Rapport de ZHPDiag v2013.4.18.101 par Nicolas Coolman, Update du 18/04/2013 Run by JCB at 19/04/2013 19:14:51 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 MFIE: Mozilla Firefox 20.0.1 v20.0.1 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit (Build 7600) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Avira Free Antivirus v13.0.0.3499 avast! Free Antivirus v5.0.418.0 Spybot - Search & Destroy v1.6.2 Windows Defender W7 ---\\ System Optimizer CCleaner v2.33 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.5.3 - Français Java 7 Update 21 ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (38% free) System Restore: Activé (Enable) System drive C: has 446 GB (76%) free of 582 GB ---\\ Logged in mode ~ Computer Name: JCB-PC ~ User Name: JCB ~ All Users Names: JCB, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\JCB\AppData\Roaming\ ~ %Desktop% : C:\Users\JCB\Desktop\ ~ %Favorites% : C:\Users\JCB\Favorites\ ~ %LocalAppData% : C:\Users\JCB\AppData\Local\ ~ %StartMenu% : C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 446 Go of 582 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go) E:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 07:34:59.) -- C:\Windows\Explorer.exe [2870272] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.3DEB428ACD3D4DECD1619C24E4628DD2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/06/2010 - 08:13:46.) -- C:\Windows\System32\wininet.dll [1192960] [MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:24:40.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936] [MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.767A4C3BCF9410C286CED15A2DB17108] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2010 - 08:52:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696] [MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072] [MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840] [MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/21139 ~ Mes musiques (My Musics) : 1/4315 ~ Mes Videos (My Videos) : 3/47 ~ Mes Favoris (My Favorites) : 1/11 ~ Mes Documents (My Documents) : 3/1950 ~ Mon Bureau (My Desktop) : 1/20 ~ Menu demarrer (Programs) : 1/35 ~ Hidden Files: Scanned in 00mn 12s ---\\ Processus lancés [MD5.9157189DC07511ECBBE1D2615D8A2FED] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664] [PID.1504] [MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088] [PID.1528] [MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [275768] [PID.1748] [MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.1844] [MD5.013F05784A4BD193C9CD1817ACC31B6B] - (.Pas de propriétaire - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896] [PID.1856] [MD5.33594D58BE2E17BD5EFA8BFAB59B10D4] - (.PC Utilities Pro - Optimizer Pro Speed Guard.) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe [218144] [PID.1868] [MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576] [PID.1896] [MD5.ABC2C67DFD48930F846934B907C3D606] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [7424000] [PID.1936] [MD5.5D24868CAC87DCD70C5B71101D39B0DE] - (.Google Inc. - Google Quick Search Box.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880] [PID.1952] [MD5.318270684C812E88FE63DC4C3021FC2B] - (.ALWIL Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2756488] [PID.1960] [MD5.15D982E21248E9BE337D9B40247AF30E] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [7418368] [PID.1968] [MD5.2589FFE360BED8F824CBC6171CB5B874] - (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304] [PID.1980] [MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.2032] [MD5.229922C9FE865E952A5C101B29F33D8A] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe [942656] [PID.2044] [MD5.4410FB92A4A4744E7FB1780A55AB891D] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.1252] [MD5.98D472ECFBC0E8ED25A0483E765F42B6] - (...) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe [560472] [PID.2220] [MD5.639838B4BD0ED95F308650B910E3EC82] - (...) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224] [PID.1760] =>Toolbar.Babylon [MD5.EF06E2DEDA4BEBF1848FE395D078FFC1] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [206120] [PID.3972] [MD5.C65B115A03DB0260895DE96681E88221] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.3988] [MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.5760] [MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.5992] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.2156] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.6068] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.7324] [MD5.2C32E3E596CFE660353753EABEFB0540] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [673048] [PID.472] [MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.6476] [MD5.E7F15AC633256F4F472400041FF56B6D] - (.Microsoft Corporation. - Bing Client Application Process.