~ Rapport de ZHPDiag v2013.10.13.35 - Nicolas Coolman  (13/10/2013)
~ Lancé par Eddy Zakri (14/10/2013 09:47:23)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
MFIE: Mozilla Firefox 23.0
GCIE: Google Chrome v30.0.1599.69 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ Logiciels de protection du système
Microsoft Security Client v4.3.0215.0
ZoneAlarm Free Firewall v11.0.768.000
ZoneAlarm Security Toolbar  v1.8.22.0 =>Toolbar.ZoneAlarm
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.01 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
µTorrent v3.3.0.29126 =>P2P.µTorrent

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1642 MB (24% free)
System Restore: Activé (Enable)
System drive C: has 118 GB (42%) free of 279 GB

---\\ Mode de connexion au système
~ Computer Name: EDDIEZAKRI-HP
~ User Name: Eddy Zakri
~ All Users Names: Eddy Zakri, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Eddy Zakri\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Eddy Zakri\AppData\Roaming\
~ %Desktop% : C:\Users\Eddy Zakri\Desktop\
~ %Favorites% : C:\Users\Eddy Zakri\Favorites\
~ %LocalAppData% : C:\Users\Eddy Zakri\AppData\Local\
~ %StartMenu% : C:\Users\Eddy Zakri\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 118 Go of 279 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  Out Of Date
~ Security Center: 33 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.09/08/2011 - 20:34:59.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 05:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 03:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.09/08/2011 - 20:39:20.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/279
~ Mes musiques (My Musics) : 11/2331
~ Mes Videos (My Videos) : 1/2141
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 11/4641
~ Mon Bureau (My Desktop) : 11/92
~ Menu demarrer (Programs) : 1/65
~ Hidden Files:  Scanned in 00mn 49s



---\\ Processus lancés
[MD5.97A57AEA49E0EC9D17BDD96A3CEEBEBC] - (...) -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe   [3032032] [PID.1860]  =>PUP.BitGuard
[MD5.497F27E279C0F921E2130BB89C1CB5CA] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [18705664] [PID.2716]
[MD5.226B7F3D5029B40BA3D3ECF04FBD32A6] - (.Pas de propriétaire - FM Application.) -- C:\Facemoi\facemoi.exe   [82944] [PID.2984]  =>PUP.Facemoi
[MD5.2781C31D26F39FCFF05A290120210A4F] - (...) -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe   [637936] [PID.1180]
[MD5.A16852B04C0A5654B0B8DFD5E1A25718] - (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe   [576000] [PID.3180]
[MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe   [578944] [PID.3408]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe   [136488] [PID.3588]
[MD5.A25F011CACB68FE3F8FC74A4FA7C8D7F] - (.Abine Inc. - ZoneAlarm Do Not Track Me Service.) -- C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe   [297336] [PID.1332]
[MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe   [222208] [PID.316]
[MD5.37287D98A1BF5D56AA729CEB9B27C6B1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [770648] [PID.4388]
[MD5.2176B4590387405E5F2405C3CEF0C02A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8078848] [PID.1940]
~ Processes Running:  Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Eddy Zakri\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\prefs.js
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\user.js
M3 - MFPP: Plugins - [Eddy Zakri] -- C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Eddy Zakri] -- C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [Eddy Zakri] -- C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\softonic.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [Eddy Zakri] -- C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\zonealarm.xml
M2 - MFEP: prefs.js [Eddy Zakri - xhe9vf9l.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [Eddy Zakri - xhe9vf9l.default\plugin@getwebcake.com] [] WebCake v1.00.01 (..) =>Adware.WebCake
