Rapport de ZHPDiag v2013.6.30.48 par Nicolas Coolman, Update du 30/06/2013 Run by pierre at 30/06/2013 20:34:40 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16618 MFIE: Mozilla Firefox 22.0 (Defaut) GCIE: Google Chrome v23.0.1271.97 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 9YQTR Windows License : OK ~ Windows Remaining Initializations Number : 1 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection avast! Free Antivirus v8.0.1489.0 Trend Micro Titanium v3.00 Windows Defender W7 ---\\ System Optimizer ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI ---\\ System Information ~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3692 MB (42% free) System Restore: Activé (Enable) System drive C: has 51 GB (51%) free of 100 GB ---\\ Logged in mode ~ Computer Name: PIERRE-PC ~ User Name: pierre ~ All Users Names: pierre, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\pierre\AppData\Roaming\ ~ %Desktop% : C:\Users\pierre\Desktop\ ~ %Favorites% : C:\Users\pierre\Favorites\ ~ %LocalAppData% : C:\Users\pierre\AppData\Local\ ~ %StartMenu% : C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 51 Go of 100 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 161 Go of 351 Go) Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 34 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.12716D987D475B051F35895659159705] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/05/2013 - 01:59:03.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:32.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 03s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/157 ~ Mes Favoris (My Favorites) : 1/4 ~ Mes Documents (My Documents) : 1/11398 ~ Mon Bureau (My Desktop) : 1/749 ~ Menu demarrer (Programs) : 1/32 ~ Hidden Files: Scanned in 00mn 38s ---\\ Processus lancés [MD5.8292C93AA02A0451E243A3CF97878968] - (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe [370480] [PID.2504] [MD5.8EEFD0B92F46B6762A5EC41EF55F7043] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208] [PID.2516] [MD5.45D9E6C134735854866608931269B43E] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe [145184] [PID.1104] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3968] [MD5.A73731A0B0A165907799E9AFB461F856] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096] [PID.4028] [MD5.0A9A90EDB4EB99CD4005D20FF91B26CF] - (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [611616] [PID.3128] =>Adware.Boxore [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.2040] [MD5.C8D28F8B498CADBB9445AC4545BD41B7] - (.Mozilla Corporation - Firefox.) -- c:\program files (x86)\mozilla firefox\firefox.exe [920472] [PID.5584] [MD5.E9349A03FD81B4806714A16796B5E20A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- c:\program files (x86)\mozilla firefox\plugin-container.exe [17304] [PID.2908] [MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.4964] [MD5.A23E185E2D0746E479E8135A7441B003] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7625216] [PID.2948] [MD5.CBEC06E32D0AC9C3D0A9199EDC1FB959] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928] [PID.1704] [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1336] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.2096] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2568] [MD5.BDF2196D34BB224E5B11C2B0FC3A55CB] - (...) -- C:\windows\SysWOW64\AsusService.exe [224680] [PID.2596] [MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.3016] [MD5.0765EE4A7A0D6609BF91CA2E4700E885] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.3348] [MD5.9100EC985AC97C4537E571E5AC0F9E0D] - (.ASUSTeK Computer Inc. - HotKeyMon.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288] [PID.3436] [MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.3552] [MD5.6DD7CFD5650FA6BDF33F8D856F55FCDC] - (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112] [PID.3732] [MD5.1AF88B9E1259EAA8F3262232E8D9699E] - (.ASUSTeK Computer Inc. - Asus Hotkey Service.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1252272] [PID.3756] [MD5.D398A7354368DD84CA749D09C03A314D] - (.ASUS - CapsAndNumKeyNotify.) -- C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344] [PID.3764] [MD5.F32CBBB62256899E253E6A0A87FEF238] - (.AsusTek Computer Inc. - USB charge for Apple product.) -- C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [99792] [PID.4044] [MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.4648] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://search.babylon.com =>Toolbar.Babylon G0 - GCSP: Preference [User Data\Default] http://search.babylon.com =>Toolbar.Babylon G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.11 (Activé) =>Toolbar.Babylon G2 - GCE: Preference [User Data\Default] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay ~ Google Browser: 11 Legitimates Filtered in 00mn 27s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\zl12enof.default\prefs.js C:\Users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\zl12enof.default\user.js M3 - MFPP: Plugins - [pierre] -- C:\Users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\zl12enof.default\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [pierre] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M2 - MFEP: prefs.js [pierre - zl12enof.default\anttoolbar@ant.com] [] Ant Video Downloader v2.4.7.8 (..) ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com =>Toolbar.Babylon ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: e-Carte Bleue Browser Helper Object [64Bits] - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} . (.Orbiscom Ltd. All rights reserved. - FTO CMB.) -- C:\windows\SysWow64\BhoECart.dll O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - Pas de description.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll =>Toolbar.Babylon O2 - BHO: TBSB05488 [64Bits] - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files (x86)\ShoppingBarreEbuyClub\tbcore3.dll ~ BHO: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe (.not file.) O4 - HKLM\..\Run: [LiveUpdate] . (.AsusTek Computer Inc. - Asus EeePC LiveUpdate for Bios, Driver, Sof.) -- C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Eee Docking] . (.ASUSTek Computer Inc. - Eee Docking Application.) -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [Syncables] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [DatingNotifier] C:\Program Files (x86)\XFlirt Messenger\XFlirt Messenger.exe (.not file.) O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [HotkeyMon] . (.ASUSTeK Computer Inc. - HotKeyMon.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe O4 - HKLM\..\Wow6432Node\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Hotkey Service.) -- C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe O4 - HKLM\..\Wow6432Node\Run: [SuperHybridEngine] . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe O4 - HKLM\..\Wow6432Node\Run: [CapsHook] . (.ASUS - CapsAndNumKeyNotify.) -- C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [iSeriesCharge] . (.AsusTek Computer Inc. - USB charge for Apple product.) -- C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [Boxore Client] . (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe =>Adware.Boxore O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3340594144-79611605-726513635-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-3340594144-79611605-726513635-1000\..\Run: [Syncables] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O4 - HKUS\S-1-5-21-3340594144-79611605-726513635-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-3340594144-79611605-726513635-1000\..\Run: [DatingNotifier] C:\Program Files (x86)\XFlirt Messenger\XFlirt Messenger.exe (.not file.) O4 - HKUS\S-1-5-21-3340594144-79611605-726513635-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Internet Explorer (4).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\windows\system32\notepad.exe O4 - GS\TaskBar: Windows Explorer (2).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe O4 - GS\TaskBar: Windows Explorer (4).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe O4 - GS\TaskBar: Windows Explorer (5).lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe O4 - GS\TaskBar: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe O4 - GS\TaskBar: Windows Media Player (2).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\TaskBar: Windows Media Player (3).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\TaskBar: Windows Media Player (4).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\TaskBar: Windows Media Player (5).lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: WebPlayerV2.lnk . (...) -- C:\Users\pierre\AppData\Roaming\Microsoft\Installer\{77236F9C-987C-40EC-832B-5BD6181E4846}\_4DF8877A11AA755B548DA8.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\Desktop: Adobe Photoshop CS5 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe O4 - GS\Desktop: Instant Messengers Password Recovery Master.lnk . (.Rixler Software - Instant Messengers Password Recovery Master.) -- C:\Program Files (x86)\Instant Messengers Password Recovery Master\IMPasRec.exe O4 - GS\Desktop: Virtualis.lnk . (.Orbiscom Ltd. All rights reserved. - FTO CMB.) -- C:\Program Files (x86)\Virtualis\virtualis.exe O4 - GS\Desktop: WebPlayerV2.lnk . (...) -- C:\Users\pierre\AppData\Roaming\Microsoft\Installer\{77236F9C-987C-40EC-832B-5BD6181E4846}\_A3AFE8776A0291A74D99A2.