~ Rapport de ZHPDiag v2013.9.16.270 - Nicolas Coolman  (16/09/2013)
~ Lancé par jean-pierre balire (17/09/2013 15:03:35)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v28.0.1500.95

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
McAfee Internet Security Suite v10.5.247
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6143 MB (83% free)
System Restore: Activé (Enable)
System drive C: has 611 GB (88%) free of 690 GB

---\\ Mode de connexion au système
~ Computer Name: JP-BALIRE
~ User Name: jean-pierre balire
~ All Users Names: UpdatusUser, jean-pierre balire, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\jean-pierre balire\AppData\Roaming\
~ %Desktop% : C:\Users\jean-pierre balire\Desktop\
~ %Favorites% : C:\Users\jean-pierre balire\Favorites\
~ %LocalAppData% : C:\Users\jean-pierre balire\AppData\Local\
~ %StartMenu% : C:\Users\jean-pierre balire\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 611 Go of 690 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 690 Go of 690 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1000
~ Mes musiques (My Musics) : 61/1616
~ Mes Favoris (My Favorites) : 1/35
~ Mes Documents (My Documents) : 1/11
~ Mon Bureau (My Desktop) : 1/1617
~ Menu demarrer (Programs) : 1/33
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.C16EDEA635300AC0EE58E182A04D71B6] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   [6563184] [PID.2732]  =>PUP.AdvancedSystemProtector
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe   [186904] [PID.2764]
[MD5.0D6972A795995F07B6D78CA7724744FB] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe   [349552] [PID.1648]
[MD5.12336775941D49CE6A4D6F391CB5E02F] - (.WebCake LLC - WebCake Desktop.) -- C:\Users\jean-pierre balire\AppData\Roaming\Betcat\WebCakeDesktop.exe   [50968] [PID.3400]  =>Adware.WebCake
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe   [0] [PID.2480]
[MD5.315055836A527891439983388DA582E3] - (.Nosibay - Bubble Dock.) -- C:\Users\jean-pierre balire\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe   [666200] [PID.2328]  =>Toolbar.BubbleDock
[MD5.A6E68809BD3B6D0CE8F8782CC1626F12] - (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe   [1011792] [PID.3612]  =>Hijacker.22Find
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe   [272248] [PID.3688]
[MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe   [407920] [PID.3256]
[MD5.0540C38069CD5212B241E62AC1990201] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe   [611872] [PID.3780]
[MD5.43E09197B47EEEE1792599B989BCDC97] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe   [1074736] [PID.3796]  =>Adware.IMBooster
[MD5.CDA7B5B66E1B8845245F79313415C46A] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe   [884784] [PID.3080]  =>Adware.IMBooster
[MD5.F255E48EA981E943A14CF16269F3F3AF] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe   [201584] [PID.4428]
[MD5.C353DC5F7D699595EBA16D60373ABE73] - (.Nosibay - Bubble Dock.) -- C:\Users\jean-pierre balire\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe   [4667992] [PID.2328]  =>Toolbar.BubbleDock
[MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe   [1917440] [PID.5588]
[MD5.C52F40B273428861B06E9D027C80F8A4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7963648] [PID.4980]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe   [383264] [PID.948]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65192] [PID.1652]
[MD5.ED90E0B7C4088810A1EBDDB3BF120FA4] - (...) -- C:\Program Files (x86)\BasicServe\basicserve.exe   [22528] [PID.1928]  =>Adware.BasicScan
[MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe   [23584] [PID.2012]
[MD5.25E40292DD289F644660F440F38239BE] - (.RealNetworks, Inc. - Online Games Manager.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe   [559552] [PID.1916]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe   [207528] [PID.2268]
[MD5.1B6EBAA539502C816930AE4FC9F192FE] - (.Iminent - Iminent Protection.) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe   [2868544] [PID.2320]  =>Adware.IMBooster
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe   [243232] [PID.2412]
[MD5.719AD5D66260CBB4A014719C20868B16] - (.cake bake - Desktop.Updater.) -- C:\Program Files (x86)\Movdap\WBDesktop.Updater.1.0.0.16.exe   [51992] [PID.2440]  =>Adware.WebCake
[MD5.7548066DF68A8A1A56B043359F915F37] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe   [354840] [PID.2604]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe   [523944] [PID.2832]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe   [822504] [PID.1568]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://isearch.babylon.com  =>Toolbar.Babylon