~ Firefox Browser: 10 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.softonic.com =>Toolbar.Conduit
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: OKitSpace [64Bits] - {3543619C-D563-43f7-95EA-4DA7E1CC396A} . (...) -- C:\Users\Eddy Zakri\AppData\Roaming\okitspace\IE\OKitSpace.dll =>PUP.Onekit
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Softonic Helper Object [64Bits] - {E87806B5-E908-45FD-AF5E-957D83E58E68} . (.Softonic.com - Pas de description.) -- C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll =>Toolbar.Conduit
O2 - BHO: (no name) [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Clé orpheline
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Dictionnaire le Littré.lnk . (...)  -- C:\Program Files (x86)\Dictionnaire le Littré 2.0\Littre.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Internet Everywhere.lnk . (...)  -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe
O4 - GS\Desktop [Public]: MobaMotiv.lnk . (.Mobatek - http://www.mobatek.net - MobaMotiv.)  -- C:\Program Files (x86)\MobaMotiv\MobaMotiv.exe 
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Public]: WiMAX Connection Manager.lnk . (.HUAWEI - WiMAX Connection Manager.)  -- C:\Program Files (x86)\WiMAX Connection Manager\WiMAX Connection Manager.exe 
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Eddy Zakri\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\QuickLaunch [Eddy Zakri]: Amazing Pyramids.lnk . (...)  -- C:\Program Files (x86)\MyPlayCity.com\Amazing Pyramids\Amazing Pyramids.exe (.not file.)
O4 - GS\QuickLaunch [Eddy Zakri]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\Eddy Zakri\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Eddy Zakri]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch [Eddy Zakri]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Eddy Zakri]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Eddy Zakri\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Eddy Zakri]: doPDF.lnk . (.Softland - doPDF Start Application.)  -- C:\Program Files\Softland\doPDF 7\dopdf.exe 
O4 - GS\Program [Eddy Zakri]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Eddy Zakri]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SendTo [Eddy Zakri]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain - Evernote.)  -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe 
O4 - GS\Desktop [Eddy Zakri]: 7zFM - Raccourci.lnk . (.Igor Pavlov - 7-Zip File Manager.)  -- C:\Program Files (x86)\7-Zip\7zFM.exe 
O4 - GS\Desktop [Eddy Zakri]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\Eddy Zakri\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Eddy Zakri]: CVitae V4.lnk . (...)  -- C:\Program Files (x86)\CVitaeV4\CVitae.exe
O4 - GS\Desktop [Eddy Zakri]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Eddy Zakri]: Le Grand Robert.lnk . (.Bureau Van Dijk – Dictionnaires Le Robert - Le Grand Robert de la langue française.)  -- C:\Program Files (x86)\Le Grand Robert\grwin.exe 
O4 - GS\Desktop [Eddy Zakri]: Speed - Raccourci.lnk . (...)  -- C:\Users\Eddy Zakri\Videos\JEUX\Need for speed mw\Need for Speed Most Wanted\Speed.exe
O4 - GS\Desktop [Eddy Zakri]: Windows Update.lnk . (.Microsoft Corporation - Windows Update Application Launcher.)  -- C:\Windows\system32\wuapp.exe 
~ Global Startup: 88 Legitimates Filtered in 00mn 57s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Launcher.lnk . (...)  -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
O4 - GS\Startup [Eddy Zakri]: MagicDisc.lnk . (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.)  -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe 
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe  =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe  =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GM4IE] . (.Pas de propriétaire - FM Application.) -- C:\Facemoi\facemoi.exe =>PUP.Facemoi
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe  =>.DT Soft Ltd
O4 - HKCU\..\Run: [ares mod] C:\Program Files (x86)\AresMod\AresMod.exe (.not file.) 
