~ Rapport de ZHPDiag v2013.9.30.550 - Nicolas Coolman (30/09/2013) ~ Lancé par Samantha (01/10/2013 08:45:12) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16686 MFIE: Mozilla Firefox 23.0.1 (Defaut) GCIE: Google Chrome v27.0.1453.94 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : BM3Y3 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v13.0.0.4042 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.01 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer Pando Media Booster v2.6.0.9 ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader 9.5.1 - Français ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (57% free) System Restore: Activé (Enable) System drive C: has 63 GB (26%) free of 233 GB ---\\ Mode de connexion au système ~ Computer Name: SAMANTHA-PC ~ User Name: Samantha ~ All Users Names: Samantha, Erin, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Samantha\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Samantha\AppData\Roaming\ ~ %Desktop% : C:\Users\Samantha\Desktop\ ~ %Favorites% : C:\Users\Samantha\Favorites\ ~ %LocalAppData% : C:\Users\Samantha\AppData\Local\ ~ %StartMenu% : C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 63 Go of 233 Go) D: CD-ROM drive (Not Inserted) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 34 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 04:59:10.) -- C:\Windows\System32\wininet.dll [1767936] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/4243 ~ Mes musiques (My Musics) : 1/19 ~ Mes Videos (My Videos) : 2/9 ~ Mes Favoris (My Favorites) : 1/139 ~ Mes Documents (My Documents) : 3/4766 ~ Mon Bureau (My Desktop) : 1/1753 ~ Menu demarrer (Programs) : 1/38 ~ Hidden Files: Scanned in 00mn 14s ---\\ Processus lancés [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.3112] [MD5.7F8BECFB26F2655E281406C6C341F416] - (...) -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3029472] [PID.1564] =>PUP.BitGuard [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.320] [MD5.51C392EC9DA1119EC86D562FF3E7344F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [825808] [PID.3948] [MD5.965F2EEE2109845FF6231FF6B94F006A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Samantha\Desktop\ZHPDiag\ZHPDiag.exe [8030720] [PID.3464] [MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1396] [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1524] [MD5.28DDEEEC44E988657B732CF404D504CB] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe [1492840] [PID.1716] [MD5.176825151F2F93415BCB37C29AF11A3D] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1440080] [PID.1756] [MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1820] [MD5.D98350792A7CE82E7459A7C36481BEDA] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139632] [PID.1872] [MD5.BE5C0E39BE31233770C92BD54492F856] - (.Iminent - Iminent Protection.) -- C:\Program Files\Common Files\Umbrella\umbrella.exe [2864448] [PID.332] =>Adware.IMBooster [MD5.F30BF9FC4275156F2AE96FCDF1ED5EE4] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.2552] [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2848] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\prefs.js C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\user.js C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\prefs.js M3 - MFPP: Plugins - [Samantha] -- C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [Samantha] -- C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\searchplugins\holasearch.xml =>Hijacker.HolaSearch M3 - MFPP: Plugins - [Samantha] -- C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\searchplugins\search.xml M3 - MFPP: Plugins - [Samantha] -- C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\searchplugins\search_the_web.xml M0 - MFSP: prefs.js [Samantha - hbhhvlkz.Utilisateur par défaut] http://www.holasearch.com =>Hijacker.HolaSearch M2 - MFEP: prefs.js [Samantha - hbhhvlkz.Utilisateur par défaut\ffxtlbr@holasearch.com] [] HolaSearch v1.6.0 (..) =>Hijacker.HolaSearch P2 - FPN: [HKLM] [@virtools.com/3DviaPlayer] - (...) -- C:\Program Files\Virtools\3D Life Player\npvirtools.dll (.not file.) ~ Firefox Browser: 45 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) ~ IE Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 38 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [Public]: Sublime Text 2.lnk . (...) -- C:\Program Files\Sublime Text 2\sublime_text.exe O4 - GS\Desktop [Samantha]: HP Scan.lnk . (.Hewlett-Packard Co. - HPScan.) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPScan.exe O4 - GS\Desktop [Erin]: Vegas Pro 11.0.lnk . (.Sony Creative Software Inc. - Vegas Pro.) -- C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe O4 - GS\Desktop [Erin]: Wow - Raccourci.lnk . (...) -- C:\Users\Samantha\Desktop\Way of Elendil\Wow.exe (.not file.) ~ Global Startup: 80 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} ((no name)) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} ((no name)) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-2.0.0.1.