G0 - GCSP: Preference [User Data\Default][HomePage] http://isearch.babylon.com  =>Toolbar.Babylon
G0 - GCSP: Preference [User Data\Default] http://isearch.babylon.com  =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [algmakeomkafjglfhpomolfhjppoojff] Pricora v.1.24.75, (Activé)  =>Adware.Pricora
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Activé)  =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [fjoijdanhaiflhibkljeklcghcmmfffh] Web Cake v.1.0.3 (Activé)  =>Adware.WebCake
G2 - GCE: Preference [User Data\Default] [igdhbblpcellaljokkpfhcjlagemhgjl] Iminent v.7.33.3.1, (Activé)  =>Adware.IMBooster
G2 - GCE: Preference [User Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé)  =>Toolbar.BubbleDock
G2 - GCE: Preference [User Data\Default] [okkbcpjgdooahcefofhjdpacngfecaaa] Lyrics-Fan v.1.128 (Activé)  =>Adware.AddLyrics
~ Google Browser: 18 Legitimates Filtered in 00mn 09s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\prefs.js
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\user.js
M3 - MFPP: Plugins - [jean-pierre balire] -- C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\searchplugins\babylon.xml  =>Toolbar.Babylon
M0 - MFSP: prefs.js [jean-pierre balire - z26etssb.default] http://www1.delta-search.com  =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [jean-pierre balire - z26etssb.default\94ae0976-89df-4347-9771-5371c6e203bf@3796dc63-d06d-4575-a997-9b5c935fe915.com] [] Pricora v (..)  =>Adware.Pricora
M2 - MFEP: prefs.js [jean-pierre balire - z26etssb.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)  =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [jean-pierre balire - z26etssb.default\plugin@getwebcake.com] [] WebCake v1.00.01 (..)  =>Adware.WebCake
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com  =>Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com  =>Hijacker.Qvo6
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com  =>Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com  =>Hijacker.Qvo6
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=Userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0035329 [64Bits] - {11111111-1111-1111-1111-110311531129} . (.Corporate Inc - Pricora BHO.) -- C:\Program Files (x86)\Pricora\Pricora-bho.dll  =>Adware.Pricora
O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- C:\Program Files\mcafee\msk\mskapbho.dll
O2 - BHO: WebCake Layers [64Bits] - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} . (.Let Them Eat Web-Cake LLC - Web-Cake Runtime.) -- C:\Program Files (x86)\Movdap\WebCakeIEClient.dll  =>Adware.WebCake
O2 - BHO: IMinent WebBooster [64Bits] - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.Iminent - Iminent BHO.) -- C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll  =>Adware.IMBooster
O2 - BHO: Lyrics-Fan [64Bits] - {a143a099-193e-4fc4-8a86-298747997798} . (.Lyrics-Fan - Pas de description.) -- C:\Program Files (x86)\Lyrics_Fan\128.dll  =>Adware.AddLyrics
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll  =>Toolbar.DeltaSearch
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acer GameZone Console.lnk . (.Oberon Media Inc. - Acer GameZone Console.)  -- C:\Program Files (x86)\Acer GameZone\GameConsole\Acer Game Console.exe 
O4 - GS\Desktop [Public]: Acer Registration.lnk . (.Acer Incorporated - Global Registration.)  -- C:\Program Files (x86)\Acer\Registration\GREG.exe 
O4 - GS\Desktop [Public]: Advanced System Protector.lnk . (.Systweak - Advanced System Protector.)  -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe  =>PUP.AdvancedSystemProtector
O4 - GS\Desktop [Public]: Boutique Accessoires Acer.lnk . (...)  -- C:\Program Files (x86)\Acer Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.)  -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe 
O4 - GS\Desktop [Public]: Rappelz.lnk . (.GALALAB - Rappelz Launcher.)  -- C:\Program Files\gPotato.eu\Rappelz\Launcher.exe 
O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.)  -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe  =>Rogue.RegistryPowerCleaner
O4 - GS\Program [jean-pierre balire]: Webplayer.lnk . (...)  -- C:\Users\jean-pierre balire\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_87FBFC29DF64F25EB06E85.exe
O4 - GS\SendTo [jean-pierre balire]: Desk 365.lnk . (.337 Technology Limited. - Desk 365 application.)  -- C:\Program Files (x86)\Desk 365\desk365.exe  =>Hijacker.22Find
O4 - GS\Desktop [jean-pierre balire]: Big City Adventure - Tokyo.lnk . (...)  -- C:\Zylom Games\Big City Adventure - Tokyo\BigCityAdventureTokyo.exe (.not file.)
