/2013 - 00:28:04 - [0,259] ----D C:\Users\Karim\AppData\Roaming\Delta
O43 - CFD: 02/02/2013 - 22:06:38 - [0] ----D C:\Users\Karim\AppData\Roaming\install
O43 - CFD: 31/05/2012 - 12:30:56 - [0,008] ----D C:\Users\Karim\AppData\Roaming\Nonoh
O43 - CFD: 09/04/2013 - 20:27:10 - [1,652] ----D C:\Users\Karim\AppData\Roaming\uTorrent
O43 - CFD: 21/10/2012 - 21:05:32 - [0,540] ----D C:\Users\Karim\AppData\Roaming\VLCMediaPlayerPackages
O43 - CFD: 26/10/2012 - 21:26:55 - [85,585] ----D C:\Users\Karim\AppData\Local\Amazon
O43 - CFD: 27/06/2012 - 14:18:48 - [0,050] ----D C:\Users\Karim\AppData\Local\Giant Savings  =>Adware.VidSaver
O43 - CFD: 13/04/2013 - 23:51:37 - [6,193] ----D C:\Users\Karim\AppData\Local\Sankore
O43 - CFD: 08/03/2013 - 21:23:05 - [18,819] ----D C:\Users\Karim\AppData\Local\Smartbar  =>Hijacker.SmartBar
O43 - CFD: 08/03/2013 - 21:21:23 - [0,289] ----D C:\Users\Karim\AppData\Local\SwvUpdater
O43 - CFD: 26/10/2012 - 00:50:08 - [0,014] ----D C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 6
O43 - CFD: 26/10/2012 - 21:26:48 - [0,004] ----D C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
O43 - CFD: 23/12/2012 - 16:42:43 - [0,004] ----D C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beyluxe Messenger
O43 - CFD: 03/03/2013 - 00:28:25 - [0,001] ----D C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect  =>Toolbar.Babylon
O43 - CFD: 30/03/2013 - 05:07:22 - [0,001] ----D C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly  =>PUP.DealPly
O43 - CFD: 18/11/2012 - 04:07:27 - [0,002] ----D C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com  =>Hijacker.TornTV
~ 392 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 722 Legitimates Scanned in 00mn 47s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/04/2013 - 22:24:05 ---A- . (...) -- C:\sniffer.log   [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/04/2013 - 22:49:36 ---A- . (...) -- C:\END   [0]
~ Files: 72 Legitimates Scanned in 00mn 07s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Local Security Authority-LSA Deny (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Safe Boot Control (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator  [Key] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe  =>PUP.SweetIM
~ SMSR Keys: 11 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (MCSP) (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
~ MWPE Keys: 3 Legitimates Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
~ Drivers:  Scanned in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
~ Legacy: 78 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639..clientLogIsEnabled", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.BrowserCompStateIsOpen_130064413660070508", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.BrowserCompStateIsOpen_1359634298000", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.CTID", "CT2851639");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.CurrentServerDate", "23-3-2013");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.DSInstall", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.DialogsGetterLastCheckTime", "Wed Mar 20 2013 21:49:42 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.DownloadReferralCookieData", "");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.EMailNotifierPollDate", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedLastCount2548968607390276962", 501);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156812186649977", "Sat Mar 23 2013 06:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813040823546", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813130095866", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813224203613", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813230837251", "Sat Mar 23 2013 06:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813454291735", "Sat Mar 23 2013 06:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813729834876", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156813860870021", "Sat Mar 23 2013 06:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156814264681793", "Sat Mar 23 2013 06:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156814863075366", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedPollDate2429156815257761081", "Sat Mar 23 2013 06:22:34 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedTTL2429156813040823546", 15);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedTTL2429156813130095866", 10);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedTTL2429156813454291735", 5);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedTTL2429156813729834876", 5);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FeedTTL2429156814264681793", 5);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FirstServerDate", "16-3-2013");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FirstTime", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FirstTimeFF3", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FirstTimeHiddenVer", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.HPInstall", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.HasUserGlobalKeys", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.HomePageProtectorEnabled", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.Initialize", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.InstallationType", "Unknown");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.InstalledDate", "Sat Mar 16 2013 19:47:39 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsAlertDBUpdated", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsGrouping", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsInitSetupIni", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsMulticommunity", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsOpenThankYouPage", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.IsProtectorsInit", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.LanguagePackLastCheckTime", "Sat Mar 23 2013 02:43:45 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.LastLogin_3.18.0.7", "Sat Mar 23 2013 02:43:44 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.LatestVersion", "3.18.0.7");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.Locale", "fr");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.MyStuffEnabledAtInstallation", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.OriginalFirstVersion", "3.18.0.7");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SavedHomepage", "http://search.conduit.com/?ctid=CT3214568&SearchSource=13");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchCaption", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchEngineBeforeUnload", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=SB_CUI[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchInNewTabLastCheckTime", "Sat Mar 23 2013 02:43:42 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchProtectorEnabled", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SearchProtectorToolbarDisabled", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SendProtectorDataViaLogin", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ServiceMapLastCheckTime", "Sat