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. - HPCMDelayStart Application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Facemoi] . (.Pas de propriétaire - FM Application.) -- c:\Facemoi\facemoi.exe =>PUP.Facemoi
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2116176242-1592332739-549678488-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-21-2116176242-1592332739-549678488-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe  =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2116176242-1592332739-549678488-1001\..\Run: [GM4IE] . (.Pas de propriétaire - FM Application.) -- C:\Facemoi\facemoi.exe =>PUP.Facemoi
O4 - HKUS\S-1-5-21-2116176242-1592332739-549678488-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe  =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2116176242-1592332739-549678488-1001\..\Run: [ares mod] C:\Program Files (x86)\AresMod\AresMod.exe (.not file.) 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CA06509-E16A-4A8F-A131-518BC880B0EF}: DhcpNameServer = 41.206.65.1 213.136.109.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B64B98-FE35-44DF-9679-A46602EDBD80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8AC1FC4-5E19-4932-AD4B-C881C93122AD}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2729A2E-A0FC-48F5-A571-61250EB4C284}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CA06509-E16A-4A8F-A131-518BC880B0EF}: DhcpDomain = mtn.ci
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2729A2E-A0FC-48F5-A571-61250EB4C284}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CA06509-E16A-4A8F-A131-518BC880B0EF}: DhcpNameServer = 41.206.65.1 213.136.109.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{85B64B98-FE35-44DF-9679-A46602EDBD80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B8AC1FC4-5E19-4932-AD4B-C881C93122AD}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2729A2E-A0FC-48F5-A571-61250EB4C284}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CA06509-E16A-4A8F-A131-518BC880B0EF}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2729A2E-A0FC-48F5-A571-61250EB4C284}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CA06509-E16A-4A8F-A131-518BC880B0EF}: DhcpNameServer = 41.206.65.1 213.136.109.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{85B64B98-FE35-44DF-9679-A46602EDBD80}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B8AC1FC4-5E19-4932-AD4B-C881C93122AD}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2729A2E-A0FC-48F5-A571-61250EB4C284}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CA06509-E16A-4A8F-A131-518BC880B0EF}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2729A2E-A0FC-48F5-A571-61250EB4C284}: DhcpDomain = mtn.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
O23 - Service: Software Updater (SrvUpdater) . (.Pas de propriétaire - Updater.) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe =>PUP.Eorezo
~ Services: 15 Legitimates Filtered in 01mn 30s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\AmiUpdXp.job   [376] =>PUP.Software.Updater
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\SpeedMaxPc Registration3.job   [474] =>PUP.SpeedMaxPc
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\SpeedMaxPc Update3.job   [432] =>PUP.SpeedMaxPc
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\SpeedMaxPc.job   [410] =>PUP.SpeedMaxPc
[MD5.1C446DC37F6BA32799F5881D06488C3F] [APT] [AmiUpdXp] (.Amonetize ltd..) -- C:\Users\Eddy Zakri\AppData\Local\SwvUpdater\Updater.exe   [307240]  =>PUP.Software.Updater
[MD5.71D490C463014E4FB88B8CBA700B111E] [APT] [EPUpdater] (...) -- C:\Users\Eddy Zakri\AppData\Roaming\BabSolution\Shared\BabMaint.exe   [4608]  =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.)   [0]  =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [SpeedMaxPc] (...) -- C:\Program Files (x86)\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe (.not file.)   [0]  =>PUP.SpeedMaxPc