O4 - GS\Desktop [jean-pierre balire]: Images - Raccourci (2).lnk . (...)  -- C:\Users\jean-pierre balire\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms 
O4 - GS\Desktop [jean-pierre balire]: Nettoyez votre registre gratuitement!.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre balire]: Olivier N'GOMA - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre balire]: Réseau - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [jean-pierre balire]: Webplayer.lnk . (...)  -- C:\Users\jean-pierre balire\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_9C168E6CA614D22B5C2885.exe
~ Global Startup: 92 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.)  -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe 
O4 - GS\Startup [jean-pierre balire]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.)  -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe  =>PUP.MyPCBackup
O4 - GS\Startup [jean-pierre balire]: NexGen Media Player.lnk . (...)  -- C:\Users\jean-pierre balire\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe (.not file.)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe 
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe 
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKCU\..\Run: [WebCake Desktop] . (.WebCake LLC - WebCake Desktop.) -- C:\Users\jean-pierre balire\AppData\Roaming\Betcat\WebCakeDesktop.exe  =>Adware.WebCake
O4 - HKCU\..\Run: [NTRedirect] . (.Pas de propriétaire - enhancedNT.) -- C:\Users\jean-pierre balire\AppData\Roaming\BabSolution\Shared\enhancedNT.dll  =>Hijacker.BabSolution
O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\jean-pierre balire\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe  =>Toolbar.BubbleDock
O4 - HKCU\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe  =>Hijacker.22Find
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe 
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe 
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe 
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe 
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe 
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Wow6432Node\Run: [Iminent] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe  =>Adware.IMBooster
O4 - HKLM\..\Wow6432Node\Run: [IminentMessenger] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe  =>Adware.IMBooster
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-978985087-2098335296-3233521139-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKUS\S-1-5-21-978985087-2098335296-3233521139-1000\..\Run: [WebCake Desktop] . (.WebCake LLC - WebCake Desktop.) -- C:\Users\jean-pierre balire\AppData\Roaming\Betcat\WebCakeDesktop.exe  =>Adware.WebCake
O4 - HKUS\S-1-5-21-978985087-2098335296-3233521139-1000\..\Run: [NTRedirect] . (.Pas de propriétaire - enhancedNT.) -- C:\Users\jean-pierre balire\AppData\Roaming\BabSolution\Shared\enhancedNT.dll  =>Hijacker.BabSolution
O4 - HKUS\S-1-5-21-978985087-2098335296-3233521139-1000\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\jean-pierre balire\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe  =>Toolbar.BubbleDock
O4 - HKUS\S-1-5-21-978985087-2098335296-3233521139-1000\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe  =>Hijacker.22Find
~ Application:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{897DBF57-324A-4769-935B-00F2DDD9D187}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{897DBF57-324A-4769-935B-00F2DDD9D187}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe  =>PUP.MyPCBackup
O23 - Service: BasicServe Service (BasicServe Service) . (...) - C:\Program Files (x86)\BasicServe\basicserve.exe  =>Adware.BasicScan
O23 - Service: Desk 365 service (desksvc) . (.337 Technology Limited. - dsk service.) - C:\Program Files (x86)\Desk 365\deskSvc.exe  =>Hijacker.22Find
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe  =>Adware.IMBooster
O23 - Service:  (WebCakeUpdater) . (.cake bake - Desktop.Updater.) - C:\Program Files (x86)\Movdap\WBDesktop.Updater.1.0.0.16.exe  =>Adware.WebCake
~ Services: 26 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Lyrics-Fan Update.job   [398]  =>Adware.AddLyrics
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Pricora-chromeinstaller.job   [1898]  =>Adware.Pricora
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Pricora-codedownloader.job   [1200]  =>Adware.Pricora
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Pricora-enabler.job   [1100]  =>Adware.Pricora
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Pricora-firefoxinstaller.job   [1824]  =>Adware.Pricora
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Pricora-updater.job   [1196]  =>Adware.Pricora