Mar 23 2013 02:43:44 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SettingsLastCheckTime", "Sat Mar 23 2013 02:43:41 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.SettingsLastUpdate", "1363957955");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ThirdPartyComponentsLastCheck", "Sat Mar 09 2013 17:21:03 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ThirdPartyComponentsLastUpdate", "1331805999");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ToolbarShrinkedFromSetup", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.TrusteLinkUrl", "http://trust.conduit.com/CT2851639");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.UserID", "UN25366102871479057");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.ValidationData_Toolbar", 1);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.WeatherNetwork", "");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.WeatherPollDate", "Sat Mar 23 2013 06:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.WeatherUnit", "C");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.alertChannelId", "1243674");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e.:2z527", "247E70727330333D4634413E3C3E204B40433078322323262428382F3A2C2E2F473032334E5E5[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e06cg5el8:", "6E6D6B6E73746D6D7078");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737174797A7373767E242F4B49474F42357D5D5C3D");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F3[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A43353[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E37625[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F2829413843545[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E3[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E3661565[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A43333[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E2740303235334[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A43343[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C356055584[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A43353[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A4[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D5[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b-0?3g>d", "6F3E3C6D6A706E707A6F76797620474D78212551507D252A5256565755242B595E2C3033");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b-0?3g@6:5;", "");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F645[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F376[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b5ba==9cjag", "6A3E716F3E7342727A4647717578777D774B20217A");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6E73746D6D6F7679787A");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b9643g3/9e", "6A");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b<:222h64<", "393F352F3E");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b<:222h64<l8daj", "6D70706F76747279776F2A7975727B7D757D20");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b=+03eh8h8j?:", "4443");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52")[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9b?b0d:8aj62<h", "6D");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A226874747[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_appstatereporttime", "31333634303038393738373337");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E6722[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_couponbuddy_appstate", "6F6E");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_currentversion", "312E342E332E32");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_eventscache", "7B2233303731363735642D643837382D343862372D623234612D30323465356334643862[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_first_time", "31");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_gadgetopen", "30");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_lastlogintime", "31333634303038393738373236");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22506F6C6[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_pricegong_appstate", "6F6E");  =>Adware.PriceGong
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_settings1.4.3.2", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_showclosebutton", "74727565");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.mam_gk_userid", "38666235636331362D636138362D343838652D396632392D333934373033616462646138");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.pg_enable", "74727565");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.searchappstate", "32");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.backendstorage.searchapptracking", "73656E74");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.globalFirstTimeInfoLastCheckTime", "Wed Mar 20 2013 21:49:40 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.homepageProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.initDone", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.isAppTrackingManagerOn", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.myStuffEnabled", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.navigateToUrlOnSearch", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.revertSettingsEnabled", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.searchProtectorDialogDelayInSec", 10);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.searchProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.testingCtid", "");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Sat Mar 23 2013 02:43:45 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.toolbarContextMenuLastCheckTime", "Sat Mar 09 2013 17:21:08 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT2851639.usagesFlag", 2);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CT3214568.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3214568&octid=CT3[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2851639/CT2851639", "\"2e7ef834936da3853c9aaf53[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1243674/1239347/FR", "\"0\"");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", "\"1361967766\"");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "G9mW7heT/8xI[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "2E1/v7EfCEDbv[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "UgzXjW7BIkfd[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "4BgM4MhF/sOgPsD[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\"");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"")[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851639", "\"7cd772776b023143b03ef993ec[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"167381e705146fbc786f9e06bc[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"6fd1045af25322dd339b00de08178517\[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Karim\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h5o1u259.def[...]