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe [267856] [PID.2360] [MD5.26F3927A3E593ED4503E53A2C189E243] - (.Microsoft Corporation. - Bing Client Runtime.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe [425040] [PID.5748] [MD5.3621F2F6A733BFABDC58C97613B0166D] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe [116280] [PID.2452] [MD5.A854BC2D2AD9856F6B84C7870FF246D9] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe [706776] [PID.6724] [MD5.FEFF48FDD7A604E8CA96F543DF045FCF] - (.Microsoft Corporation. - Hôte d'extension natif du runtime du client.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe [141904] [PID.2552] [MD5.A778E395D5481138169D233AAE92757A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6861312] [PID.2328] [MD5.61D3B90C1600165110470502835FB646] - (.ALWIL Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384] [PID.1184] [MD5.C2170E010C9B6739A136211FC0427527] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.2800] [MD5.47EB3F0EF84E0AF8AE75DB98EEF34255] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.3044] [MD5.34AE0DFA3EE3B5B9975042D87332D0B7] - (...) -- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520] [PID.884] [MD5.0C88EA9A724D2512E05BAE6F73D02040] - (...) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760] [PID.396] [MD5.7683E9FBF14833164A62647CA3ECE20E] - (.Pas de propriétaire - Installer.) -- C:\ProgramData\IBUpdaterService\ibsvc.exe [637216] [PID.3176] =>Adware.InstallBrain [MD5.E1095A89EB4BFCA2AB2F4E1F2BA56612] - (.Logitech Inc. - Logitech LVPrS64H Module..) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe [125464] [PID.3368] [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3568] [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.3552] [MD5.F48FEB7DA35821DA15E0B006DCB9A169] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [193616] [PID.8020] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\JCB\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\JCB\AppData\Roaming\Mozilla\Firefox\Profiles\9m10zbmk.default\prefs.js C:\Users\JCB\AppData\Roaming\Mozilla\Firefox\Profiles\9m10zbmk.default\user.js M3 - MFPP: Plugins - [JCB] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon ~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.delta-search.com =>Toolbar.DeltaSearch R3 - URLSearchHook: (no name) [64Bits] - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.) R3 - URLSearchHook: Search Class [64Bits] - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (...) (No version) -- C:\Program Files (x86)\OrangeHSS\SearchURLHook\SearchPageURL.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) [64Bits] - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - Pas de description.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll =>Toolbar.Babylon O2 - BHO: QuickShare WidgetEngine [64Bits] - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>PUP.QuickShare O2 - BHO: IB Updater Helper [64Bits] - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DefaultTabBHO [64Bits] - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll O2 - BHO: MrFroggy [64Bits] - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} . (.TODO: - TODO: .) -- C:\Program Files (x86)\Minibar\Froggy.dll O2 - BHO: Minibar BHO [64Bits] - {AA74D58F-ACD0-450D-A85E-6C04B171C044} . (.KangoExtensions - Kango.) -- C:\Program Files (x86)\Minibar\Kango.dll O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll =>Toolbar.DeltaSearch ~ BHO: 22 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: QuickShare Widget [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>PUP.QuickShare ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [cacaoweb] C:\Users\JCB\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\JCB\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.2.22.828\Badoo.desktop.exe (.not file.) O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [Install PC Performer43349.exe] C:\Users\JCB\AppData\Local\Temp\Install PC Performer43349.exe (.not file.) O4 - HKCU\..\Run: [Optimizer Pro] . (.PC Utilities Pro - Fix, clean, optimize your PC!.) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Wow6432Node\Run: [HP Remote Solution] . (.Pas de propriétaire - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [Google Quick Search Box] . (.Google Inc. - Google Quick Search Box.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe O4 - HKLM\..\Wow6432Node\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [agentantidote.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe O4 - HKLM\..