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RegClean Pro_DEFAULT.job   [302]  =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RegClean Pro_UPDATES.job   [310]  =>Rogue.RegistryPowerCleaner
[MD5.C16EDEA635300AC0EE58E182A04D71B6] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   [6563184]  =>PUP.AdvancedSystemProtector
[MD5.A6E68809BD3B6D0CE8F8782CC1626F12] [APT] [Desk 365 RunAsStdUser] (.337 Technology Limited..) -- C:\Program Files (x86)\Desk 365\desk365.exe   [1011792]  =>Hijacker.22Find
[MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\jean-pierre balire\AppData\Roaming\BabSolution\Shared\BabMaint.exe   [10320]  =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [Lyrics-Fan Update] (...) -- C:\Program Files (x86)\Lyrics_Fan\lrcsfans.exe (.not file.)   [0]  =>Adware.AddLyrics
[MD5.59BE5C8AD4758A4405E13BCE1D3BE665] [APT] [Pricora-chromeinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-chromeinstaller.exe   [460800]  =>Adware.Pricora
[MD5.DAA7EAAEEB67125192A16FCCE7EEDD9D] [APT] [Pricora-codedownloader] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe   [476672]  =>Adware.Pricora
[MD5.1696645FDB0519682C3D79DACA321A71] [APT] [Pricora-enabler] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-enabler.exe   [342528]  =>Adware.Pricora
[MD5.D724F163E9FE2848318E0807B3CE563D] [APT] [Pricora-firefoxinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-firefoxinstaller.exe   [722432]  =>Adware.Pricora
[MD5.38D5A3A91582699F43193E3D754DECE9] [APT] [Pricora-updater] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-updater.exe   [362496]  =>Adware.Pricora
[MD5.5D7F3F64B6B50FE348DD6295B1C97561] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   [7867736]  =>Rogue.RegistryPowerCleaner
[MD5.5D7F3F64B6B50FE348DD6295B1C97561] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   [7867736]  =>Rogue.RegistryPowerCleaner
[MD5.5D7F3F64B6B50FE348DD6295B1C97561] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   [7867736]  =>Rogue.RegistryPowerCleaner
[MD5.38E1EAFA47427858FBB9F40BCD375F38] [APT] [{CD3AF999-3FA3-4C90-A576-A5D64151A33B}] (...) -- C:\Users\jean-pierre balire\Downloads\webplayer (2).exe   [523384]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1  =>PUP.AdvancedSystemProtector
O42 - Logiciel: BasicServe 1.0 build 113 - (...) [HKLM][64Bits] -- BasicServe  =>Adware.BasicScan
O42 - Logiciel: Delta toolbar   - (.Delta.) [HKLM][64Bits] -- delta  =>Toolbar.DeltaSearch
O42 - Logiciel: Desk 365 - (.337 Technology Limited..) [HKLM][64Bits] -- Desk 365  =>Hijacker.22Find
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP  =>Adware.IMBooster
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {E931F892-098A-4C81-8DED-4013DB9E3B69}  =>Adware.IMBooster
O42 - Logiciel: Lyrics-Fan - (.LyricsFans Engineers.) [HKLM][64Bits] -- lyricsfan@lrcsfan.co  =>Adware.AddLyrics
O42 - Logiciel: MyPC Backup  - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup  =>PUP.MyPCBackup
O42 - Logiciel: Pricora - (.Corporate Inc.) [HKLM][64Bits] -- Pricora  =>Adware.Pricora
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1  =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Web Cake 3.00 - (.Web Cake LLC.) [HKLM][64Bits] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38}  =>Adware.WebCake
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- Webplayer  =>Adware.SocialSkinz
~ Logic: 132 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution]  =>Hijacker.BabSolution
[HKCU\Software\Delta]
[HKCU\Software\Iminent]  =>Adware.IMBooster
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions]  =>Adware.VidSaver
[HKCU\Software\NexGenMediaPlayer]
[HKCU\Software\V9]
[HKLM\Software\Tarma Installer]  =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Iminent]  =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Umbrella]
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\eSafeSecControl]  =>PUP.eSafeSecurity
~ Key Software: 189 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/08/2013 - 04:06:27 - [18,345] ----D C:\Program Files (x86)\Advanced System Protector  =>PUP.AdvancedSystemProtector
O43 - CFD: 03/09/2013 - 09:55:14 - [1,341] ----D C:\Program Files (x86)\BasicServe  =>Adware.BasicScan
O43 - CFD: 08/08/2013 - 04:05:18 - [4,782] ----D C:\Program Files (x86)\Delta
O43 - CFD: 17/09/2013 - 13:31:57 - [10,392] ----D C:\Program Files (x86)\Desk 365  =>Hijacker.22Find
O43 - CFD: 18/08/2013 - 20:54:15 - [16,149] ----D C:\Program Files (x86)\Iminent  =>Adware.IMBooster
O43 - CFD: 25/08/2013 - 15:41:05 - [0,885] ----D C:\Program Files (x86)\Lyrics_Fan  =>Adware.AddLyrics
O43 - CFD: 16/08/2013 - 00:52:53 - [0,294] ----D C:\Program Files (x86)\Movdap
O43 - CFD: 18/08/2013 - 01:33:11 - [27,298] ----D C:\Program Files (x86)\MyPC Backup  =>PUP.MyPCBackup
O43 - CFD: 08/08/2013 - 04:05:16 - [7,481] ----D C:\Program Files (x86)\Pricora  =>Adware.Pricora