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} ((no name)) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{FA0498B4-9733-4802-9FE2-029495CF26B0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{FA0498B4-9733-4802-9FE2-029495CF26B0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{FA0498B4-9733-4802-9FE2-029495CF26B0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster ~ Services: 6 Legitimates Filtered in 00mn 18s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PC Performer_DEFAULT.job [270] =>Rogue.PCPerformer O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PC Performer_UPDATES.job [278] =>Rogue.PCPerformer ~ Scheduled Task: 3 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard O42 - Logiciel: Convert MP4 to MP3 - (.ConvertMP4toMP3.com.) [HKLM] -- {5067397A-2935-4290-AE14-1BE2863B00A3}_is1 O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP =>Adware.IMBooster O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {1837A345-0C6D-42AE-ACD6-6C4F5FF490BA} =>Adware.IMBooster O42 - Logiciel: VPbubble (remove only) - (.Nosibay.) [HKCU] -- VPbubble O42 - Logiciel: holasearch toolbar - (.holasearch.) [HKLM] -- holasearch =>Hijacker.HolaSearch ~ Logic: 94 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\596d7dcb235ba13] [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Drivers] [HKCU\Software\HTTOGroup] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito [HKCU\Software\Protector] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Win] [HKCU\Software\Yahoo] [HKCU\Software\holasearch] =>Hijacker.HolaSearch [HKCU\Software\?? ?? ???? ????? ??? ?? ????] [HKLM\Software\596d7dcb235ba13] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Umbrella] ~ Key Software: 214 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 01/06/2013 - 13:52:43 - [23,092] ----D C:\Program Files\Convert MP4 to MP3 O43 - CFD: 14/06/2013 - 18:16:57 - [2,808] ----D C:\Program Files\holasearch =>Hijacker.HolaSearch O43 - CFD: 14/06/2013 - 18:21:36 - [16,148] ----D C:\Program Files\Iminent =>Adware.IMBooster O43 - CFD: 14/06/2013 - 18:16:22 - [11,876] ----D C:\Program Files\PC Performer =>Rogue.PCPerformer O43 - CFD: 09/12/2010 - 11:47:43 - [8,344] ----D C:\Program Files\Roll 'm Up O43 - CFD: 16/01/2010 - 15:18:29 - [4,870] ----D C:\Program Files\WalkOn O43 - CFD: 04/08/2013 - 12:42:26 - [2,732] ----D C:\Program Files\Common Files\Umbrella O43 - CFD: 14/06/2013 - 18:15:58 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 14/09/2013 - 18:33:31 - [8,436] ----D C:\ProgramData\BitGuard =>PUP.BitGuard O43 - CFD: 14/06/2013 - 18:16:24 - [0,002] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 14/06/2013 - 18:21:09 - [0,030] ----D C:\ProgramData\Iminent =>Adware.IMBooster O43 - CFD: 14/06/2013 - 18:17:16 - [1,310] ----D C:\Users\Samantha\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 14/06/2013 - 18:15:58 - [0,010] ----D C:\Users\Samantha\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 30/06/2013 - 18:45:59 - [0,161] ----D C:\Users\Samantha\AppData\Roaming\DataMgr O43 - CFD: 21/03/2011 - 12:14:30 - [0,018] ----D C:\Users\Samantha\AppData\Roaming\Dreamsdwell Stories O43 - CFD: 14/06/2013 - 18:16:24 - [0,308] ----D C:\Users\Samantha\AppData\Roaming\File Scout O43 - CFD: 14/06/2013 - 18:16:57 - [0,259] ----D C:\Users\Samantha\AppData\Roaming\holasearch =>Hijacker.HolaSearch O43 - CFD: 14/06/2013 - 18:21:33 - [0,016] ----D C:\Users\Samantha\AppData\Roaming\Iminent =>Adware.IMBooster O43 - CFD: 14/09/2013 - 18:33:34 - [0,001] ----D C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard O43 - CFD: 09/12/2010 - 11:47:43 - [0,001] ----D C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roll 'm Up O43 - CFD: 25/05/2013 - 20:50:12 - [0] ----D C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VPbubble O43 - CFD: 16/01/2010 - 15:18:33 - [0] ----D C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WalkOn ~ 773 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 1041 Legitimates Filtered in 00mn 55s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{e2062e3b-ca0f-11e2-b1a4-001d60ea6d3c}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x86.dll" . (...) -- C:\Windows\System32\ficvdec_x86.dll ~ TDSD: 9 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\DataMgr [Key] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\Samantha\AppData\Roaming\DataMgr\DataMgr.exe O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (.Iminent - Iminent.) -- C:\Program Files\Iminent\Iminent.exe =>Adware.IMBooster O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (.Iminent - Iminent.) -- C:\Program Files\Iminent\Iminent.Messengers.exe =>Adware.IMBooster O53 - SMSR:HKLM\...