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://redirecterror.sfr.fr/?q=");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ToolbarsList", "CT2851639");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2851639");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2851639");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.globalUserId", "402dcd1c-e57f-4cd8-bda5-3620d3edcc9f");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851639");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Mar 16 2013 20:07:49 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Mar 23 2013 04:22:45 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.locale", "en");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Mar 23 2013 04:22:35 GMT+0100");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.notifications.userId", "3406ba04-9b01-4431-bdc2-98a3103d34f3");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.originalHomepage", "http://search.conduit.com/?ctid=CT3214568&SearchSource=13");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("CommunityToolbar.originalSearchEngine", "FreeMake Customized Web Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=065cc78200000000000016f06d9[...]  =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("browser.search.defaultthis.engineName", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms}");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("browser.search.selectedEngine", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.admin", false);  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.aflt", "babsst");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.dfltLng", "en");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.excTlbr", false);  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.id", "065cc78200000000000072f06d963c37");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.instlDay", "15641");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.instlRef", "sst");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.tlbrId", "base");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=065cc78200000000000072f06d963c[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.823:26:30");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.babTrack", "affID=108988&tt=4312_2");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.bbDpng", "23");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.cntry", "FR");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.hdrMd5", "7C7A3EEF74BA7CDE5E7627D49FCB14C2");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.id", "065cc78200000000000016f06d963c37");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.instlDay", "15766");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.023:28:07");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.sg", "tzb");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.smplGrp", "tzb");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.vrsnTs", "1.8.10.023:28:07");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.helperbar.Country", "France");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.helperbar.DockingPositionDown", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.helperbar.SmartbarDisabled", false);  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false);  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.helperbar.UserID", "3d2284dc-7296-4555-88c5-58df17f99769");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("extensions.helperbar.Visibility", false);
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
O69 - SBI: prefs.js [Karim - h5o1u259.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3214568&SearchSource=13");  =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Privitize VPN) - http://searchab.com  =>Hijacker.PrivitizeVPN
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com  =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 12s



---\\ Search Svchost Services (SSS) (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.B1DAB8BFC11CFE8F3AA854885BD95271] [SPRF][23/01/2013] (.Yuna Software - Messenger Plus! 6 Uninstaller.) -- C:\Users\Karim\AppData\Local\Temp\MsgPlusUninstall.exe   [837632]
[MD5.C6A605D7A0421233F98D212C1709C00E] [SPRF][12/04/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\Karim\AppData\Local\Temp\SkypeSetup.exe   [30620776]
[MD5.F491B18F0FC836ABBFC37AF539BB8D1C] [SPRF][04/02/2013] (...) -- C:\Users\Karim\AppData\Roaming\Karimlog.dat   [335358]
[MD5.2F2726904FB53AC1C55BBBAC036823B5] [SPRF][02/11/2011] (...) -- C:\Users\Karim\Desktop\lame_enc.dll   [380928]
[MD5.031B1E1D618BF1274A18941F8AC3D484] [SPRF][09/04/2013] (.PortableApps.com - Skype Portable.) -- C:\Users\Karim\Desktop\SkypePortable_6-3-0-105_online.paf.exe   [963064]
[MD5.AAEC4FE0FDA50B45C175B6656D719E9C] [SPRF][06/04/2013] (...) -- C:\Users\Karim\Desktop\wmp11-windowsxp-x86-FR-FR.exe   [35786]