O43 - CFD: 08/08/2013 - 04:05:36 - [14,400] ----D C:\Program Files (x86)\RegClean Pro  =>Rogue.RegistryPowerCleaner
O43 - CFD: 13/08/2013 - 12:57:13 - [0,783] ----D C:\Program Files (x86)\Web Cake  =>Adware.WebCake
O43 - CFD: 16/09/2013 - 18:45:24 - [33,331] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 18/08/2013 - 20:53:59 - [2,736] ----D C:\Program Files (x86)\Common Files\Umbrella
O43 - CFD: 08/08/2013 - 04:04:33 - [0] ----D C:\ProgramData\Babylon  =>Toolbar.Babylon
O43 - CFD: 27/08/2013 - 23:38:42 - [0,021] ----D C:\ProgramData\BasicServe  =>Adware.BasicScan
O43 - CFD: 17/08/2013 - 10:45:56 - [0,080] ----D C:\ProgramData\eSafe
O43 - CFD: 18/08/2013 - 20:54:16 - [0,337] ----D C:\ProgramData\Iminent  =>Adware.IMBooster
O43 - CFD: 08/08/2013 - 03:52:40 - [2,737] ----D C:\ProgramData\Tarma Installer  =>Toolbar.Tarma
O43 - CFD: 18/02/2013 - 16:43:23 - [2,918] ----D C:\ProgramData\Trymedia  =>Adware.Trymedia
O43 - CFD: 08/08/2013 - 04:05:11 - [1,564] ----D C:\Users\jean-pierre balire\AppData\Roaming\BabSolution  =>Hijacker.BabSolution
O43 - CFD: 08/08/2013 - 04:04:33 - [0,006] ----D C:\Users\jean-pierre balire\AppData\Roaming\Babylon  =>Toolbar.Babylon
O43 - CFD: 08/08/2013 - 04:05:16 - [0,259] ----D C:\Users\jean-pierre balire\AppData\Roaming\Delta
O43 - CFD: 13/08/2013 - 11:57:04 - [25,410] ----D C:\Users\jean-pierre balire\AppData\Roaming\Desk 365  =>Hijacker.22Find
O43 - CFD: 08/08/2013 - 03:51:59 - [5,768] ----D C:\Users\jean-pierre balire\AppData\Roaming\eIntaller
O43 - CFD: 18/08/2013 - 20:54:18 - [0,035] ----D C:\Users\jean-pierre balire\AppData\Roaming\Iminent  =>Adware.IMBooster
O43 - CFD: 16/09/2013 - 18:44:27 - [1,361] ----D C:\Users\jean-pierre balire\AppData\Roaming\Movdap
O43 - CFD: 05/08/2013 - 17:12:55 - [0] ----D C:\Users\jean-pierre balire\AppData\Roaming\Reg
O43 - CFD: 12/08/2013 - 09:27:22 - [1,253] ----D C:\Users\jean-pierre balire\AppData\Roaming\Web Cake  =>Adware.WebCake
O43 - CFD: 08/08/2013 - 05:57:52 - [2,429] ----D C:\Users\jean-pierre balire\AppData\Local\NexGenMediaPlayer
O43 - CFD: 08/08/2013 - 04:07:54 - [0,002] ----D C:\Users\jean-pierre balire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup  =>PUP.MyPCBackup
~ Program Folder: 180 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.03309D5399A049DC6885DB8EC57CBC6A] - 17/09/2013 - 12:40:16 ---A- . (...) -- C:\Windows\wininit.ini   [1880]
~ Files: 138 Legitimates Filtered in 00mn 02s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d22bf44d-2372-11e2-9b4f-806e6f6e6963}\AutoRun\command. (...) -- E:\TRAININGCODE.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48  . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) --  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.qvo6.com  =>Hijacker.Qvo6
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) --  C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com  =>Hijacker.Qvo6
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.crossrider.bic", "1405cea884ab400a744540b8e123dc79");  =>PUP.CrossRider
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.id", "f27c419c000000000000f80f4120220c");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.instlDay", "15935");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.vrsn", "1.8.24.5");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.vrsnTs", "1.8.24.521:37:00");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta.vrsni", "1.8.24.5");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4978");
O69 - SBI: prefs.js [jean-pierre balire - z26etssb.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www1.delta-search.com  =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (qvo6) - http://search.qvo6.com  =>Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com  =>Adware.BasicScan
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com  =>Adware.BasicScan
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} - (BasicServe) - http://www.basicserve.com  =>Adware.BasicScan
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][02/03/2010] (...) -- C:\ProgramData\FullRemove.exe   [131984]
[MD5.6E1799926209C193FDB2E05A271C5B49] [SPRF][08/08/2013] (...) -- C:\Users\jean-pierre balire\AppData\Local\Temp\BackupSetup.exe   [10340624]
[MD5.92BB4D06B78DCC7964D55BA14DDD9B3F] [SPRF][11/11/2012] (...) -- C:\Users\jean-pierre balire\AppData\Local\Temp\defaultCache.reg   [52594]
[MD5.2C2C0AD9F7E08173D6F34975513BAB42] [SPRF][24/07/2013] (.Systweak Inc - RegClean Pro.) -- C:\Users\jean-pierre balire\AppData\Local\Temp\RegClean4.exe   [4372064]  =>Rogue.RegistryPowerCleaner
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{FC13CAEA-4AB0-4903-B75D-20207235A294}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.)