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{3F120897-F4C5-4BF3-99AA-4A0F413035A6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3F120897-F4C5-4BF3-99AA-4A0F413035A6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{3F120897-F4C5-4BF3-99AA-4A0F413035A6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\windows\SysWOW64\AsusService.exe O23 - Service: Software Update Service (supdate) (supdate) . (.Boxore OU. - Programme d'installation de Software.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe ~ Services: 10 Legitimates Filtered in 00mn 22s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1082] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1086] [MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineCore] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore [MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineUA] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore [MD5.00000000000000000000000000000000] [APT] [{14A1E3E5-1EA8-475D-B21A-32CBDC72B3EC}] (...) -- C:\Users\pierre\AppData\Local\Temp\Temp1_Monopoly.zip\Install_Monopoly.exe (.not file.) [0] ~ Scheduled Task: 27 Legitimates Filtered in 00mn 07s ---\\ Logiciels installés (O42) O42 - Logiciel: Babylon toolbar on IE - (...) [HKLM][64Bits] -- BabylonToolbar =>Toolbar.Babylon O42 - Logiciel: BabylonObjectInstaller - (.Babylon Ltd.) [HKLM][64Bits] -- {83AA2913-C123-4146-85BD-AD8F93971D39} =>Toolbar.Babylon O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {0E25BB07-62EB-476F-87FC-6AF426AB059E} =>Adware.Boxore O42 - Logiciel: CapsHook - (.AsusTek Computer.) [HKLM][64Bits] -- {4B5092B6-F231-4D18-83BC-2618B729CA45} O42 - Logiciel: E-Cam - (.AzureWave.) [HKLM][64Bits] -- {185AFA7A-F63E-450B-94AA-011CAC18090E} O42 - Logiciel: Super Hybrid Engine - (.AsusTek Computer.) [HKLM][64Bits] -- {88F08F98-12BC-4613-81A2-8F9B88CFC73E} O42 - Logiciel: USBCharge+ - (.AsusTek Computer.) [HKLM][64Bits] -- {8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2} O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM][64Bits] -- {77236F9C-987C-40EC-832B-5BD6181E4846} =>Adware.SocialSkinz O42 - Logiciel: eBuyClub - (...) [HKLM][64Bits] -- TBSB05488.TBSB05488Toolbar ~ Logic: 98 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Dating Notifier (XFlirt)] [HKCU\Software\Softonic] [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKLM\Software\Wow6432Node\Dating] [HKLM\Software\Wow6432Node\E-Cam] [HKLM\Software\Wow6432Node\STURM] ~ Key Software: 151 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 07/06/2012 - 19:53:02 - [1,772] ----D C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon O43 - CFD: 11/06/2013 - 22:41:30 - [1,278] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore O43 - CFD: 05/10/2011 - 19:16:02 - [101,144] ----D C:\Program Files (x86)\Cuisine Facile AM O43 - CFD: 28/03/2013 - 22:35:14 - [0] ----D C:\Program Files (x86)\messenger-rdv-rapide O43 - CFD: 14/12/2011 - 20:09:00 - [5,628] ----D C:\Program Files (x86)\ShoppingBarreEbuyClub O43 - CFD: 07/06/2012 - 19:52:34 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 28/04/2012 - 15:03:26 - [0,000] ----D C:\ProgramData\boost_interprocess O43 - CFD: 21/04/2013 - 16:44:33 - [0,652] ----D C:\Users\pierre\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 07/06/2012 - 19:52:34 - [0,013] ----D C:\Users\pierre\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 07/06/2012 - 19:53:12 - [2,373] ----D C:\Users\pierre\AppData\Roaming\BabylonToolbar =>Toolbar.Babylon O43 - CFD: 23/04/2011 - 05:05:46 - [0,000] ----D C:\Users\pierre\AppData\Roaming\E-Cam O43 - CFD: 28/03/2013 - 22:35:17 - [0,000] ----D C:\Users\pierre\AppData\Local\messenger-rdv-rapide ~ 714 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 956 Legitimates Filtered in 01mn 31s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.9D5DE6727C6D4A3FD655225CE916D51D] - 29/06/2013 - 12:01:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [174982] O44 - LFC:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 27/06/2013 - 22:56:29 RSHAD . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175] O44 - LFC:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 27/06/2013 - 22:56:29 RSHAD . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175] ~ Files: 32 Legitimates Filtered in 00mn 39s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.1A812437A448C3661635D3378B269134] - 30/06/2013 - 17:59:40 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-EF8DC054.pf O45 - LFCP:[MD5.244980FC48A3433D2BF1AECC26BE4BF4] - 30/06/2013 - 17:59:40 ---A- - C:\Windows\Prefetch\SYNCABLES.EXE-1ACC587E.pf O45 - LFCP:[MD5.E3973CCE78E45BC7C5AA307F46DF0215] - 30/06/2013 - 18:33:40 ---A- - C:\Windows\Prefetch\UTILROLLBACK.EXE-B59BCB45.pf O45 - LFCP:[MD5.321634BD406905D1C14F1BE0297E164D] - 30/06/2013 - 18:33:52 ---A- - C:\Windows\Prefetch\COREFRAMEWORKHOST.EXE-FFCA81AE.pf ~ Prefetcher: 108 Legitimates Filtered in 00mn 01s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{d6695dc6-b734-11e2-b1ef-14dae916a2a1}\AutoRun\command. (...) -- E:\WD SmartWare.