[MD5.35DD2A44BA05F0D447520BB265E91810] [APT] [SpeedMaxPc Update3] (.SpeedMaxPc.) -- C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe   [654336]  =>PUP.SpeedMaxPc
[MD5.00000000000000000000000000000000] [APT] [{79D44C1D-B978-4460-947A-026FE3243B51}] (...) -- C:\Users\Eddy Zakri\Downloads\Programs et Logiciels\avira_antivir_personal_en.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{7DF8493D-C336-4F3B-96FA-0F86FFDDA649}] (...) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe (.not file.)   [0]  =>Toolbar.Babylon
[MD5.00000000000000000000000000000000] [APT] [{8BDF8CEE-3D48-427B-8001-D480C570C399}] (...) -- C:\Users\Eddy Zakri\Documents\VIDEO\JEUX\The Thing\Setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{AA66B93D-9CD4-4A10-92B4-4FA1DEEE342C}] (...) -- C:\Users\Eddy Zakri\Downloads\Programs et Logiciels\PVMsetup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{AC3D07B1-8E16-4828-889C-646C5F37EBBE}] (...) -- C:\Users\Eddy Zakri\Desktop\JEUX\Luxor 2\luxor 2 crackfix.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{D598D2C9-F5E7-4200-9CBA-C6423EF932C9}] (...) -- C:\Program Files (x86)\Micro Application\Conduite 3D\Desinst.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{EF667C87-8630-415E-8E87-DEEC06397D09}] (...) -- C:\Users\Eddy Zakri\Desktop\JEUX\my game\BEACHHEAD2000\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{F6207134-3B73-493C-A42F-11A8FC1ADAF2}] (...) -- C:\Users\Eddy Zakri\Desktop\ne98spst.exe (.not file.)   [0]
~ Scheduled Task: 45 Legitimates Filtered in 00mn 27s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU][64Bits] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
O42 - Logiciel: Delta Force - Black Hawk Down - (...) [HKLM][64Bits] -- {8FE54D21-8254-4CCF-AEE0-066496AE43F4}
O42 - Logiciel: Delta toolbar   - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch
O42 - Logiciel: Prompt Downloader - (...) [HKLM][64Bits] -- Prompt Downloader
O42 - Logiciel: WebCake 3.00 - (.WebCake LLC.) [HKLM][64Bits] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38} =>Adware.WebCake
O42 - Logiciel: okitspace - (...) [HKLM][64Bits] -- okitspace =>PUP.Onekit
~ Logic: 162 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\9538ddfbc6fbf43]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Babylon] =>Toolbar.Babylon
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\Media Get LLC] =>PUP.MediaGet
[HKCU\Software\PluginAddon]
[HKCU\Software\Prompt Downloader]
[HKCU\Software\Safe Browser]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKCU\Software\Yahoo]
[HKCU\Software\abhisoft]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\9538ddfbc6fbf43]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\MarineAquarium3Free_57EI]
[HKLM\Software\Wow6432Node\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKLM\Software\Wow6432Node\VBMZ]
~ Key Software: 293 Legitimates Filtered in 00mn 04s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/10/2013 - 17:43:07 - [0,121] ----D C:\Program Files (x86)\AresMod
O43 - CFD: 20/07/2013 - 14:16:12 - [2,336] ----D C:\Program Files (x86)\Delta
O43 - CFD: 30/06/2013 - 09:28:35 - [0,015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 30/06/2013 - 06:58:44 - [22,228] ----D C:\Program Files (x86)\Prompt Downloader
O43 - CFD: 07/08/2013 - 10:45:23 - [2,258] ----D C:\Program Files (x86)\Softonic =>Toolbar.Conduit
O43 - CFD: 06/08/2013 - 11:36:27 - [5,983] ----D C:\Program Files (x86)\Yahoo!
O43 - CFD: 12/09/2012 - 15:52:14 - [1,600] ----D C:\Program Files (x86)\Common Files\SpeedMaxPc =>PUP.SpeedMaxPc
O43 - CFD: 20/07/2013 - 14:15:23 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 12/10/2013 - 13:02:48 - [8,444] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 11/09/2013 - 12:52:39 - [0] ----D C:\ProgramData\Media Get LLC =>PUP.MediaGet
O43 - CFD: 12/09/2012 - 15:52:14 - [0,019] ----D C:\ProgramData\SpeedMaxPc =>PUP.SpeedMaxPc
O43 - CFD: 30/06/2013 - 06:58:16 - [2,732] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 06/08/2013 - 11:34:35 - [0,005] ----D C:\ProgramData\Yahoo!
