~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014) ~ Lancé par RAMON (04/02/2014 11:16:21) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16476 MFIE: Mozilla Firefox 12.0 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Internet Security v6.0.1367.0 Norton Internet Security v16.8.3.6 McAfee Security Scan Plus v3.8.130.10 Spybot - Search & Destroy v1.6.2 Windows Defender W7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin 64-bit Adobe Flash Player 10 ActiveX Adobe Reader 9.1 MUI ---\\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2812 MB (55% free) System Restore: Activé (Enable) System drive C: has 209 GB (73%) free of 286 GB ---\\ Mode de connexion au système ~ Computer Name: RAMON-PC ~ User Name: RAMON ~ All Users Names: RAMON, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\RAMON\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\RAMON\AppData\Roaming\ ~ %Desktop% : C:\Users\RAMON\Desktop\ ~ %Favorites% : C:\Users\RAMON\Favorites\ ~ %LocalAppData% : C:\Users\RAMON\AppData\Local\ ~ %StartMenu% : C:\Users\RAMON\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 209 Go of 286 Go) D: CD-ROM drive (Not Inserted) E: Floppy drive, Flash card reader, USB Key (Free 30 Go of 30 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/418 ~ Mes musiques (My Musics) : 1/24 ~ Mes Favoris (My Favorites) : 1/38 ~ Mes Documents (My Documents) : 1/84 ~ Mon Bureau (My Desktop) : 30/3806 ~ Menu demarrer (Programs) : 1/31 ~ Hidden Files: Scanned in 00mn 06s ---\\ Processus lancés [MD5.0D3DFFA8BA3E63592FC2C652CF3B0E9C] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [200704] [PID.1828] [MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088] [PID.1804] [MD5.71BAC1B936707A4380F00F2565531A6C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [17424048] [PID.1408] [MD5.D8D54C3F682274021C0F36BB31F747E6] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6598000] [PID.3064] =>PUP.AdvancedSystemProtector [MD5.9FF6078C0DEA0672EAD358A1EC359F70] - (.Electronic Arts, Inc. - Origin.) -- C:\Users\RAMON\AppData\Local\Temp\EADB115.exe [47796216] [PID.2128] [MD5.64C89DB40949FD0E7C8FF303676A91F1] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648] [PID.1820] [MD5.5D70631ED11867458E3D69A24C22DC64] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1157128] [PID.3920] [MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3744552] [PID.4532] [MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Users\RAMON\AppData\Local\Google\Chrome\Application\chrome.exe [866632] [PID.4576] [MD5.34086F1DBB4065047EA3671CB70505CC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776] [PID.4956] [MD5.84A878D2D4A84CC73D53733F80FB57CE] - (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768] [PID.5032] =>PUP.SweetIM [MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3800] [MD5.63D43BA2EA495A9F1C1740A513C7E00B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [127192] [PID.1500] [MD5.F401929EE0CC92BFE7F15161CA535383] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2812] [MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496] [PID.2568] [MD5.3F6268A2EC33CD38CF75C880AF8DED42] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 SchedulerSvc NT Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.1212] [MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160] [PID.1632] [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.3272] ~ Processes Running: Scanned in 00mn 08s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [dhdepfaagokllfmhfbcfmocaeigmoebo] Savings Sidekick v.1.23.81 (Désactivé) =>Adware.GamePlayLabs G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.11 (Désactivé) =>PUP.Babylon G2 - GCE: Preference [User Data\Default] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.2.0.0 (Désactivé) =>PUP.SweetIM G2 - GCE: Preference [User Data\Default] [mpmfjcpampmdgkjfjbjfloolnfojlogf] DealScout v.1.0.31.0 (Désactivé) =>Adware.DealScout G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ~ Google Browser: 16 Legitimates Filtered in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\prefs.js C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\user.js M3 - MFPP: Plugins - [RAMON] -- C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\searchplugins\BabylonMngr.xml =>PUP.Babylon M3 - MFPP: Plugins - [RAMON] -- C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\searchplugins\bProtect.xml M3 - MFPP: Plugins - [RAMON] -- C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\searchplugins\conduit.xml M3 - MFPP: Plugins - [RAMON] -- C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\searchplugins\dvdvideosofttb-customized-web-search.xml =>Toolbar.Conduit M3 - MFPP: Plugins - [RAMON] -- C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\searchplugins\sweetim.xml =>PUP.SweetIM M3 - MFPP: Plugins - [RAMON] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon M2 - MFEP: prefs.js [RAMON - gny5fcid.default\crossriderapp5060@crossrider.com] [] Savings Sidekick v (..) =>PUP.CrossRider M2 - MFEP: prefs.js [RAMON - gny5fcid.default\ffxtlbr@babylon.com] [] Babylon v1.5.0 (..) =>PUP.Babylon M2 - MFEP: prefs.js [RAMON - gny5fcid.default\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [] DVDVideoSoftTB v10.20.1.508 (..) M2 - MFEP: prefs.js [RAMON - gny5fcid.default\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v10.20.1.508 (..) ~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com =>PUP.SweetIM R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com =>PUP.Babylon R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = http://seeearch.com =>PUP.StartSearch R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://seeearch.com =>PUP.StartSearch R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>PUP.Babylon R3 - URLSearchHook: ToolbarURLSearchHook Class [64Bits] - {CA3EB689-8F09-4026-AA10-B9534C691CE0} . (.Pas de propriétaire - IE Toolbar Helper Module.) (4.2.0.87) -- C:\Program Files (x86)\Seeearch\tbunsw5A96.tmp\tbhelper.