O87 - FAEL: "{FA4B3496-7F33-40D9-9652-11D2F0190E8F}" | In - None - P6 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe  =>Adware.IMBooster
O87 - FAEL: "{647B3F45-6617-47D9-8D01-FC51D540432C}" | In - None - P6 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe  =>Adware.IMBooster
~ Firewall: 178 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "298F139EA89018C4D8DE0431BDE9B396" . (.Iminent.) -- C:\Windows\Installer\{E931F892-098A-4C81-8DED-4013DB9E3B69}\imbooster.ico  =>Adware.IMBooster
O90 - PUC: "90C64EA18BA25EE488BF80DCF07F2FFD" . (.Bing Bar.) -- C:\Windows\Installer\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}\icon_installer_ico  =>Toolbar.Bing
~ Update Products: 84 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F037F4A7DF189151942D7F88FDC9B728] [WIS][18/08/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\20247ba.msi   [10207232]  =>Adware.IMBooster
~ WIS: 86 Legitimates Filtered in 00mn 02s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 16/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 01/07/2013 32808 |  (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe  =>PUP.MyPCBackup
SR - | Auto 27/08/2013 22528 |  (BasicServe Service) . (...) - C:\Program Files (x86)\BasicServe\basicserve.exe  =>Adware.BasicScan
SS - | Auto 11/06/2012 193616 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
SR - | Demand 11/06/2012 240208 |  (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
SS - | Auto 16/09/2013 424016 |  (desksvc) . (.337 Technology Limited..) - C:\Program Files (x86)\Desk 365\deskSvc.exe  =>Hijacker.22Find
SR - | Auto 08/01/2010 23584 |  (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SS - | Auto 21/07/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/07/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 05/06/2009 354840 |  (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 355440 |  (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 05/02/2013 235216 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SR - | Auto 10/03/2010 355440 |  (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 07/10/2010 509416 |  (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 10/03/2010 355440 |  (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 10/03/2010 355440 |  (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 14/04/2011 200056 |  (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 14/04/2011 245352 |  (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 14/04/2011 149032 |  (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
SS - | Demand 16/09/2013 117656 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 10/03/2010 355440 |  (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 27/05/2010 305520 |  (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
SS - | Demand 15/01/2010 935208 |  (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 01/06/2010 2804568 |  (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
SR - | Auto 18/01/2013 884512 |  (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 08/08/2013 559552 |  (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
SS - | Auto 13/07/2012 160944 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 07/08/2013 2868544 |  (SProtection) . (.Iminent.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe  =>Adware.IMBooster
SR - | Auto 18/01/2013 383264 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 29/01/2010 243232 |  (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 15/08/2013 51992 |  (WebCakeUpdater) . (.cake bake.) - C:\Program Files (x86)\Movdap\WBDesktop.Updater.1.0.0.16.exe  =>Adware.WebCake
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12920 - (16/09/2013)
Clés trouvées (Keys found) : 335
Valeurs trouvées (Values found) : 6
Dossiers trouvés  (Folders found) : 35
Fichiers trouvés  (Files found) : 43

[HKLM\Software\Google\Chrome\Extensions\algmakeomkafjglfhpomolfhjppoojff]   =>Adware.Pricora^
[HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]   =>Toolbar.DeltaSearch^
[HKLM\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh]   =>Adware.WebCake^
[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl]   =>Adware.IMBooster^
[HKLM\Software\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp]   =>Toolbar.BubbleDock^
[HKLM\Software\Google\Chrome\Extensions\okkbcpjgdooahcefofhjdpacngfecaaa]   =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531129}]   =>Adware.Pricora^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]   =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]   =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A143A099-193E-4FC4-8A86-298747997798}]   =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack]   =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\BasicServe Service]   =>Adware.BasicScan^
[HKLM\SYSTEM\CurrentControlSet\Services\desksvc]   =>Hijacker.22Find^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection]   =>Adware.IMBooster^
[HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater]   =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]   =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BasicServe]   =>Adware.BasicScan^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365]   =>Hijacker.22Find^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP]   =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E931F892-098A-4C81-8DED-4013DB9E3B69}]   =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\lyricsfan@lrcsfan.co]   =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup]   =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora]   =>Adware.Pricora^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1]   =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]   =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webplayer]   =>Adware.SocialSkinz^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}]   =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]   =>Toolbar.Bing