O43 - CFD: 20/07/2013 - 14:16:25 - [1,662] ----D C:\Users\Eddy Zakri\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 20/07/2013 - 14:15:20 - [0,011] ----D C:\Users\Eddy Zakri\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 20/07/2013 - 14:16:08 - [0,259] ----D C:\Users\Eddy Zakri\AppData\Roaming\Delta
O43 - CFD: 22/09/2013 - 12:49:12 - [0,308] ----D C:\Users\Eddy Zakri\AppData\Roaming\File Scout
O43 - CFD: 10/10/2013 - 17:43:42 - [0,267] ----D C:\Users\Eddy Zakri\AppData\Roaming\okitspace =>PUP.Onekit
O43 - CFD: 07/08/2013 - 10:45:01 - [0,259] ----D C:\Users\Eddy Zakri\AppData\Roaming\Softonic =>Toolbar.Conduit
O43 - CFD: 02/08/2012 - 21:27:57 - [0] ----D C:\Users\Eddy Zakri\AppData\Roaming\SpeedMaxPc =>PUP.SpeedMaxPc
O43 - CFD: 05/08/2013 - 20:59:12 - [0,002] ----D C:\Users\Eddy Zakri\AppData\Roaming\Yahoo!
O43 - CFD: 25/09/2012 - 13:05:51 - [0,008] ----D C:\Users\Eddy Zakri\AppData\Roaming\{90140011-0066-040C-0000-0000000FF1CE}
O43 - CFD: 20/07/2013 - 14:15:29 - [0,018] ----D C:\Users\Eddy Zakri\AppData\Local\Ares Mod
O43 - CFD: 30/06/2013 - 06:58:44 - [0] ----D C:\Users\Eddy Zakri\AppData\Local\Prompt Downloader
O43 - CFD: 30/06/2013 - 06:57:47 - [0,295] ----D C:\Users\Eddy Zakri\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 12/10/2013 - 11:29:15 - [0,001] ----D C:\Users\Eddy Zakri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 30/06/2013 - 06:58:44 - [0,002] ----D C:\Users\Eddy Zakri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prompt Downloader
O43 - CFD: 11/09/2013 - 18:16:25 - [0,007] ----D C:\Users\Eddy Zakri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Related Programs
~ 746 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1029 Legitimates Filtered in 04mn 36s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5A1906B623625C26FB70645ACA95BCF4] - 14/10/2013 - 09:52:50 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [32064]
O44 - LFC:[MD5.5A1906B623625C26FB70645ACA95BCF4] - 14/10/2013 - 09:52:50 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [32064]
O44 - LFC:[MD5.5A1906B623625C26FB70645ACA95BCF4] - 14/10/2013 - 09:52:50 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [32064]
O44 - LFC:[MD5.5A1906B623625C26FB70645ACA95BCF4] - 14/10/2013 - 09:52:50 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [32064]
~ Files: 23 Legitimates Filtered in 00mn 48s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{04b37eca-0255-11e2-906c-2c768ae73fbe}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{495b37f8-3ac4-11e2-b8b9-2c768ae73fbe}\AutoRun\command. (...) -- G:\.\Setup.exe (.not file.)
O51 - MPSK:{7e0f21eb-4901-11e2-bbff-2c768ae73fbe}\AutoRun\command. (...) -- G:\Setup.exe (.not file.)
O51 - MPSK:{7f601ac8-2257-11e2-9f31-2c768ae73fbe}\AutoRun\command. (...) -- G:\.\Setup.exe (.not file.)
O51 - MPSK:{9ce2fb93-2904-11e3-85bc-2c768ae73fbe}\AutoRun\command. (...) -- H:\iStudio.exe (.not file.)