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar [64Bits] - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll =>Toolbar.Conduit ~ IE Browser: 24 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0005060 [64Bits] - {11111111-1111-1111-1111-110011501160} . (.215 Apps - Savings Sidekick BHO.) -- C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll =>PUP.SpecialSavings O2 - BHO: TBSB06155 [64Bits] - {2DA14D1D-AE74-4A74-A0FE-C79504755DB8} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files (x86)\Seeearch\tbunsw5A96.tmp\tbcore3.dll O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (.not file.) =>PUP.Babylon O2 - BHO: DVDVideoSoftTB [64Bits] - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll =>Toolbar.Conduit O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ BHO: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Advanced System Protector.lnk . (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector O4 - GS\Desktop [Public]: eMachines Boutique Accessoire.lnk . (...) -- C:\Program Files (x86)\eMachines Accessory Store\StartUrl.exe (.not file.) O4 - GS\Desktop [Public]: eMachines GameZone Console.lnk . (.Oberon Media - eMachines GameZone Console.) -- C:\Program Files (x86)\eMachines GameZone\GameConsole\eMachines Game Console.exe O4 - GS\Desktop [Public]: eMachines Registration.lnk . (.Acer Incorporated - Global Registration.) -- C:\Program Files (x86)\eMachines\Registration\GREG.exe O4 - GS\Desktop [Public]: Fort Boyard - le Jeu.lnk . (...) -- C:\Program Files (x86)\Mindscape\Fort Boyard - le Jeu\GSPlayer\update.exe O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Obtenir une assistance logicielle complète de Lexmark.LNK - Clé orpheline O4 - GS\Program [Public]: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [RAMON]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [RAMON]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe O4 - GS\TaskBar [RAMON]: GOOGLE.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\RAMON\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\Program [RAMON]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [RAMON]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [RAMON]: AVS Document Converter.lnk . (.Online Media Technologies Ltd. - AVS Document Converter.) -- C:\Program Files (x86)\AVS4YOU\AVSDocumentConverter\AVSDocumentConverter.exe O4 - GS\Desktop [RAMON]: AVS4YOU Software Navigator.lnk . (.Online Media Technologies Ltd. - Pas de description.) -- C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe O4 - GS\Desktop [RAMON]: Check for Updates.lnk . (.Somoto - FilesFrog.com Update Checker.) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe =>Adware.MegaSearch O4 - GS\Desktop [RAMON]: Continue Video Converter Installation.lnk . (...) -- C:\Users\RAMON\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe (.not file.) O4 - GS\Desktop [RAMON]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe O4 - GS\Desktop [RAMON]: GOOGLE.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\RAMON\AppData\Local\Google\Chrome\Application\chrome.exe http://www.google.fr =>Hijacker.Browsers O4 - GS\Desktop [RAMON]: Sync Folder.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup O4 - GS\Desktop [RAMON]: Video Performer.lnk . (.PerformerSoft LLC - Video Performer.) -- C:\Program Files (x86)\VideoPerformer\VideoPerformer.exe =>PUP.VideoPerformer ~ Global Startup: 83 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe O4 - GS\Startup [RAMON]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\RAMON\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [EA Core] . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKCU\..\Run: [SDP] . (.Somoto - FilesFrog.com Update Checker.) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe =>Adware.MegaSearch O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe =>.Symantec Corporation O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM O4 - HKLM\..\Wow6432Node\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM O4 - HKLM\..\Wow6432Node\Run: [WirelessUSBManager] . (.Wisair Ltd. - WirelessUSBManager.) -- C:\Program Files (x86)\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\RAMON\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [EA Core] . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKUS\S-1-5-21-4063711215-1865325422-3815714997-1001\..\Run: [SDP] . (.Somoto - FilesFrog.com Update Checker.) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe =>Adware.MegaSearch ~ Application: Scanned in 00mn 00s ---\\ Restriction de l'accès aux options IE par l'Administrateur (O6) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel présent ~ IE Restrictions: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA27E76-DF16-42C9-AAA9-993E89579211}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA27E76-DF16-42C9-AAA9-993E89579211}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA27E76-DF16-42C9-AAA9-993E89579211}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup O23 - Service: CableAssociation (CableAssociation) . (.Wisair Ltd. - CableAssociation.) - C:\Program Files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe O23 - Service: Video Performer Manager (Video Performer Manager) . (...) - C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe =>PUP.VideoPerformer ~ Services: 17 Legitimates Filtered in 00mn 43s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [276] =>Rogue.RegistryPowerCleaner