[HKLM\Software\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKCU\Software\Iminent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent]   =>Adware.IMBooster
[HKLM\Software\Tarma Installer]   =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]   =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365]   =>Hijacker.22find
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1]   =>PUP.Funmoods
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]   =>Hijacker.22find
[HKLM\Software\Wow6432Node\qvo6Software]   =>Hijacker.Qvo6
[HKLM\Software\Wow6432Node\eSafeSecControl]   =>PUP.eSafeSecurity
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh]   =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pricora]   =>Adware.Pricora
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc]   =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32]   =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS]   =>Adware.WebCake
[HKCU\Software\InstalledBrowserExtensions]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]   =>Adware.WebCake
[HKLM\Software\Classes\WebCakeIEClient.Api]   =>
[HKLM\Software\Classes\WebCakeIEClient.Api.1]   =>
[HKLM\Software\Classes\AppID\WebCakeIEClient.DLL]   =>
[HKLM\Software\Classes\CrossriderApp0035329.BHO]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0035329.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0035329.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0035329.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\iminent]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.DownloadArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.RawDataArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.TinyUrlArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.ViralLinkArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ClientCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ContractBase]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightContent]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightUri]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.MediatorServiceProxy]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandle.1]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandler]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler.1]   =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.BHO]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\iminent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.DownloadArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.RawDataArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.TinyUrlArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.ViralLinkArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ClientCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ContractBase]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightContent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightUri]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.MediatorServiceProxy]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandle.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandler]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531129}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311531129}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322532229}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531129}]   =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WebCake Desktop   =>Adware.WebCake^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Iminent   =>Adware.IMBooster^
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\94ae0976-89df-4347-9771-5371c6e203bf@3796dc63-d06d-4575-a997-9b5c935fe915.com   =>Adware.Pricora^
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\ffxtlbr@delta.com   =>Toolbar.DeltaSearch^
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\plugin@getwebcake.com   =>Adware.WebCake^
C:\Program Files (x86)\Advanced System Protector   =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\BasicServe   =>Adware.BasicScan^
C:\Program Files (x86)\Desk 365   =>Hijacker.22Find^
C:\Program Files (x86)\Iminent   =>Adware.IMBooster^
C:\Program Files (x86)\Lyrics_Fan   =>Adware.AddLyrics^
C:\Program Files (x86)\MyPC Backup   =>PUP.MyPCBackup^
C:\Program Files (x86)\Pricora   =>Adware.Pricora^
C:\Program Files (x86)\RegClean Pro   =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\Web Cake   =>Adware.WebCake^
C:\ProgramData\Babylon   =>Toolbar.Babylon^
C:\ProgramData\BasicServe   =>Adware.BasicScan^
C:\ProgramData\Iminent   =>Adware.IMBooster^
C:\ProgramData\Tarma Installer   =>Toolbar.Tarma^
C:\ProgramData\Trymedia   =>Adware.Trymedia^
C:\Users\jean-pierre balire\AppData\Roaming\BabSolution   =>Hijacker.BabSolution^
C:\Users\jean-pierre balire\AppData\Roaming\Babylon   =>Toolbar.Babylon^
C:\Users\jean-pierre balire\AppData\Roaming\Desk 365   =>Hijacker.22Find^
C:\Users\jean-pierre balire\AppData\Roaming\Iminent   =>Adware.IMBooster^
C:\Users\jean-pierre balire\AppData\Roaming\Web Cake   =>Adware.WebCake^
C:\Users\jean-pierre balire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup   =>PUP.MyPCBackup^
C:\Program Files (x86)\Common Files\Umbrella   =>Adware.IMBooster
C:\Program Files (x86)\Common Files\337   =>Hijacker.22find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent   =>Adware.IMBooster