\Wow6432Node\Run: [agentantidote64.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [cacaoweb] C:\Users\JCB\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\JCB\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.2.22.828\Badoo.desktop.exe (.not file.) O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [Install PC Performer43349.exe] C:\Users\JCB\AppData\Local\Temp\Install PC Performer43349.exe (.not file.) O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\Run: [Optimizer Pro] . (.PC Utilities Pro - Fix, clean, optimize your PC!.) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - HKUS\S-1-5-21-1640509022-378214481-1243783669-1000\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Badoo.Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe O4 - GS\QuickLaunch: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - Global Startup: C:\Users\JCB\Desktop\Aller sur MSN.fr.url . (...) -- C:\Users\JCB\Desktop\Aller sur MSN.fr.url O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\CCleaner.exe O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop: JCB - Raccourci.lnk . (...) -- C:\Users\JCB O4 - GS\Desktop: Microsoft Office Excel 2003.lnk . (...) -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe O4 - GS\Desktop: Microsoft Office Word 2003.lnk . (...) -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe O4 - GS\Desktop: Skype.lnk . (...) -- C:\Windows\Installer\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}\SkypeIcon.exe O4 - GS\Desktop: Solitaire - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Spider Solitaire - Raccourci.lnk - Clé orpheline ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.mappy.com O15 - Trusted Zone: [HKCU\...\Domains] http.orange.fr ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{86A7EFF9-21E9-451F-8BA1-54174D4A821D}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{03A4CFEB-7F73-4F58-BB4A-1968C7FB5C6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{86A7EFF9-21E9-451F-8BA1-54174D4A821D}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{03A4CFEB-7F73-4F58-BB4A-1968C7FB5C6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{86A7EFF9-21E9-451F-8BA1-54174D4A821D}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{03A4CFEB-7F73-4F58-BB4A-1968C7FB5C6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) -- ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe O23 - Service: IB Updater (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe O23 - Service: Updater Service (IBUpdaterService) . (.Pas de propriétaire - Installer.) - C:\ProgramData\IBUpdaterService\ibsvc.exe =>Adware.InstallBrain O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Software Updater (SrvUpdater) . (.Pas de propriétaire - Updater.) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe ~ Services: 15 Legitimates Filtered in 00mn 15s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{730B1701-3DC1-430A-BBE3-5C9F6D16CCEA}] (...) -- E:\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D3EF7A96-CCB5-47CB-BEA8-E7C91D27AAC1}] (...) -- E:\setup.exe (.not file.) [0] ~ Scheduled Task: 20 Legitimates Filtered in 00mn 03s ---\\ Logiciels installés (O42) O42 - Logiciel: Babylon toolbar - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>Toolbar.Babylon O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM][64Bits] -- DefaultTab O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta O42 - Logiciel: IB Updater 2.0.0.550 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.IncrediBar O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail O42 - Logiciel: LayoutsExpress - (...) [HKLM][64Bits] -- LayoutsExpress O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM][64Bits] -- {F7D739D1-B597-4802-A4CB-E1FBF326C9B0} =>PUP.QuickShare O42 - Logiciel: SpecialSavings - (.Special Savings.) [HKLM][64Bits] -- {09C14BAE-2D45-4133-B0FA-5EA4FE5CF978} O42 - Logiciel: Updater Service - (...) [HKLM][64Bits] -- Updater Service ~ Logic: 154 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\90d7dbe66dbf43] [HKCU\Software\AppDataLow\AskBarDis] [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] [HKCU\Software\AppDataLow\Software\DefaultTab] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Default Tab] [HKCU\Software\DefaultTab] [HKCU\Software\Delta] [HKCU\Software\IM] [HKCU\Software\ImInstaller] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\Minibar] [HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Somoto] =>Adware.MegaSearch [HKCU\Software\SpecialSavings] [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\delta LTD] [HKLM\Software\IB Updater] [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\Wow6432Node\90d7dbe66dbf43] [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\Default