O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [284] =>Rogue.RegistryPowerCleaner [MD5.D8D54C3F682274021C0F36BB31F747E6] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6598000] =>PUP.AdvancedSystemProtector [MD5.528E25C624CB486A4089702A19BCBAFA] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911256] =>Rogue.RegistryPowerCleaner [MD5.528E25C624CB486A4089702A19BCBAFA] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911256] =>Rogue.RegistryPowerCleaner [MD5.528E25C624CB486A4089702A19BCBAFA] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911256] =>Rogue.RegistryPowerCleaner ~ Scheduled Task: 17 Legitimates Filtered in 00mn 07s ---\\ Logiciels installés (O42) O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector O42 - Logiciel: Babylon toolbar on IE - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>PUP.Babylon O42 - Logiciel: BabylonObjectInstaller - (.Babylon Ltd.) [HKLM][64Bits] -- {E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1} =>PUP.Babylon O42 - Logiciel: Browser Manager - (...) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} O42 - Logiciel: MyPC Backup - (.JDi Backup Ltd.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner O42 - Logiciel: Savings Sidekick - (.215 Apps.) [HKLM][64Bits] -- Savings Sidekick =>PUP.SpecialSavings O42 - Logiciel: Seeearch - (.Seeearch.) [HKLM][64Bits] -- Seeearch O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM ~ Logic: 34 Legitimates Filtered in 00mn 03s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5d2dadae76deb44] =>PUP.Babylon [HKCU\Software\BabylonToolbar] =>PUP.Babylon [HKCU\Software\BrowserMngr] =>PUP.Babylon [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Cr_Installer] =>PUP.CrossRider [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\Somoto] =>Adware.MegaSearch [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\bProtector] =>PUP.BProtector [HKLM\Software\Wow6432Node\5d2dadae76deb44] =>PUP.Babylon [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\BrightBreeze] =>Adware.SPointer [HKLM\Software\Wow6432Node\BrowserMngr] =>PUP.Babylon [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM ~ Key Software: 303 Legitimates Filtered in 00mn 03s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/02/2014 - 15:25:01 - [19,565] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector O43 - CFD: 03/10/2011 - 20:05:28 - [0,005] ----D C:\Program Files (x86)\BrightBreeze =>Adware.SPointer O43 - CFD: 30/09/2012 - 13:46:26 - [0,609] ----D C:\Program Files (x86)\Conduit O43 - CFD: 03/02/2014 - 15:25:01 - [27,373] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 03/02/2014 - 15:25:00 - [14,369] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner O43 - CFD: 30/09/2012 - 12:45:31 - [3,166] ----D C:\Program Files (x86)\Savings Sidekick =>Adware.GamePlayLabs O43 - CFD: 04/10/2011 - 20:43:28 - [9,818] ----D C:\Program Files (x86)\Seeearch O43 - CFD: 30/09/2012 - 13:01:34 - [11,448] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM O43 - CFD: 08/11/2012 - 13:20:47 - [5,493] ----D C:\Program Files (x86)\~BabylonToolbar =>PUP.Babylon O43 - CFD: 03/10/2011 - 20:05:38 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 03/10/2011 - 20:52:44 - [0] ----D C:\ProgramData\BabylonUpdater =>PUP.Babylon O43 - CFD: 14/10/2011 - 05:30:11 - [1,110] ----D C:\ProgramData\BrightBreezeSA =>Adware.SPointer O43 - CFD: 30/09/2012 - 12:44:50 - [0,597] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 20/09/2011 - 18:21:17 - [0,001] ----D C:\ProgramData\Partner O43 - CFD: 30/09/2012 - 13:01:34 - [1,114] ----D C:\ProgramData\SweetIM =>PUP.SweetIM O43 - CFD: 30/09/2012 - 12:44:38 - [39,182] ----D C:\ProgramData\Video Performer Manager =>PUP.VideoPerformer O43 - CFD: 08/11/2012 - 14:52:35 - [10,552] ----D C:\ProgramData\~Browser Manager O43 - CFD: 03/10/2011 - 20:05:38 - [0,016] ----D C:\Users\RAMON\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 30/09/2012 - 12:46:10 - [2,113] ----D C:\Users\RAMON\AppData\Roaming\BabylonToolbar =>PUP.Babylon O43 - CFD: 30/09/2012 - 13:46:23 - [2,086] ----D C:\Users\RAMON\AppData\Local\Conduit O43 - CFD: 30/09/2012 - 12:45:01 - [0,042] ----D C:\Users\RAMON\AppData\Local\Savings Sidekick =>Adware.GamePlayLabs O43 - CFD: 10/12/2012 - 09:16:19 - [14,543] ----D C:\Users\RAMON\AppData\Local\{FEB3A1E5-5C56-461A-A854-888B6545CC0E} O43 - CFD: 03/02/2014 - 15:24:56 - [0,002] ----D C:\Users\RAMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup ~ Program Folder: 176 Legitimates Filtered in 00mn 28s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.BA2902AD81A2A4BF6875E1EA55586DD0] - 03/02/2014 - 13:16:47 ---A- . (.Systweak Inc., (www.systweak.com) - Regclean Pro.) -- C:\Windows\System32\roboot64.exe [20312] =>Rogue.RegistryPowerCleaner O44 - LFC:[MD5.CB8572E790FCE09714143741C20E9934] - 03/02/2014 - 13:17:38 ---A- . (...) -- C:\Windows\System32\sasnative64.exe [16896] O44 - LFC:[MD5.65AEE94DCCA439439FABE455B8B69088] - 04/02/2014 - 10:43:32 ---A- . (...) -- C:\Windows\wininit.ini [2769] O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 21/01/2014 - 07:57:46 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284] O44 - LFC:[MD5.84A1083A0158AF4D8AFC343E8705A59E] - 21/01/2014 - 08:07:02 ---A- . (...) -- C:\Windows\IE11_main.log [116517] ~ Files: 72 Legitimates Filtered in 00mn 08s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.B25F7D85DEEEF36F833BBE4BBEB24ADD] - 02/02/2014 - 19:04:30 ---A- - C:\Windows\Prefetch\AVAST.EXE-E4C20A4D.pf O45 - LFCP:[MD5.E90C8F87C34A3A4DEE761DEAF9260597] - 02/02/2014 - 20:52:12 ---A- - C:\Windows\Prefetch\LXEDJSWX.EXE-8E9D611F.pf O45 - LFCP:[MD5.B219C6DCEB821B67D2DB4947D74E2340] - 02/02/2014 - 20:52:12 ---A- - C:\Windows\Prefetch\LXEDPSWX.EXE-967A4FAD.pf O45 - LFCP:[MD5.7DAE07EBF286B1F282DA358EF9F4808D] - 