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.F8633CDD09647A64EE8DB550630427FF] - 03/03/2010 - 00:45:24 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athrx.sys [1594368] O58 - SDL:[MD5.1DC94A6A82697C62A04E461D7A94D0B0] - 28/06/2010 - 06:24:12 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13440] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 28/06/2013 - 13:50:08 ---A- C:\Users\pierre\Downloads\notice_-_mastercard_classique_-_2012.pdf [358311] O61 - LFC: 30/06/2013 - 18:39:52 ---A- C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [270233] O61 - LFC: 30/06/2013 - 19:14:04 ---A- C:\Users\pierre\AppData\Roaming\BabSolution\Shared\chu.js [579] =>Hijacker.BabSolution O61 - LFC: 30/06/2013 - 19:17:51 ---A- C:\Users\pierre\Downloads\ZHPDiag2(1).exe [5693816] O61 - LFC: 30/06/2013 - 19:17:53 ---A- C:\Users\pierre\Downloads\ZHPDiag2(2).exe [5693816] O61 - LFC: 30/06/2013 - 19:22:39 ---A- C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Local State [24416] O61 - LFC: 30/06/2013 - 19:22:41 ---A- C:\Users\pierre\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5] ~ 24 Fichiers temporaires (Temporary files) ~ Files: 240 Legitimates Filtered in 03mn 39s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files (x86)\mozilla firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111020&tt=060612_7_"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.hardId", "7e03652300000000000014dae916a2a1"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.id", "7e03652300000000000014dae916a2a1"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15498"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:56:11"); =>Toolbar.Babylon O69 - SBI: prefs.js [pierre - zl12enof.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>Adware.IMBooster ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\Crack\Adobe ME Patcher 1.3.exe C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part01.exe C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part02.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part03.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part04.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part05.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part06.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part07.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part08.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part09.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part10.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part11.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part12.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part13.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part14.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part15.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part16.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part17.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part18.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part19.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\Crack\Adobe ME Patcher 1.3.exe C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part01.exe C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part02.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part03.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part04.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part05.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part06.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part07.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part08.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part09.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part10.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part11.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part12.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part13.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part14.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part15.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part16.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part17.