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365   =>Hijacker.22find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro   =>Rogue.RegistryPowerCleaner
C:\Users\jean-pierre balire\AppData\Roaming\eIntaller   =>PUP.eSafeSecurity
C:\Users\jean-pierre balire\AppData\Local\Temp\Iminent   =>Adware.IMBooster
C:\Users\jean-pierre balire\AppData\Local\Temp\Desk365   =>Hijacker.22find
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde   =>Toolbar.DeltaSearch
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh   =>Adware.WebCake
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Extensions\algmakeomkafjglfhpomolfhjppoojff   =>Adware.Pricora
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\Extensions\ffxtlbr@delta.com   =>PUP.Funmoods
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   =>PUP.AdvancedSystemProtector^
C:\Users\jean-pierre balire\AppData\Roaming\Betcat\WebCakeDesktop.exe   =>Adware.WebCake^
C:\Users\jean-pierre balire\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe   =>Toolbar.BubbleDock^
C:\Program Files (x86)\Desk 365\desk365.exe   =>Hijacker.22Find^
C:\Program Files (x86)\Iminent\Iminent.exe   =>Adware.IMBooster^
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe   =>Adware.IMBooster^
C:\Users\jean-pierre balire\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe   =>Toolbar.BubbleDock^
C:\Program Files (x86)\BasicServe\basicserve.exe   =>Adware.BasicScan^
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe   =>Adware.IMBooster^
C:\Program Files (x86)\Movdap\WBDesktop.Updater.1.0.0.16.exe   =>Adware.WebCake^
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl   =>Adware.IMBooster^
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp   =>Toolbar.BubbleDock^
C:\Users\jean-pierre balire\AppData\Local\Google\Chrome\User Data\Default\Extensions\okkbcpjgdooahcefofhjdpacngfecaaa   =>Adware.AddLyrics^
C:\Users\jean-pierre balire\AppData\Roaming\Mozilla\Firefox\Profiles\z26etssb.default\searchplugins\babylon.xml   =>Toolbar.Babylon^
C:\Program Files (x86)\Pricora\Pricora-bho.dll   =>Adware.Pricora^
C:\Program Files (x86)\Movdap\WebCakeIEClient.dll   =>Adware.WebCake^
C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll   =>Adware.IMBooster^
C:\Program Files (x86)\Lyrics_Fan\128.dll   =>Adware.AddLyrics^
C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll   =>Toolbar.DeltaSearch^
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe   =>PUP.MyPCBackup^
C:\Users\jean-pierre balire\AppData\Roaming\BabSolution\Shared\enhancedNT.dll   =>Hijacker.BabSolution^
C:\Program Files (x86)\MyPC Backup\BackupStack.exe   =>PUP.MyPCBackup^
C:\Program Files (x86)\Desk 365\deskSvc.exe   =>Hijacker.22Find^
C:\Windows\Tasks\Lyrics-Fan Update.job   =>Adware.AddLyrics^
C:\Windows\Tasks\Pricora-chromeinstaller.job   =>Adware.Pricora^
C:\Windows\Tasks\Pricora-codedownloader.job   =>Adware.Pricora^
C:\Windows\Tasks\Pricora-enabler.job   =>Adware.Pricora^
C:\Windows\Tasks\Pricora-firefoxinstaller.job   =>Adware.Pricora^
C:\Windows\Tasks\Pricora-updater.job   =>Adware.Pricora^
C:\Windows\Tasks\RegClean Pro_DEFAULT.job   =>Rogue.RegistryPowerCleaner^
C:\Windows\Tasks\RegClean Pro_UPDATES.job   =>Rogue.RegistryPowerCleaner^
C:\Users\jean-pierre balire\AppData\Roaming\BabSolution\Shared\BabMaint.exe   =>Hijacker.BabSolution^
C:\Program Files (x86)\Pricora\Pricora-chromeinstaller.exe   =>Adware.Pricora^
C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe   =>Adware.Pricora^
C:\Program Files (x86)\Pricora\Pricora-enabler.exe   =>Adware.Pricora^
C:\Program Files (x86)\Pricora\Pricora-firefoxinstaller.exe   =>Adware.Pricora^
C:\Program Files (x86)\Pricora\Pricora-updater.exe   =>Adware.Pricora^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
C:\Users\jean-pierre balire\AppData\Local\Temp\RegClean4.exe   =>Rogue.RegistryPowerCleaner^
C:\Windows\Installer\{E931F892-098A-4C81-8DED-4013DB9E3B69}\imbooster.ico   =>Adware.IMBooster^
C:\Windows\Installer\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}\icon_installer_ico   =>Toolbar.Bing^
C:\Windows\Installer\20247ba.msi   =>Adware.IMBooster^
~ Additionnel Scan: 206837 Items scanned in 00mn 30s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector   =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake   =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock   =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find   =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26712089-adware-basicscan  =>Adware.BasicScan
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora   =>Adware.Pricora
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics  =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6   =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner   =>Rogue.RegistryPowerCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup   =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz   =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore   =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver   =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity   =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/29710349-adware-trymedia   =>Adware.Trymedia
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider   =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing    =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade    =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer   =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software   =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods   =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ MSI: 27 link(s) detected in 00mn 30s



~ 1179 Legitimates filtered by white list
End of the scan (1020 lines in 01mn 09s)(0)