02/02/2014 - 20:52:52 ---A- - C:\Windows\Prefetch\LXEDTIME.EXE-813CBD0E.pf O45 - LFCP:[MD5.FD3AE9FE54CDA6CBA15585AB1F9EE055] - 03/02/2014 - 13:15:18 ---A- - C:\Windows\Prefetch\REGCLEAN_MY30679.TMP-3FCF0EB3.pf O45 - LFCP:[MD5.11E2D136C6F2E6142EF96989C6430AEC] - 03/02/2014 - 13:15:28 ---A- - C:\Windows\Prefetch\REGCLEAN_MY30679.EXE-5FF19D9D.pf O45 - LFCP:[MD5.393A904CF5340EE4C441DE6115CB55A3] - 03/02/2014 - 13:15:29 ---A- - C:\Windows\Prefetch\REGCLEAN_MY30679.TMP-CEBE4C46.pf O45 - LFCP:[MD5.C262FC27E29B981AC4439436BD39768A] - 03/02/2014 - 13:16:06 ---A- - C:\Windows\Prefetch\REGCLEAN_MY30679 (1).TMP-CBD9C356.pf O45 - LFCP:[MD5.DBD9AB7A1AE6A91EA6B02FA4107B1CFF] - 03/02/2014 - 13:16:11 ---A- - C:\Windows\Prefetch\REGCLEAN_MY30679 (1).EXE-F8BEF0DF.pf O45 - LFCP:[MD5.F2A8C2357D489A620707ADD02BDF3E35] - 03/02/2014 - 13:16:12 ---A- - C:\Windows\Prefetch\REGCLEAN_MY30679 (1).TMP-E243F6E6.pf O45 - LFCP:[MD5.36FB8DE3BECBAC751EDC5A5150F97099] - 03/02/2014 - 13:16:59 ---A- - C:\Windows\Prefetch\CLOUD_BACKUP_SETUP_INTL.EXE-46E095F2.pf O45 - LFCP:[MD5.0EB7CF077F375DE54801F780BBC482A2] - 03/02/2014 - 14:38:41 ---A- - C:\Windows\Prefetch\AVAST (1).EXE-1F62D78F.pf O45 - LFCP:[MD5.55A62011AB91A98948EC7FEC0AD74B0B] - 03/02/2014 - 14:39:46 ---A- - C:\Windows\Prefetch\AVAST (2).EXE-84D548CC.pf O45 - LFCP:[MD5.9B74D1982B243252418124B79E0E08CD] - 03/02/2014 - 14:57:45 ---A- - C:\Windows\Prefetch\_SETUP64.TMP-1ACB9105.pf O45 - LFCP:[MD5.9F533E9F4534D50528174CEB2578EF86] - 03/02/2014 - 15:29:06 ---A- - C:\Windows\Prefetch\DISPLAYLINKMANAGER.EXE-82C3643E.pf O45 - LFCP:[MD5.12506884DF68B1FA588E56F1EDE11131] - 03/02/2014 - 15:39:45 ---A- - C:\Windows\Prefetch\ADVANCEDSYSTEMPROTECTOR.EXE-E642B018.pf =>PUP.AdvancedSystemProtector O45 - LFCP:[MD5.E6FB21E2089C318BA4035FDD5262773F] - 03/02/2014 - 15:55:10 ---A- - C:\Windows\Prefetch\LXEDCOMS.EXE-8410BBA0.pf O45 - LFCP:[MD5.5A7B88111E63286F93ACE4F5AF1D2820] - 03/02/2014 - 16:39:00 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-B5EA9514.pf =>PUP.MyPCBackup O45 - LFCP:[MD5.F3AD19FFE4DBC335EF906EEEE25C50E6] - 04/02/2014 - 10:41:55 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-DF69EE50.pf O45 - LFCP:[MD5.A89D48D683ED2F6D6FAC0E8D55CF257D] - 04/02/2014 - 10:43:51 ---A- - C:\Windows\Prefetch\DISPLAYLINKUI.EXE-EE396305.pf O45 - LFCP:[MD5.AB28316F89AE3FC5A308584072C2272F] - 04/02/2014 - 11:04:48 ---A- - C:\Windows\Prefetch\EMACHINES.SCR-7CF5D9CC.pf O45 - LFCP:[MD5.CBEE08F7ADF0ECA213572B31634585AA] - 29/01/2014 - 14:25:29 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-AB5B22A4.pf ~ Prefetcher: 142 Legitimates Filtered in 00mn 01s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{f614bac7-b74e-11e0-922b-705ab606dbe9}\AutoRun\command. (...) -- F:\Startme.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.518B8D447A1975AB46DA093A2E743256] - 06/09/2011 - 22:10:01 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12368] O58 - SDL:[MD5.70B5A79B5FB307DD06EC338999EB466B] - 10/12/2012 - 09:22:51 ---A- . (.http://libusb-win32.sourceforge.net - DisplayLinkUsb - Kernel Driver.) -- C:\Windows\System32\Drivers\DisplayLinkUsbPort_5.3.24903.0.sys [17408] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.C2FB12B47BDE6D2F4B0368E446593E36] - 10/05/2010 - 12:39:10 ---A- . (.Pas de propriétaire - Wisair WSR Device Wire Adapter.) -- C:\Windows\System32\Drivers\WSR_DWA.SYS [543232] O58 - SDL:[MD5.694D891E248182DFA80F610E690ACF50] - 10/05/2010 - 12:38:40 ---A- . (.Pas de propriétaire - Wisair WSR Host Wire Adapter Driver.) -- C:\Windows\System32\Drivers\WSR_HWA.SYS [916480] O58 - SDL:[MD5.16F164F1E11370CBF854A8D2576925B5] - 10/05/2010 - 12:39:26 ---A- . (.Pas de propriétaire - Wisair WSR Host UWB Radio.) -- C:\Windows\System32\Drivers\WSR_RCI.SYS [162304] O58 - SDL:[MD5.B32C082B4BD254BFA2441F357636BC3A] - 21/02/2010 - 18:51:36 ---A- . (.Pas de propriétaire - DisplayLink TB Filter.) -- C:\Windows\System32\Drivers\WSR_TBF.sys [51712] O58 - SDL:[MD5.89761942491B266657F9E50BB7840256] - 10/05/2010 - 12:03:46 ---A- . (.Pas de propriétaire - WSR_USF.) -- C:\Windows\System32\Drivers\WSR_USF.sys [48640] ~ Drivers: 16 Legitimates Filtered in 00mn 18s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 02/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast.exe [88128] O61 - LFC: 02/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\Fiches MC 14 (1).rtf [152779] O61 - LFC: 02/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\Fiches MC 14 (2).rtf [158444] O61 - LFC: 02/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\Fiches MC 14 (3).rtf [158444] O61 - LFC: 02/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\Fiches MC 14.rtf [152779] O61 - LFC: 02/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\LISTES MC ET PU (1).odt [16423] O61 - LFC: 02/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\LISTES MC ET PU.odt [16423] O61 - LFC: 03/02/2014 - 11:20:53 ---A- . (...) -- C:\Users\RAMON\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe [732888] O61 - LFC: 03/02/2014 - 11:20:53 ---A- . (...) -- C:\Users\RAMON\AppData\Local\Google\Update\Install\{C88F7BD4-A9DE-4DDA-B451-1568CA1708FB}\32.0.1700.107_32.0.1700.102_chrome_updater.exe [732888] O61 - LFC: 03/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\Advanced System Protector\Logs\SMLog.xml [9672] =>PUP.AdvancedSystemProtector O61 - LFC: 03/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\Advanced System Protector\Logs\log_03-02-14_01-36-41.xml [155109] =>PUP.AdvancedSystemProtector O61 - LFC: 03/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\Advanced System Protector\QDetail.db [4096] =>PUP.AdvancedSystemProtector O61 - LFC: 03/02/2014 - 11:21:02 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\fr\voice.wav [1197100] =>Rogue.RegistryPowerCleaner O61 - LFC: 03/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast (1).exe [88128] O61 - LFC: 03/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast (2).exe [88128] O61 - LFC: 03/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast (3).exe [88128] O61 - LFC: 03/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast (4).exe [88128] O61 - LFC: 03/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast (5).exe [88128] O61 - LFC: 03/02/2014 - 11:21:03 ---A- . (...) -- C:\Users\RAMON\Downloads\Avast (6).exe [88128] O61 - LFC: 03/02/2014 - 11:21:04 ---A- . (...) -- C:\Users\RAMON\Downloads\PandaCloudAntivirus.exe [845944] O61 - LFC: 03/02/2014 - 11:21:04 ---A- . (.Systweak Inc.) -- C:\Users\RAMON\Downloads\regclean_my30679 (1).exe [4960768] O61 - LFC: 03/02/2014 - 11:21:04 ---A- . (.Systweak Inc.) -- C:\Users\RAMON\Downloads\regclean_my30679.exe [4960768] O61 - LFC: 04/02/2014 - 11:20:52 ---A- . (...) -- C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Local State [68644] O61 - LFC: 04/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580\ASPLog.txt [76406] =>PUP.AdvancedSystemProtector O61 - LFC: 04/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\Advanced System Protector\Settings.db [12288] =>PUP.AdvancedSystemProtector O61 - LFC: 04/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\RegClean Pro\Version 6.1\ExcludeList.rcp [6] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\RegClean Pro\Version 6.1\French_rcp.dat [55204] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/02/2014 - 11:21:01 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\RegClean Pro\Version 6.1\results.rcp [1240] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/02/2014 - 11:21:02 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\ZHP\Log.txt [21049] =>.Nicolas Coolman O61 - LFC: 04/02/2014 - 11:21:02 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\ZHP\TestsZHPDiag.txt [2852] =>.Nicolas Coolman O61 - LFC: 04/02/2014 - 11:21:02 ---A- . (...) -- C:\Users\RAMON\AppData\Roaming\systweak\RegClean Pro\Version 6.1\TempHLList.rcp [6] =>Rogue.RegistryPowerCleaner ~ 14 Fichiers temporaires (Temporary files) ~ Files: 321 Legitimates Filtered in 00mn 20s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 20/07/2011 - C:\Windows\system32\Drivers\SYMEVENT64x86.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT O64 - Services: CurCS - 13/11/2009 - C:\Windows\System32\DRIVERS\SymIMv.sys (SymIM) .(.Symantec Corporation - NDIS 6.0 Filter Driver for Windows Vista.) - LEGACY_SYMIM ~ Legacy: 92 Legitimates Filtered in 00mn 01s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\RAMON\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\searchplugins\conduit.xml O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000082.isDisplayHidden", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000082.isPlayDisplay", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"http[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_TMP_city", ""); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_TMP_country", "FR"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_locId", "USNY0996"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_location", "New York, NY"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_region", "FR"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_temp_dis", "c"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.TWC_wind_dis", "kmh"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"19°C\",\"temperatureClear\":\"19°C\",\"highTe[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.CBOpenMAMSettings.enc", "MA=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.FirstTime", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.FirstTimeFF3", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.LoginRevertSettingsEnabled", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.PG_ENABLE", "dHJ1ZQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.RevertSettingsEnabled", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.SearchAppState.enc", "Mw=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.SearchAppTracking.enc", "c2VudA=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.UserID", "UN88786851454885332"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.autoDisableScopes", 0); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.browser.search.defaultthis.engineName", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.cbcountry_001.enc", "RlI="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.cbfirsttime.enc", "TW9uIERlYyAxMCAyMDEyIDE1OjAyOjMwIEdNVCswMTAw"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.countryCode", "FR"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.enableAlerts", "always"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.enableFix404ByUser", "TRUE"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.firstTimeDialogOpened", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.fixUrls", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.fullUserID", "UN88786851454885332.UP.20130907150647"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.homepageuserchanged", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.http___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "Ym[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.isCheckedStartAsHidden", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.isFirstTimeToolbarLoading", "false"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.isNewTabEnabled", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.keyword", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2269050&octid=CT2[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.lastVersion", "10.19.2.505"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appStateReportTime.enc", "MTM4MTQ3NDQ5MDQyOA=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appState_CouponBuddy.enc", "b2Zm"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appState_Easytobook.enc", "b2Zm"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appState_Easytobook_targeted.enc", "b2Zm"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appState_PriceGong.enc", "b2Zm"); =>Adware.PriceGong