\startupreg\Intermediate [Key] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\Samantha\AppData\Roaming\Intermediate\Intermediate.exe O53 - SMSR:HKLM\...\startupreg\SCheck [Key] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\Samantha\AppData\Roaming\SCheck\SCheck.exe O53 - SMSR:HKLM\...\startupreg\SSync [Key] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\Samantha\AppData\Roaming\SSync\SSync.exe ~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 09:56:20 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [5810] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.cpl> [HKCU\..\cplopen\Command] (.Not Key.) O67 - Shell Spawning: <.cmd> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.js> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.reg> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 26 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Babylon) - http://search.babylon.com =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (Search) - http://search.fbdownloader.com ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Users\Erin\AppData\Local\Temp\Temp1_Minecraft1.6.1-Wazez.zip\Minecraft 1.6.1 Cracked\Minecraft.exe C:\Users\Erin\AppData\Local\Temp\Temp1_Minecraft1.6.1-Wazez.zip\Minecraft 1.6.1 Cracked\Minecraft.exe.old ~ Files: Scanned in 00mn 29s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.AC4ABE259123E0515870872428EF053A] [SPRF][20/05/2013] (...) -- C:\Users\Samantha\AppData\Local\ext_piccshare_uninst.exe [44216] [MD5.24F6D923EF6956ABD0449C879F36D7C7] [SPRF][24/09/2013] (...) -- C:\Users\Samantha\AppData\Local\Temp\i4jdel0.exe [27411] [MD5.1F2E782F590FD99E3E8820565A5D5EFB] [SPRF][29/08/2013] (...) -- C:\Users\Samantha\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-b2788jnks.dll [17408] [MD5.1F2E782F590FD99E3E8820565A5D5EFB] [SPRF][21/09/2013] (...) -- C:\Users\Samantha\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll [17408] [MD5.41E8565342099E912C54721AC295188B] [SPRF][04/02/2010] (.Dictao SA - Module de signature AdSignerADP.) -- C:\Windows\Downloaded Program Files\AdSignerADP.dll [421248] [MD5.59A403467438EF48B38EC560A269B1E1] [SPRF][04/02/2010] (.Dictao SA - Module de vérification de signature AdSignerADP.) -- C:\Windows\Downloaded Program Files\AdVerifierADP.dll [355712] ~ Files: 13 Legitimates Filtered in 00mn 02s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{6480B5EE-4AB0-4E4A-B6FC-8C080898D8EA}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files\Iminent\Iminent.exe =>Adware.IMBooster O87 - FAEL: "{3D18C043-6F18-4F1C-851A-74DBFD8CBA01}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files\Iminent\Iminent.Messengers.exe =>Adware.IMBooster ~ Firewall: 235 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "543A7381D6C0EA24CA6DC6F4F54F09AB" . (.Iminent.) -- C:\Windows\Installer\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}\imbooster.ico =>Adware.IMBooster O90 - PUC: "BC282AFB4A7F3704FA2AC26448502E7A" . (.SoftwareZator 2012 Beta.) -- C:\Windows\Installer\{BFA282CB-F7A4-4073-AFA2-2C468405E2A7}\SoftwareZator2012.exe ~ Update Products: 131 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\596d7dcb235ba13\2.6.1519.190\upd]:="upd=1" [HKCU\Software\596d7dcb235ba13\2.6.1673.238\upd]:="upd=1" [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>Hijacker.Eazel [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" [HKCU\Software\596d7dcb235ba13]:version="2.6.1673.238" [HKLM\Software\596d7dcb235ba13]:version="2.6.1673.238" ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.FB854C4C73E74C3C6BFC0C3E268E45BF] [WIS][10/05/2012] (.Veler Software - SoftwareZator 2012 Beta.) -- C:\Windows\Installer\1eb8497.msi [2034688] [MD5.7043BF3D883BB70EE6B4F57B20D136D3] [WIS][14/06/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\1eb849c.msi [10158080] =>Adware.IMBooster ~ WIS: 133 Legitimates Filtered in 00mn 14s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 17/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Disabled 06/04/2012 217600 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 13/09/2013 3029472 | (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard SS - | Disabled 18/05/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Disabled 04/07/2010 238952 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe SS - | Disabled 31/01/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 31/01/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 28/06/2013 1440080 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe SS - | Disabled 25/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Disabled 