Tab] [HKLM\Software\Wow6432Node\Delta] [HKLM\Software\Wow6432Node\IB Updater] [HKLM\Software\Wow6432Node\ImInstaller] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Minibar] ~ Key Software: 281 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 16/12/2012 - 07:24:14 - [0,355] ----D C:\Program Files (x86)\Babylon =>Toolbar.Babylon O43 - CFD: 15/01/2013 - 08:34:22 - [2,379] ----D C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon O43 - CFD: 10/02/2013 - 13:37:54 - [0] ----D C:\Program Files (x86)\Carrefour Online O43 - CFD: 15/02/2013 - 04:59:59 - [2,767] ----D C:\Program Files (x86)\Delta O43 - CFD: 22/01/2013 - 05:14:31 - [0,293] ----D C:\Program Files (x86)\File Scout O43 - CFD: 05/12/2012 - 08:43:40 - [26,507] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 20/12/2012 - 03:25:00 - [0,062] ----D C:\Program Files (x86)\LayoutsExpress O43 - CFD: 20/12/2012 - 03:24:58 - [0,732] ----D C:\Program Files (x86)\Minibar O43 - CFD: 22/01/2013 - 05:14:40 - [7,873] ----D C:\Program Files (x86)\SpecialSavings O43 - CFD: 03/02/2012 - 11:22:51 - [0] ----D C:\ProgramData\Ask O43 - CFD: 15/01/2013 - 08:34:11 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 15/02/2013 - 05:00:03 - [8,693] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon O43 - CFD: 22/01/2013 - 05:14:33 - [0,610] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 05/12/2012 - 08:44:31 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 05/12/2012 - 08:43:40 - [6,684] ----D C:\ProgramData\IncrediMail O43 - CFD: 22/01/2013 - 05:14:32 - [1,194] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 15/01/2013 - 08:34:31 - [2,565] ----D C:\Users\JCB\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 15/01/2013 - 08:34:11 - [0,033] ----D C:\Users\JCB\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 02/04/2012 - 16:01:59 - [0,000] ----D C:\Users\JCB\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 31/01/2013 - 04:36:51 - [1,881] ----D C:\Users\JCB\AppData\Roaming\DefaultTab O43 - CFD: 15/02/2013 - 05:00:04 - [0,276] ----D C:\Users\JCB\AppData\Roaming\Delta O43 - CFD: 10/02/2013 - 13:39:49 - [0] ----D C:\Users\JCB\AppData\Roaming\PerformerSoft O43 - CFD: 22/01/2013 - 05:14:41 - [0,023] ----D C:\Users\JCB\AppData\Roaming\SpecialSavings O43 - CFD: 05/12/2012 - 10:27:32 - [182,498] ----D C:\Users\JCB\AppData\Local\IM O43 - CFD: 20/12/2012 - 03:25:00 - [0,862] ----D C:\Users\JCB\AppData\Local\Minibar O43 - CFD: 15/02/2013 - 05:01:24 - [18,541] ----D C:\Users\JCB\AppData\Local\Smartbar =>Hijacker.SmartBar O43 - CFD: 16/12/2012 - 07:11:24 - [0,054] ----D C:\Users\JCB\AppData\Local\Wajam =>Toolbar.Wajam O43 - CFD: 15/02/2013 - 05:00:09 - [0,001] ----D C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon O43 - CFD: 19/08/2009 - 10:42:47 - [0,004] ----D C:\Users\JCB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gestionnaire de récupération ~ 503 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 780 Legitimates Filtered in 00mn 31s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/04/2013 - 15:34:57 RSHAD . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0] ~ Files: 15 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.69912118DC3D5FDBF2EDE2862709B526] - 18/04/2013 - 20:36:49 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-042AB4BC.pf =>Toolbar.Babylon O45 - LFCP:[MD5.46B8949FC723871D2E1B43553755DB4D] - 19/04/2013 - 16:58:51 ---A- - C:\Windows\Prefetch\IMLPP.EXE-C9266A11.pf O45 - LFCP:[MD5.336C71735DB30F12F9FC162A6C5396F1] - 19/04/2013 - 16:59:00 ---A- - C:\Windows\Prefetch\IMAPP.EXE-3E2B42CA.pf O45 - LFCP:[MD5.89314C735E96665C7D1CE3A10175A287] - 19/04/2013 - 16:59:16 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-53DEA81D.pf O45 - LFCP:[MD5.25126E801D5D9FA38E53677D4259552A] - 19/04/2013 - 17:05:30 ---A- - C:\Windows\Prefetch\OFFICELIVESIGNIN.EXE-291AE2E3.pf O45 - LFCP:[MD5.C4F8D48FDADA9B3489DB6990CA2284E0] - 19/04/2013 - 17:39:45 ---A- - C:\Windows\Prefetch\IMBPP.EXE-BF2AD1FF.pf O45 - LFCP:[MD5.494B5E6B08AE01BF7FAA0A38D287B223] - 19/04/2013 - 17:39:45 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-F91AEC10.pf O45 - LFCP:[MD5.2FC1B45467C14647C69EDC366A85EC39] - 19/04/2013 - 17:50:19 ---A- - C:\Windows\Prefetch\DEFAULTTABSTART.EXE-0CE06946.pf O45 - LFCP:[MD5.803CFE669C5D4277F56676D37196BB59] - 19/04/2013 - 17:50:25 ---A- - C:\Windows\Prefetch\BINGAPP.EXE-3A7C6818.pf O45 - LFCP:[MD5.9BFAC44D2BF914D29378BFC804C73E70] - 19/04/2013 - 17:50:26 ---A- - C:\Windows\Prefetch\BINGBAR.EXE-F072C9C4.pf O45 - LFCP:[MD5.317AA39C9358F600897193A726768D4D] - 19/04/2013 - 17:50:46 ---A- - C:\Windows\Prefetch\BINGSURROGATE.EXE-A976211F.pf O45 - LFCP:[MD5.F1AA7E8D794253BD15A29EE0B69CF7B7] - 19/04/2013 - 17:51:08 ---A- - C:\Windows\Prefetch\BBSVC.EXE-87EF3AA3.pf O45 - LFCP:[MD5.D5A86C4F5B479F7F318DA6991BBDBCF2] - 19/04/2013 - 18:06:03 ---A- - C:\Windows\Prefetch\BABYLONTOOLBARSRV.EXE-4AD3C07A.pf =>Toolbar.Babylon ~ Prefetcher: 139 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 20 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.1BF91F352D746AD7469FA71783B5FAE8] - 03/02/2009 - 16:07:40 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\Windows\SysWOW64\drivers\PCAMp50.sys [28224] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 16/04/2013 - 03:01:42 ---A- C:\Users\JCB\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337] O61 - LFC: 17/04/2013 - 11:12:41 ---A- C:\Users\JCB\AppData\Roaming\Microsoft\Modèles\Normal.dot [1583104] O61 - LFC: 18/04/2013 - 03:46:11 ---A- C:\Users\JCB\AppData\Local\Google\Quick Search Box\ranking.backup [3591168] O61 - LFC: 19/04/2013 - 02:34:56 ---A- C:\Users\JCB\AppData\Local\Google\Quick Search Box\ranking.db [3591168] O61 - LFC: 19/04/2013 - 16:58:52 ---A- C:\Users\JCB\AppData\Local\IM\content.xml [25110] O61 - LFC: 19/04/2013 - 17:08:51 ---A- C:\Users\JCB\AppData\Roaming\Microsoft\PowerPoint\PPT11.pcb [878023] O61 - LFC: 19/04/2013 - 17:39:40 ---A- C:\Users\JCB\AppData\Local\IM\Lex\IMSTP12.gif [47958] O61 - LFC: 19/04/2013 - 17:50:20 ---A- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg [14285] O61 - LFC: 19/04/2013 - 17:50:20 ---A- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico [1150] O61 - LFC: 19/04/2013 - 17:50:20 ---A- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico [1406] O61 - LFC: 19/04/2013 - 17:50:20 ---A- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico [1406] O61 - LFC: 19/04/2013 - 17:50:20 ---A- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico [1150] O61 - LFC: 19/04/2013 - 17:50:20 ---A- C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico [318] O61 - LFC: 19/04/2013 - 17:58:26 ---A- C:\Users\JCB\AppData\Local\Google\Quick Search Box\app_launcher_apps.data [124928] O61 - LFC: 19/04/2013 - 17:58:26 ---A- C:\Users\JCB\AppData\Local\Google\Quick Search Box\app_launcher_links.data [207872] O61 - LFC: 19/04/2013 - 18:06:02 ---A- C:\Users\JCB\AppData\Roaming\Google\Local Search History\google%2Eweb.w [72] ~ 81 Fichiers temporaires (Temporary files) ~ Files: 287 Legitimates Filtered in 00mn 27s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snap.do =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0E3C06A3-9F46-4E63-B206-C13E67E74949} - (Search Here) - http://www.mysearchresults.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {191C92E1-4199-45C9-8D84-50DE6EC2DDC1} - (Yahoo!) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {2061A652-82BA-4D2F-AC0B-F6C2D859FB26} - (Search) - http://badoo.com O69 - SBI: SearchScopes [HKCU] {20988313-A84B-4409-85C9-AC6A9101ED20} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {895470D1-AD84-44AD-BB1C-29CBC57F13DD} - (SearchTheWeb) - http://search.iminent.com =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {8A244612-A1F7-11E0-95C0-E71F4824019B} [DefaultScope] - (Search) - http://badoo.com O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (WiseConvert 1.5 Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {BAAB532E-ACE7-4CF7-A928-ADD628712DB5} - (MyStart Search) - http://mystart.incredimail.com O69 - SBI: SearchScopes [HKCU] {C7D3226A-84CC-463E-B2BD-5C86F92B75D7} - (AOL Recherche) - http://slirsredirect.search.aol.com O69 - SBI: SearchScopes [HKCU] {C9116B78-1B71-431D-9546-39DBB710377E} - (Kelkoo) - http://fr.kelkoopartners.net O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - http://fr.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{01A76BA2-6470-48EE-AC30-9C4AC8B2D6F7}C:\program files (x86)\logitech\logitech vid\vid.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\logitech\logitech vid\vid.exe (.not file.) O87 - FAEL: "UDP Query User{FE7EE711-9CCE-42B3-990F-8715D6EB9559}C:\program files (x86)\logitech\logitech vid\vid.