O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appState_WindowShopper.enc", "b2Zm"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appState_eToro.enc", "b2Zm"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_appsData.enc", O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_calledSetupService.enc", "MQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_configuration.enc", O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_currentVersion.enc", "MS4xMC40LjA="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_eventsCache.enc", "eyJiYTQ2MWQ2NC0zMzc4LTQwODQtOTU2Yi1jOTJlY2EzYWNhYWUiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJ[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_existingUsersRecoveryDone.enc", "MQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_first_time.enc", "MQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_gadgetOpen.enc", "d2VsY29tZQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_lastLoginTime.enc", "MTM4MTQ3NDQ4ODA2MQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_localization.enc", "eyJkbWJveDEiOnsiVGV4dCI6IlByb21vXG5kdSBqb3VyIn0sImRtYm94MiI6eyJUZXh0IjoiTGl2cmFpc2[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_mamEnabled.enc", "ZmFsc2U="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_newApps.enc", "W3siaWQiOiJFYXN5dG9ib29rY2FycyIsIm5hbWUiOiJlYXN5dG9ib29rIENhcnMiLCJkZXNjcmlwdGlvbiI6IlN[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_new_welcome_experience.enc", "MQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMC[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_showWelcomeGadget.enc", "ZmFsc2U="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_userId.enc", "MTIwNjUzMjYtNWM1Ny00YjBlLTk5ZmItYzBjYjEyZDA1OTkz"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_user_approval_interacted.enc", "MA=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.mam_gk_welcomeDialogMode.enc", "MA=="); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.migrateAppsAndComponents", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"E[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.openThankYouPage", "FALSE"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.openUninstallPage", "FALSE"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.originalHomepage", "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.originalSearchAddressUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN887[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/10\\\\/2012 17\\\"}\"[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.search.searchAppId", "128834881989343895"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.search.searchCount", "0"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.searchInNewTabEnabledByUser", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.searchInNewTabEnabledInHidden", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.searchSuggestEnabledByUser", "true"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://DVDVideo[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB [...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1381474592632"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1381474593912"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1381474593310"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_clientErrorLog_lastUpdate", "1350118612312"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1381474594520"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_location_lastUpdate", "1378544110270"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1366983829608"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate", "1378559043677"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_login_10.19.2.505_lastUpdate", "1381474593416"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1352227694115"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1381474594480"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1381474592948"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1381474591814"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1381474594397"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1381474593846"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1381474593369"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.serviceLayer_services_userApps_lastUpdate", "1366983829799"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.settingsINI", true); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.shouldFirstTimeDialog", "FALSE"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.showToolbarPermission", "false"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.smartbar.CTID", "CT2269050"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.smartbar.Uninstall", "0"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.smartbar.homepage", true); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB "); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.toolbarBornServerTime", "10-10-2012"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.toolbarCurrentServerTime", "11-10-2013"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.toolbarLoginClientTime", "Thu Sep 05 2013 15:34:34 