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SS - | Disabled 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 04/08/2013 2864448 | (SProtection) . (.Iminent.) - C:\Program Files\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 16s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Samantha at 01/10/2013 08:50:40 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8557D1F8]<< 1 ntkrnlpa!IofCallDriver[0x82E3FBBA] >> \Device\Harddisk0\DR0[0x8643D1A0] \Driver\atapi[0x86313258] >> IRP_MJ_CREATE >> 0x8557D1F8 kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Samantha at 01/10/2013 08:50:43 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 12932 - (30/09/2013) Clés trouvées (Keys found) : 199 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 19 Fichiers trouvés (Files found) : 17 [HKLM\SYSTEM\CurrentControlSet\Services\BitGuard] =>PUP.BitGuard^ [HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BitGuard^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\holasearch] =>Hijacker.HolaSearch^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Iminent] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger] =>Adware.IMBooster^ [HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1] =>Rogue.PCPerformer [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKCU\Software\Protector] =>PUP.AdvancedSystemProtector [HKCU\Software\holasearch] =>Hijacker.HolaSearch [HKLM\Software\holasearch] =>Hijacker.HolaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola Chrome Toolbar] =>Hijacker.HolaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}] =>Hijacker.HolaSearch [HKLM\Software\Classes\CLSID\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}] =>Hijacker.HolaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}] =>Hijacker.HolaSearch [HKLM\Software\Classes\CLSID\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}] =>Hijacker.HolaSearch [HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster [HKLM\Software\Google\Chrome\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla] =>Hijacker.HolaSearch [HKLM\Software\Classes\iminent] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\ffxtlbr@holasearch.com =>Hijacker.HolaSearch^ C:\Program Files\holasearch =>Hijacker.HolaSearch^ C:\Program Files\Iminent =>Adware.IMBooster^ C:\Program Files\PC Performer =>Rogue.PCPerformer^ C:\ProgramData\Babylon =>Toolbar.Babylon^ C:\ProgramData\BitGuard =>PUP.BitGuard^ C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^ C:\ProgramData\Iminent =>Adware.IMBooster^ C:\Users\Samantha\AppData\Roaming\BabSolution =>Hijacker.BabSolution^ C:\Users\Samantha\AppData\Roaming\Babylon =>Toolbar.Babylon^ C:\Users\Samantha\AppData\Roaming\holasearch =>Hijacker.HolaSearch^ C:\Users\Samantha\AppData\Roaming\Iminent =>Adware.IMBooster^ C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^ C:\Program Files\Common Files\Umbrella =>Adware.IMBooster C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent =>Adware.IMBooster C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer =>Rogue.PCPerformer C:\Users\Samantha\AppData\Roaming\DataMgr =>PUP.Datamngr C:\Users\Samantha\AppData\Local\Temp\Iminent =>Adware.IMBooster C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\bprotector_prefs.js =>PUP.BProtector C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard^ C:\Program Files\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster^ C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\searchplugins\babylon.xml =>Toolbar.Babylon^ C:\Users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\hbhhvlkz.Utilisateur par défaut\searchplugins\holasearch.xml =>Hijacker.HolaSearch^ C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard^ C:\Windows\Tasks\PC Performer_DEFAULT.job =>Rogue.PCPerformer^ C:\Windows\Tasks\PC Performer_UPDATES.job =>Rogue.PCPerformer^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^ [HKLM\Software\Babylon] =>Toolbar.Babylon^ C:\Program Files\Iminent\Iminent.exe =>Adware.IMBooster^ C:\Program Files\Iminent\Iminent.Messengers.exe =>Adware.IMBooster^ C:\Windows\Installer\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}\imbooster.ico =>Adware.IMBooster^ [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^ [HKCU\Software\596d7dcb235ba13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^ C:\Windows\Installer\1eb849c.msi =>Adware.IMBooster^ ~ Additionnel Scan: 285055 Items scanned in 00mn 29s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/28136809-hijacker-holasearch =>Hijacker.HolaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade ~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector ~ MSI: 15 link(s) detected in 00mn 29s ~ 2033 Legitimates filtered by white list End of the scan (793 lines in 05mn 59s)(2)