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\logitech\logitech vid\vid.exe (.not file.) O87 - FAEL: "TCP Query User{58CE73C0-9D9D-4765-8485-48BBEE7152C5}C:\program files (x86)\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.) O87 - FAEL: "UDP Query User{FEB5752C-24CF-418D-98E7-ED6A5C799AB0}C:\program files (x86)\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.) O87 - FAEL: "TCP Query User{238AE893-61CF-448B-B864-B6D8D5730026}C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{8C1F573C-613A-4026-8465-C475CDA93003}C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "TCP Query User{E53458B3-6CD0-46BA-BBB4-640A78665CAE}C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{1655D87A-A994-4CAB-B813-17F701690DBF}C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\jcb\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "{4F8FA9D2-694D-4B15-BEA2-550CECC89F82}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{C699338B-285D-4F22-8A5B-761970027B84}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{92FE8318-BB6B-48BB-BF26-C796200F05FD}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{8033FA4B-C6BB-4679-BA58-3B3A0CDCE909}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{F897FEB3-5409-4485-A94E-19752E0B5B11}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{263064B1-C822-4CCD-9E95-4A68ED95D735}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{783E042F-028F-47F7-B65F-84D5C3B7D7E1}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{D61C046D-B3B8-4473-83FB-F746BCA5D00F}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{19EFC0B3-9AC9-4FF5-B28F-1AC7E0AE580F}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe ~ Firewall: 230 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11580 - (18/04/2013) Clés trouvées (Keys found) : 400 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 27 Fichiers trouvés (Files found) : 2 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso [HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{493CCB71-DCAD-4257-9F08-8750F63BD792}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4F9AD2F2-3A64-470E-93F7-A03423E52ACA}] =>Toolbar.Minibar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKLM\Software\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKLM\Software\Classes\TypeLib\{A7C2FCDD-0359-49DD-8339-BE2A5BD60918}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414}] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414}] =>Toolbar.Minibar [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Toolbar.PricePeep [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Toolbar.PricePeep [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\b] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd.1] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore.1] =>Toolbar.Babylon [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\escort.escrtBtn.1] =>Toolbar.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc] =>Toolbar.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc.1] =>Toolbar.Babylon [HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso [HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings [HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.IncrediBar [HKLM\Software\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}] =>Toolbar.Agent [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\default tab] =>Adware.IMBooster [HKLM\Software\Wow6432Node\default tab] =>Adware.IMBooster [HKCU\Software\defaulttab] =>Adware.IMBooster [HKCU\Software\AppDataLow\Software\defaulttab] =>Adware.IMBooster [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\Minibar] =>Toolbar.Minibar [HKLM\Software\Wow6432Node\Minibar] =>Toolbar.Minibar [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\Somoto] =>Adware.MegaSearch [HKLM\Software\Tarma Installer] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service] =>Adware.IncrediBar [HKCU\Software\AppDataLow\AskBarDis] =>Toolbar.AskBarDis [HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}] =>PUP.SpecialSavings [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}] =>PUP.SpecialSavings [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}] =>PUP.SpecialSavings [HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\SYSTEM\CurrentControlSet\Services\IB Updater] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09C14BAE-2D45-4133-B0FA-5EA4FE5CF978}] =>PUP.SpecialSavings [HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASAPI32] =>PUP.QuickShare [HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASMANCS] =>PUP.QuickShare [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}] =>Toolbar.AOL [HKLM\Software\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}] =>Toolbar.AOL [HKLM\Software\Wow6432Node\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}] =>Toolbar.AOL [HKLM\Software\Classes\dnUpdater.DownloadUIBrowser] =>Toolbar.AOL [HKLM\Software\Classes\dnUpdate] =>Toolbar.AOL [HKLM\Software\Classes\dnUpdater.DownloadUIBrowser.1] =>Toolbar.AOL [HKLM\Software\Classes\dnUpdater.DownloadUpdController] =>Toolbar.AOL [HKLM\Software\Classes\dnUpdater.DownloadUpdController.1] =>Toolbar.AOL [HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS] =>Toolbar.Conduit [HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore [HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch [HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\Toolbar.CT3242339] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escrtBtn.