GMT+0200"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050.url_history0001.enc", "aHR0cDovL3d3dy5zbmVzLmVkdS9JTUcvcGRmL1Byb2pldF9kZV9sb2lfLV9QcmVyb3NlLnBkZjo6OmNsaWNraG[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381474466775,\"isWithState\"[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?CUI=UN88786851454885332&ctid=CT2269050&SearchSource=13"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10013&q="); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("browser.newtab.url", "http://search.babylon.com/?affID=114211&tt=270912_7a_3912_5&babsrc=NT_ss&mntrId=6443ca75000000000[...] =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("browser.search.defaultenginename", "DVDVideoSoftTB Customized Web Search"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("browser.search.selectedEngine", "DVDVideoSoftTB Customized Web Search"); O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.admin", false); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.babExt", ""); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.babTrack", "affID=114211&tt=270912_7a_3912_5"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.bbDpng", 6); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.cntry", "FR"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.dfltSrch", true); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.envrmnt", "production"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.firstRun", false); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.hdrMd5", "EE40E6425B22A19C4190745E19A5E4BA"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.hmpg", true); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.id", "6443ca75000000000000705ab606dbe9"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.instlDay", "15613"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?affID=111020&babsrc=KW_ss&mntrId=6443ca7500000000000[...] =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.lastActv", "4"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.lastDP", 6); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1213:46:08"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.newTab", false); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.noFFXTlbr", false); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"74\",\"lastVrsn\":\"74\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\[...] =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.propectorlck", 80140403); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.prtkDS", 1); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 1); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.sg", "czb"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.smplGrp", "czb"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.srcExt", "ss"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=6443ca75000000000000705ab606db[...] =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1213:46:08"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114211&tt=270912_7a_3912_5"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.hardId", "6443ca75000000000000705ab606dbe9"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.id", "6443ca75000000000000705ab606dbe9"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15470"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.newTab", false); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1213:46:08"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossrider.bic", "13a5956823f42923aad59294e04c2df8"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1349005486); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.active", true); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.addressbar", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.changeprevious", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1349005486"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.domain", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.enablesearch", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.fbremoteurl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.group", 0); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.homepage", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.iframe", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%225EB4FF8DCC8E438D[...] =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3[...] =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.manifesturl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.newtab", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.opensearch", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.pluginsurl", "http://app-static.crossrider.com/plugin/apps/5060/plugins/085/ff/plugin[...] =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps"); =>PUP.SpecialSavings O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.searchstatus", 0); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.setnewtab", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.settingsurl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.thankyou", ""); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.updateinterval", 360); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.5060.ver", 0); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.adsOldValue", -1); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.bic", "13a5956823f42923aad59294e04c2df8"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.firstrun", false); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.installationdate", 1350118573); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.lastcheck", 22585802); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.lastcheckitem", 22585837); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.modetype", "production"); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.crossriderapp5060.reportInstall", true); =>PUP.CrossRider O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.5.0,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8,wrc@avast.com:6.0.13[...] =>PUP.Babylon O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN88786851454885332&UM=&q=")[...] O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?CUI=UN88786851454885332&ctid=CT2269050&SearchSource=13"); =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=,http[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("smartbar.originalSearchAddressUrl", "http://search.sweetim.com/search.asp?barid={863A191A-0AF6-11E2-ABB2-705AB606DBE9}&[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.Visibility.