~ Files:  Scanned in 00mn 05s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{891A365B-5390-4C13-AA37-467C92B9EB1E}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" | In - Public - P6 - TRUE | .(.Nonoh - Client to make VoIP calls..) -- C:\program files (x86)\nonoh.net\nonoh\nonoh.exe
O87 - FAEL: "UDP Query User{D1777B8B-A8D8-49A6-B90D-ED315C2502AE}C:\program files (x86)\nonoh.net\nonoh\nonoh.exe" | In - Public - P17 - TRUE | .(.Nonoh - Client to make VoIP calls..) -- C:\program files (x86)\nonoh.net\nonoh\nonoh.exe
O87 - FAEL: "TCP Query User{F2576335-14F1-4D8B-83D2-70FD65F0C9BB}C:\users\karim\downloads\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\karim\downloads\utorrent.exe
O87 - FAEL: "UDP Query User{F4574D82-7A6E-444F-B4C1-8E6264A546AE}C:\users\karim\downloads\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\karim\downloads\utorrent.exe
O87 - FAEL: "TCP Query User{7C9A1C4B-9331-45EA-B4AA-474AC644D346}C:\users\karim\downloads\tinyumbrella-5.11.01.exe" | In - Public - P6 - TRUE | .(.Unknown owner - TinyUmbrella - Save your SHSH!.) -- C:\users\karim\downloads\tinyumbrella-5.11.01.exe
O87 - FAEL: "UDP Query User{CC72C2CA-79C9-4EEB-A503-684E20A1ED6E}C:\users\karim\downloads\tinyumbrella-5.11.01.exe" | In - Public - P17 - TRUE | .(.Unknown owner - TinyUmbrella - Save your SHSH!.) -- C:\users\karim\downloads\tinyumbrella-5.11.01.exe
O87 - FAEL: "TCP Query User{930C7512-77B1-4973-8FBA-FD558399B530}C:\users\karim\downloads\microtorrent_torrent_3.2_build_27547_francais_18245.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc..) -- C:\users\karim\downloads\microtorrent_torrent_3.2_build_27547_francais_18245.exe
O87 - FAEL: "UDP Query User{5BD5DC4F-61D0-4E1D-93F7-41F1F33904A3}C:\users\karim\downloads\microtorrent_torrent_3.2_build_27547_francais_18245.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc..) -- C:\users\karim\downloads\microtorrent_torrent_3.2_build_27547_francais_18245.exe
O87 - FAEL: "{BFA71556-49A6-4533-8D72-F48E25D8DF51}" | In - Public - P6 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe  =>PUP.SweetIM
O87 - FAEL: "{7630B73E-4DCB-4CD0-BA5F-481E3360F430}" | In - Public - P17 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe  =>PUP.SweetIM
O87 - FAEL: "TCP Query User{5A514D2E-E514-4B73-98D3-56CB668BA4A9}C:\program files (x86)\amsn\bin\wish.exe" | In - Public - P6 - TRUE | .(.ActiveState Corporation - Wish Application.) -- C:\program files (x86)\amsn\bin\wish.exe
O87 - FAEL: "UDP Query User{D1CC87FC-D24B-4E72-AC98-225EDA32F49D}C:\program files (x86)\amsn\bin\wish.exe" | In - Public - P17 - TRUE | .(.ActiveState Corporation - Wish Application.) -- C:\program files (x86)\amsn\bin\wish.exe
O87 - FAEL: "TCP Query User{9D9AF166-2FD2-4649-BE08-6765F7FDF5C1}C:\program files (x86)\paltalk messenger\paltalk.exe" | In - Public - P6 - TRUE | .(.AVM Software Inc. - Paltalk Messenger.) -- C:\program files (x86)\paltalk messenger\paltalk.exe
O87 - FAEL: "UDP Query User{B7A3BB44-17A2-4640-BF11-826179F6B285}C:\program files (x86)\paltalk messenger\paltalk.exe" | In - Public - P17 - TRUE | .(.AVM Software Inc. - Paltalk Messenger.) -- C:\program files (x86)\paltalk messenger\paltalk.exe
~ Firewall: 246 Legitimates Scanned in 00mn 01s



---\\ Additionnal Scan (O88)
Database Version : v2.11523 - (13/04/2013)
Clés trouvées (Keys found) : 244
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 25
Fichiers trouvés  (Files found) : 5

[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]   =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]   =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]   =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}]   =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]   =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]   =>Adware.RecordNRip
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]   =>Adware.Yontoo
[HKCU\Software\delta LTD]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]   =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}]   =>Toolbar.PricePeep
[HKLM\Software\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}]   =>Toolbar.PricePeep
[HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}]   =>Toolbar.PricePeep
[HKLM\Software\Wow6432Node\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}]   =>Toolbar.PricePeep
[HKLM\Software\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}]   =>Toolbar.PricePeep
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}]   =>PUP.iMesh
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch]   =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}]   =>Hijacker.SmartBar
[HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}]   =>Toolbar.Kiwee
[HKLM\Software\Wow6432Node\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}]   =>Toolbar.Kiwee
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}]   =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}]   =>Adware.Agent
[HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}]   =>Hijacker.SmartBar
[HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}]   =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}]   =>Hijacker.SmartBar
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}]   =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}]   =>Hijacker.SmartBar
[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}]   =>Toolbar.PricePeep
[HKLM\Software\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}]   =>Toolbar.PricePeep
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}]   =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}]   =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]   =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}]   =>PUP.Software.Updater
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}]   =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]   =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}]   =>Hijacker.SmartBar
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]   =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]   =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]   =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]   =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}]   =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]   =>Toolbar.PricePeep
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]   =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFile3.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\PricePeep.DLL]   =>Toolbar.PricePeep
[HKLM\Software\Classes\b]   =>Toolbar.Babylon
[HKLM\Software\Classes\Babylon.dskBnd]   =>Toolbar.Babylon
[HKLM\Software\Classes\Babylon.dskBnd.1]   =>Toolbar.Babylon
[HKLM\Software\Classes\bbylnApp.appCore]   =>Toolbar.Babylon
[HKLM\Software\Classes\bbylnApp.appCore.1]   =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Classes\esrv.BabylonESrvc]   =>Toolbar.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc.1]   =>Toolbar.Babylon
[HKLM\Software\Classes\PricePeep.PricePeepBho]   =>Toolbar.PricePeep
[HKLM\Software\Classes\PricePeep.PricePeepBho.1]   =>Toolbar.PricePeep
[HKLM\Software\Classes\Updater.AmiUpd]   =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph]   =>PUP.SpecialSavings
[HKCU\Software\1ClickDownload]   =>PUP.1ClickDownloader
[HKCU\Software\APN PIP]   =>Toolbar.Ask
[HKCU\Software\BabylonToolbar]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\BabylonToolbar]   =>Toolbar.Babylon
[HKCU\Software\Cr_Installer]   =>Adware.VidSaver
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr]   =>Adware.Bandoo
[HKCU\Software\default tab]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\default tab]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\defaulttab]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\PIP]   =>Toolbar.Ask
[HKCU\Software\SmartbarBackup]   =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog]   =>Hijacker.SmartBar
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKCU\Software\StartSearch]   =>Hijacker.Agent
[HKCU\Software\SweetIM]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM]   =>PUP.SweetIM
[HKLM\Software\Tarma Installer]   =>Toolbar.Agent
[HKCU\Software\AppDataLow\Toolbar]   =>Toolbar.Conduit
[HKCU\Software\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings]   =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep]   =>Toolbar.PricePeep
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F]   =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F]   =>PUP.SweetIM
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]   =>PUP.BProtector
[HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASAPI32]   =>PUP.QuickShare
[HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASMANCS]   =>PUP.QuickShare
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]   =>PUP.BProtector
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}]   =>Adware.KeyDownload
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyDownload]   =>Adware.KeyDownload
[HKLM\Software\Classes\AppID\ESRV.EXE]   =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADCA5064-9E30-43FE-9856-58B07A3149FE}]   =>Toolbar.Freemake
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADCA5064-9E30-43FE-9856-58B07A3149FE}]   =>Toolbar.Freemake
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\aMSN\OpenCandy]   =>Adware.OpenCandy
[HKLM\Software\Classes\delta.deltaHlpr]   =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1]   =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc]   =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1]   =>toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3214568]   =>Toolbar.Conduit