O51 - MPSK:{a57d510c-9c0d-11e1-ad32-2c768ae73fbe}\AutoRun\command. (...) -- I:\autorun\autorun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 10/06/2013 - 19:45:12 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys   [283200]
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/01/2013 - 14:21:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\SysWOW64\drivers\ewdcsc.sys   [32768]
~ Drivers: 20 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.dfltLng", "fr"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.id", "bec68cc20000000000009439e57898f3"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.instlDay", "15674"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.instlRef", "na"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.tlbrId", "irhnew"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=bec68cc20000000000009439e57898[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=17425&tt=281112_lng"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar_i.newTab", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar_i.srcExt", "def"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:37:31"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.id", "bec68cc20000000000009439e57898f3");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.instlDay", "15906");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.vrsnTs", "1.8.21.514:16:15");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta_i.babTrack", "affID=120695&tsp=4949");
O69 - SBI: prefs.js [Eddy Zakri - xhe9vf9l.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0C79A1C0-477D-44DD-8E58-878E3311465C} [DefaultScope] - (Search By ZoneAlarm) - http://search.zonealarm.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - http://eu.ask.com
O69 - SBI: SearchScopes [HKCU] {4DAB80A5-7A3E-4CDD-AE89-D146AA010275} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {96CE4CCC-8A77-4A55-B495-1DB2673B7D73} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {B1A0897C-2EA0-488B-901B-71C323DD78C0} - (Search the web (Softonic)) - http://search.softonic.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} - (Wikipedia) - http://fr.wikipedia.org
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F2A14501C58CAAF65D169A12BE452B3D] [SPRF][12/09/2012] (...) -- C:\ProgramData\ntuser.dat   [262144]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{05462040-2A87-4993-A326-9CF8C838A6DA}C:\program files (x86)\aresmod\aresmod.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\aresmod\aresmod.exe (.not file.)
O87 - FAEL: "UDP Query User{731E59C5-F5DD-43CA-8759-7C26E4BC4337}C:\program files (x86)\aresmod\aresmod.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\aresmod\aresmod.exe (.not file.)
O87 - FAEL: "{F707704B-4A26-44BC-A858-596B991FDBBD}" |In - None - P6 - TRUE | .(...) -- C:\Users\Eddy Zakri\AppData\Local\MediaGet2\mediaget.exe (.not file.) =>PUP.MediaGet
O87 - FAEL: "{3DEA7EA5-6F06-4F03-9A8D-A4BD818E2A3B}" |In - None - P17 - TRUE | .(...) -- C:\Users\Eddy Zakri\AppData\Local\MediaGet2\mediaget.exe (.not file.) =>PUP.MediaGet
O87 - FAEL: "TCP Query User{8A88D29C-9281-41DD-8C08-D7A518AE0AD0}C:\users\eddy zakri\videos\jeux\007\bond_ded.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\eddy zakri\videos\jeux\007\bond_ded.exe
O87 - FAEL: "UDP Query User{E621D580-DDDE-44AF-B86A-99083E094302}C:\users\eddy zakri\videos\jeux\007\bond_ded.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\eddy zakri\videos\jeux\007\bond_ded.exe
~ Firewall: 186 Legitimates Filtered in 00mn 04s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\9538ddfbc6fbf43\2.6.1519.190\upd]:="upd=1"
[HKCU\Software\9538ddfbc6fbf43\2.6.1673.238\upd]:="upd=1"
[HKCU\Software\9538ddfbc6fbf43\2.6.1694.246\upd]:="upd="
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144"
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>Hijacker.Eazel
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190"
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238"
[HKCU\Software\9538ddfbc6fbf43]:version="2.6.1694.246"
[HKLM\Software\Wow6432Node\9538ddfbc6fbf43]:version="2.6.1694.246"
~ Export Key Software:  Scanned in 00mn 00s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/10/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/11/2009 98208 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 06/07/2011 204288 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/07/2011 365568 |  (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 08/10/2013 3032032 |  (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
SR - | Auto 10/07/1658 0 |  (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe  =>.EasyBits Software AS
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 04/05/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/05/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/02/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 27/09/2012 86528 |  (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 |  (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SS - | Demand 14/06/2011 1098296 |  (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