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3242339] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb C:\Program Files (x86)\Babylon =>Toolbar.Babylon C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\Minibar =>Toolbar.Minibar C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\SpecialSavings =>PUP.SpecialSavings C:\Program Files (x86)\LayoutsExpress =>Toolbar.LayoutExpress C:\Program Files (x86)\Common Files\Software Update Utility =>Toolbar.AOL C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\IBUpdaterService =>Adware.IncrediBar C:\ProgramData\Software =>Adware.Boxore C:\Users\JCB\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\JCB\AppData\Roaming\cacaoweb =>PUP.CacaoWeb C:\Users\JCB\AppData\Roaming\defaulttab =>Adware.IMBooster C:\Users\JCB\AppData\Roaming\SpecialSavings =>PUP.SpecialSavings C:\Users\JCB\AppData\Roaming\BabSolution =>Hijacker.BabSolution C:\Users\JCB\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\JCB\AppData\Local\Minibar =>Toolbar.Minibar C:\Users\JCB\AppData\Local\Smartbar =>Hijacker.SmartBar C:\Users\JCB\AppData\Local\Software =>Adware.Boxore C:\Users\JCB\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\JCB\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\JCB\AppData\LocalLow\Minibar =>Toolbar.Minibar C:\Users\JCB\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\JCB\AppData\LocalLow\Smartbar =>Hijacker.SmartBar C:\Users\JCB\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\JCB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph =>Adware.GamePlayLabs C:\Users\JCB\Downloads\cacaoweb.exe =>PUP.CacaoWeb C:\Users\JCB\Downloads\windows live messenger.exe =>PUP.Offerware ~ Additionnel: Scanned in 00mn 31s ---\\ Product Upgrade Codes (O90) O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe O90 - PUC: "6207E55EA2FE71A4AA7ABD89AEF31D1B" . (.Babylon Chrome Toolbar.) -- C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}\BabylonSetup.ico =>Toolbar.Babylon O90 - PUC: "7E685771E24E83F4381D1DB5A45F7B41" . (.Delta Chrome Toolbar.) -- C:\Windows\Installer\{177586E7-E42E-4F38-83D1-D15B4AF5B714}\Delta.ico O90 - PUC: "90C64EA18BA25EE488BF80DCF07F2FFD" . (.Bing Bar.) -- C:\Windows\Installer\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}\icon_installer_ico ~ Update Products: 93 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\90d7dbe66dbf43] =>Toolbar.Babylon^ [HKCU\Software\90d7dbe66dbf43]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\90d7dbe66dbf43]:version="2.6.1095.52" [HKLM\Software\Wow6432Node\90d7dbe66dbf43] =>Toolbar.Babylon^ [HKLM\Software\Wow6432Node\90d7dbe66dbf43]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\Wow6432Node\90d7dbe66dbf43]:version="2.6.1095.52" ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 25/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 25/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 11/02/2010 40384 | (avast! Antivirus) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SS - | Demand 11/02/2010 40384 | (avast! Mail Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SS - | Demand 11/02/2010 40384 | (avast! Web Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 11/06/2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe SR - | Demand 11/06/2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe SR - | Auto 2550224 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon SR - | Auto 107520 | (DefaultTabUpdate) . (...) - C:\Users\JCB\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SS - | Demand 08/02/2010 238328 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe SS - | Auto 29/01/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 29/01/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 188760 | (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe SR - | Auto 637216 | (IBUpdaterService) . (...) - C:\ProgramData\IBUpdaterService\ibsvc.exe =>Adware.InstallBrain SR - | Auto 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe SS - | Demand 13/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 26/06/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 31744 | (SrvUpdater) . (...) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe SR - | Demand 0 | (TrustedInstaller) . (...) - C:\Windows\servicing\TrustedInstaller.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by JCB at 19/04/2013 19:18:36 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by JCB at 19/04/2013 19:18:38 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2175 Legitimates filtered by white list End of the scan (1117 lines in 03mn 47s)(0)