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part18.rar C:\Users\pierre\Desktop\Adobe Photoshop CS5 Extended (Arabic, English, French)+KeyGen\PhotoshopCS5.part19.rar ~ Files: Scanned in 01mn 56s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][02/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984] [MD5.F10E9620F1D0EDEC56C0C1E1790CEAB9] [SPRF][16/06/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\pierre\AppData\Local\Temp\SkypeSetup.exe [31668328] [MD5.CC1A55091FD96BCB624AD791CD15D179] [SPRF][09/02/2013] (...) -- C:\Users\pierre\AppData\Roaming\BabMaint.exe [114176] [MD5.13020B9039495971BB59478186BC93FC] [SPRF][10/12/2012] (.Microsoft Corporation - Pas de description.) -- C:\Users\pierre\Desktop\ExcelViewer.exe [53610536] ~ Files: Scanned in 00mn 09s ---\\ Scan Additionnel (O88) Database Version : v2.12631 - (30/06/2013) Clés trouvées (Keys found) : 153 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 10 Fichiers trouvés (Files found) : 0 [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}] =>Adware.Softomate [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}] =>Adware.Softomate [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{B00A2A69-AEB9-4466-A3D3-D965CCF868B6}] =>Adware.Softomate [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\b] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd.1] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore.1] =>Toolbar.Babylon [HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\escort.escrtBtn.1] =>Toolbar.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc] =>Toolbar.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc.1] =>Toolbar.Babylon [HKLM\Software\Classes\Software.OneClickCtrl.8] =>Adware.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Wow6432Node\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Wow6432Node\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\SYSTEM\CurrentControlSet\Services\supdate] =>Adware.Boxore [HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77236F9C-987C-40EC-832B-5BD6181E4846}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore [HKLM\Software\Classes\TBSB05488.IEToolbar] =>Toolbar.Agent [HKLM\Software\Classes\TBSB05488.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB05488.TBSB05488] =>Toolbar.Agent [HKLM\Software\Classes\TBSB05488.TBSB05488.3] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB05488] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB05488.1] =>Toolbar.Agent [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escrtBtn.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\TBSB05488.IEToolbar] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB05488.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB05488.TBSB05488] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB05488.TBSB05488.3] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB05488] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB05488.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon C:\Program Files (x86)\Boxore =>Adware.Boxore C:\Program Files (x86)\ShoppingBarreEbuyClub =>Toolbar.Softomate C:\Program Files (x86)\Software =>Adware.Boxore C:\ProgramData\Babylon =>Toolbar.Babylon C:\Users\pierre\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\pierre\AppData\Roaming\BabylonToolbar =>Toolbar.Babylon C:\Users\pierre\AppData\Roaming\BabSolution =>Hijacker.BabSolution C:\Users\pierre\AppData\Local\Software =>Adware.Boxore C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay ~ Additionnel Scan: 186797 Items scanned in 01mn 09s ---\\ Product Upgrade Codes (O90) O90 - PUC: "44D1C85F9CA48E840994A7C6FDBC14C5" . (.LocaleMe.) -- C:\windows\Installer\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}\ARPPRODUCTICON.exe O90 - PUC: "70BB52E0BE26F67478CFA64F62BA50E9" . (.Boxore Client.) -- C:\windows\Installer\{0E25BB07-62EB-476F-87FC-6AF426AB059E}\boxore.ico =>Adware.Boxore O90 - PUC: "FE531649C4A3F494EA50312119D38F08" . (.Dr.Eee.) -- C:\windows\Installer\{946135EF-3A4C-494F-AE05-1312913DF880}\ARPPRODUCTICON.exe ~ Update Products: 174 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 13/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 10/11/2010 203776 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SS - | Auto 16/02/2011 256336 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe SR - | Auto 224680 | (AsusService) . (...) - C:\windows\SysWOW64\AsusService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 21/05/2010 947488 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SS - | Auto 08/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 08/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 29/06/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 10/12/2012 139576 | (supdate) . (.Boxore OU..) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by pierre at 30/06/2013 20:47:42 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by pierre at 30/06/2013 20:47:44 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Malicius Software Information ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/28345498-adware-softomate =>Adware.Softomate ~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd ~ http://nicolascoolman.webs.com/apps/blog/show/26764465-adware-facemoods =>Adware.Facemoods ~ MSI: Scanned in 00mn 04s ~ 2272 Legitimates filtered by white list End of the scan (759 lines in 13mn 04s)(40)