SR - | Auto 06/09/2012 197536 |  (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Demand 06/09/2012 1001376 |  (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 05/03/2012 35200 |  (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 27/12/2010 1817088 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 16/08/2012 347120 |  (InternetEverywhere_Service) . (...) - C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
SS - | Demand 30/07/2013 117656 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 02/10/2012 3064000 |  (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 08/01/2013 161536 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 26/09/2013 32256 |  (SrvUpdater) . (...) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe =>PUP.Eorezo
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 01mn 38s



---\\ Scan Additionnel (O88)
Database Version : 12946 - (13/10/2013)
Clés trouvées (Keys found) : 180
Valeurs trouvées (Values found) : 4
Dossiers trouvés  (Folders found) : 21
Fichiers trouvés  (Files found) : 32

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A}]   =>PUP.Onekit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]   =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\BitGuard]   =>PUP.BitGuard^
[HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater]   =>PUP.Eorezo^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]   =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]   =>PUP.BitGuard^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]   =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\okitspace]   =>PUP.Onekit^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]   =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}]   =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]   =>Toolbar.ZoneAlarm
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]   =>Toolbar.ZoneAlarm
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]   =>Toolbar.Bing
[HKLM\Software\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Classes\S]   =>Toolbar.Agent
[HKLM\Software\Classes\Updater.AmiUpd]   =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1]   =>PUP.Software.Updater
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater]   =>Toolbar.Ask
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr]   =>Adware.Bandoo
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Softonic]   =>Toolbar.Conduit
[HKCU\Software\SpeedMaxPc]   =>PUP.SpeedMaxPc
[HKLM\Software\Wow6432Node\SpeedMaxPc]   =>PUP.SpeedMaxPc
[HKLM\Software\Tarma Installer]   =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]   =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}]   =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}]   =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}]   =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}]   =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}]   =>Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\softonic]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Toolbar]   =>Toolbar.ZoneAlarm
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\VBMZ]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]   =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}]   =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1]   =>PUP.Funmoods
[HKLM\Software\Classes\ScriptHost.Tool.1]   =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHost.Tool]   =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dppahnkclbmppnmcoifolpjmeppoakfb]   =>PUP.Facemoi
[HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\SoftwareUpdater]   =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater]   =>Hijacker.Eazel
[HKLM\Software\Classes\AppID\BabylonHelper.EXE]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh]   =>Adware.WebCake
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]   =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]   =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}]   =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32]   =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS]   =>Adware.WebCake
[HKLM\Software\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:GM4IE   =>PUP.Facemoi^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Facemoi   =>PUP.Facemoi^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}   =>Toolbar.Avira
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\ffxtlbr@delta.com   =>Toolbar.DeltaSearch^
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\plugin@getwebcake.com   =>Adware.WebCake^
C:\Program Files (x86)\MyPC Backup   =>PUP.MyPCBackup^
C:\Program Files (x86)\Softonic   =>Toolbar.Conduit^
C:\Program Files (x86)\Common Files\SpeedMaxPc   =>PUP.SpeedMaxPc^