[HKLM\Software\Classes\YontooIEClient.Api]   =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1]   =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers]   =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1]   =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3214568]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers]   =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1]   =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.DLL]   =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL]   =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL]   =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Classes\AppID\YontooIEClient.DLL]   =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]   =>PUP.SweetIM^
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE}   =>Toolbar.Babylon
C:\Program Files (x86)\yontoo   =>Adware.Yontoo
C:\Program Files (x86)\BabylonToolbar   =>Toolbar.Babylon
C:\Program Files (x86)\Conduit   =>Toolbar.Conduit
C:\Program Files (x86)\DealPly   =>PUP.DealPly
C:\Program Files (x86)\defaulttab   =>Adware.IMBooster
C:\Program Files (x86)\Giant Savings   =>Adware.VidSaver
C:\Program Files (x86)\PricePeep   =>Toolbar.PricePeep
C:\Program Files (x86)\SweetIM   =>PUP.SweetIM
C:\Program Files (x86)\torntv.com   =>Hijacker.TornTV
C:\Program Files (x86)\KeyDownload-Addon   =>Adware.KeyDownload
C:\ProgramData\Babylon   =>Toolbar.Babylon
C:\ProgramData\SweetIM   =>PUP.SweetIM
C:\Users\Karim\AppData\Roaming\Babylon   =>Toolbar.Babylon
C:\Users\Karim\AppData\Roaming\DealPly   =>PUP.DealPly
C:\Users\Karim\AppData\Roaming\defaulttab   =>Adware.IMBooster
C:\Users\Karim\AppData\Roaming\BabSolution   =>Hijacker.BabSolution
C:\Users\Karim\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\Karim\AppData\Local\Giant Savings   =>Adware.VidSaver
C:\Users\Karim\AppData\Local\Smartbar   =>Hijacker.SmartBar
C:\Users\Karim\AppData\Local\SwvUpdater   =>PUP.Software.Updater
C:\Users\Karim\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\Karim\AppData\Local\Temp\Smartbar   =>Hijacker.SmartBar
C:\Users\Karim\AppData\Local\Temp\Software   =>Adware.Boxore
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\Smartbar   =>Hijacker.SmartBar
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\Extensions\ffxtlbr@delta.com   =>PUP.Funmoods
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\bprotector_extensions.sqlite   =>PUP.BProtector
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\bprotector_prefs.js   =>PUP.BProtector
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\SearchPlugins\conduit.xml   =>Toolbar.Conduit
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\SearchPlugins\sweetim.xml   =>PUP.SweetIM
C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\h5o1u259.default\Extensions\addon@defaulttab.com.xpi   =>Adware.Bandoo
~ Additionnel:  Scanned in 00mn 18s



---\\ Product Upgrade Codes (O90)
~ Update Products: 145 Legitimates Scanned in 00mn 00s



---\\ Random Export Key (O91)
[HKCU\Software\5b0db8ae73be443]   =>Toolbar.Babylon^
[HKCU\Software\5b0db8ae73be443]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5b0db8ae73be443]:version="2.6.1095.52"
[HKLM\Software\Wow6432Node\5b0db8ae73be443]   =>Toolbar.Babylon^
[HKLM\Software\Wow6432Node\5b0db8ae73be443]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\Wow6432Node\5b0db8ae73be443]:version="2.6.1095.52"
~ Export Key Software:  Scanned in 00mn 00s



---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Demand 31/03/2008 225280 |  (ADSMService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 22/06/2010 379520 |  (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 27/03/2013 86752 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 27/03/2013 110816 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 24/05/2012 55184 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 |  (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 15/12/2009 96896 |  (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto  2561488 |  (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe  =>Toolbar.Babylon
SS - | Auto  572928 |  (DefaultTabSearch) . (...) - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
SR - | Auto 18/06/2012 8704 |  (FreemakeVideoCapture) . (.Microsoft.) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SS - | Auto 25/08/2010 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/08/2010 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/06/2012 936848 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/10/2009 262144 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/07/2010 159336 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 12/07/2010 1616488 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto  386344 |  (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
SR - | Auto 04/12/2008 226640 |  (SeaPort) . (.Microsoft Corp..) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Auto 28/02/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 01/10/2009 2314240 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 02s



~ 1885 Legitimates filtered by white list
End of the scan (1286 lines in 02mn 16s)(0)