C:\ProgramData\Babylon   =>Toolbar.Babylon^
C:\ProgramData\BitGuard   =>PUP.BitGuard^
C:\ProgramData\Media Get LLC   =>PUP.MediaGet^
C:\ProgramData\SpeedMaxPc   =>PUP.SpeedMaxPc^
C:\ProgramData\Tarma Installer   =>PUP.Tarma^
C:\Users\Eddy Zakri\AppData\Roaming\BabSolution   =>Hijacker.BabSolution^
C:\Users\Eddy Zakri\AppData\Roaming\Babylon   =>Toolbar.Babylon^
C:\Users\Eddy Zakri\AppData\Roaming\okitspace   =>PUP.Onekit^
C:\Users\Eddy Zakri\AppData\Roaming\Softonic   =>Toolbar.Conduit^
C:\Users\Eddy Zakri\AppData\Roaming\SpeedMaxPc   =>PUP.SpeedMaxPc^
C:\Users\Eddy Zakri\AppData\Local\SwvUpdater   =>PUP.Software.Updater^
C:\Users\Eddy Zakri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard   =>PUP.BitGuard^
C:\Users\Eddy Zakri\AppData\Local\RavenBleuSA   =>Adware.Gabpath
C:\Users\Eddy Zakri\AppData\LocalLow\BabylonToolbar   =>Toolbar.Babylon
C:\Users\Eddy Zakri\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde   =>Toolbar.DeltaSearch
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\Extensions\ffxtlbr@delta.com   =>PUP.Funmoods
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\bprotector_extensions.sqlite   =>PUP.BProtector
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\bprotector_prefs.js   =>PUP.BProtector
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\SearchPlugins\zonealarm.xml   =>Toolbar.ZoneAlarm
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe   =>PUP.BitGuard^
C:\Facemoi\facemoi.exe   =>PUP.Facemoi^
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\babylon.xml   =>Toolbar.Babylon^
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\delta.xml   =>Toolbar.DeltaSearch^
C:\Users\Eddy Zakri\AppData\Roaming\Mozilla\Firefox\Profiles\xhe9vf9l.default\searchplugins\softonic.xml   =>Toolbar.Conduit^
C:\Users\Eddy Zakri\AppData\Roaming\okitspace\IE\OKitSpace.dll   =>PUP.Onekit^
C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll   =>Toolbar.DeltaSearch^
C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll   =>Toolbar.Conduit^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll   =>Toolbar.Google^
c:\Facemoi\facemoi.exe   =>PUP.Facemoi^
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe   =>PUP.Eorezo^
C:\Windows\Tasks\AmiUpdXp.job   =>PUP.Software.Updater^
C:\Windows\Tasks\SpeedMaxPc Registration3.job   =>PUP.SpeedMaxPc^
C:\Windows\Tasks\SpeedMaxPc Update3.job   =>PUP.SpeedMaxPc^
C:\Windows\Tasks\SpeedMaxPc.job   =>PUP.SpeedMaxPc^
C:\Users\Eddy Zakri\AppData\Local\SwvUpdater\Updater.exe   =>PUP.Software.Updater^
C:\Users\Eddy Zakri\AppData\Roaming\BabSolution\Shared\BabMaint.exe   =>Hijacker.BabSolution^
C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe   =>PUP.SpeedMaxPc^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
[HKCU\Software\Babylon]   =>Toolbar.Babylon^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar]   =>PUP.Datamngr^
[HKCU\Software\Datamngr]   =>PUP.Datamngr^
[HKCU\Software\Media Get LLC]   =>PUP.MediaGet^
[HKLM\Software\Wow6432Node\Babylon]   =>Toolbar.Babylon^
[HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll"   =>Hijacker.Eazel^
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll"   =>Hijacker.Eazel^
[HKCU\Software\9538ddfbc6fbf43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll"   =>PUP.BitGuard^
~ Additionnel Scan: 303036 Items scanned in 04mn 52s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard   =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/28426583-pup-facemoi   =>PUP.Facemoi
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake   =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/33456961-pup-onekit   =>PUP.OneKit
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google   =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo   =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater   =>PUP.Software.Updater
~ http://nicolascoolman.webs.com/apps/blog/show/28947219-pup-speedmaxpc   =>PUP.SpeedMaxPc
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask   =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/28151468-pup-mediaget   =>PUP.MediaGet
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup   =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults   =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel   =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype   =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing    =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods   =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector   =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo   =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/28419247-toolbar-avira   =>Toolbar.Avira
~ http://nicolascoolman.webs.com/apps/blog/show/27254456-adware-gabpath  =>Adware.Gabpath
~ MSI: 28 link(s) detected in 04mn 53s



~ 2077 Legitimates filtered by white list
End of the scan (883 lines in 17mn 21s)(0)