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.cargo", "3.1010000.10013"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.height", "335"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.0.width", "761"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.height", "300"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.1.width", "500"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.height", "150"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dialogs.2.width", "530"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.mode.debug", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.newtab.created", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.newtab.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.babylon.com/?affID=114211&tt=270912_7a_3912_5&babsrc[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.previous.keyword.URL", "http://search.sweetim.com/search.asp?barid={863A191A-0AF6-11E2-ABB2-705AB606DBE[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.callback", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.search.external", "PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.search.history.capacity", "10"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.simapp_id", "{863A191A-0AF6-11E2-ABB2-705AB606DBE9}"); =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000.10013&barid={863A191A-0AF6-11E2-ABB2-705AB606DB[...] =>PUP.SweetIM O69 - SBI: prefs.js [RAMON - gny5fcid.default] user_pref("sweetim.toolbar.version", "1.7.0.3"); =>PUP.SweetIM O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {835C06ED-7064-4624-9560-1794E4EB6238} [DefaultScope] - (DVDVideoSoftTB Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - http://search.sweetim.com =>PUP.SweetIM ~ Keys: Scanned in 00mn 01s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.689902C468F8645D7F13C81BD9D62B82] [SPRF][04/02/2014] (.Somoto Ltd. - Pas de description.) -- C:\Users\RAMON\AppData\Local\Temp\sdpupdater.exe [146784] =>Adware.MegaSearch [MD5.45C34326A0BAD7D5E36E53CCBA3C9255] [SPRF][03/07/2012] (...) -- C:\Users\RAMON\AppData\Roaming\wklnhst.dat [2296] ~ Files: 11 Legitimates Filtered in 00mn 27s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{B2CE44D7-12C2-4A4F-99EA-E0434CBC9B31}" | In - Private - P6 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM O87 - FAEL: "{E42AFC22-BE42-496D-A8C1-864452CF7C2B}" | In - Private - P17 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM ~ Firewall: 219 Legitimates Filtered in 00mn 04s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "9EE58E3C298524145B73CBBED3CAC4D3" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe =>PUP.SweetIM O90 - PUC: "AD80A07F51BC9054DABFD78B077FD15A" . (.devolo Vianect AIR TV.) -- C:\Windows\Installer\{F70A08DA-CB15-4509-ADFB-7DB870F71DA5}\controlPanelIcon.exe O90 - PUC: "F16454D6FF0F23E41AD66C6327F2AC21" . (.devolo Vianect AIR Manager.) -- C:\Windows\Installer\{6D45461F-F0FF-4E32-A16D-C636722FCA12}\ARPPRODUCTICON.exe ~ Update Products: 140 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\5d2dadae76deb44\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon [HKCU\Software\5d2dadae76deb44\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:version="2.2.643.41" =>PUP.Babylon [HKCU\Software\5d2dadae76deb44] =>PUP.Babylon^ [HKCU\Software\5d2dadae76deb44]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon [HKCU\Software\5d2dadae76deb44]:version="2.3.787.43" =>PUP.Babylon [HKLM\Software\Wow6432Node\5d2dadae76deb44] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\5d2dadae76deb44]:GUID="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon [HKLM\Software\Wow6432Node\5d2dadae76deb44]:version="2.3.787.43" =>PUP.Babylon ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.1352F575B7A96DDDF6E2A484A3914B97] [WIS][10/12/2012] (.{COMPANY_NAME} - {ID_STRING_EMPTY}.) -- C:\Windows\Installer\1ed89e28.msi [15136768] [MD5.1D5C71F254923235E981F24BD014ADD2] [WIS][01/07/2010] (.devolo - devolo Vianect AIR TV.) -- C:\Windows\Installer\1ed89e33.msi [3145728] [MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\33a20ce.msi [343040] =>PUP.Babylon [MD5.B144B2E367FC30C5020085DABB617B82] [WIS][30/09/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.7.) -- C:\Windows\Installer\348e12f.msi [3704832] =>PUP.SweetIM [MD5.EDD21B7C504C7E3F36DE766B31BD3178] [WIS][30/09/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\348e134.msi [3304960] =>PUP.SweetIM [MD5.3CD19859CD377AD00B30E4BEE49D374E] [WIS][30/09/2012] (.SweetIM Technologies Ltd. - Sweetpacks Communicator 1.1.) -- C:\Windows\Installer\348e139.msi [2997248] =>PUP.SweetIM [MD5.8881AF73123B4C2421BFC5B438B2CD8B] [WIS][17/08/2009] (.NewTech Infosystems - Media Maker.) -- C:\Windows\Installer\83f8c.msi [12269568] ~ WIS: 142 Legitimates Filtered in 00mn 23s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 28/11/2011 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Auto 27/01/2014 36392 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup SS - | Disabled 10/07/1658 0 | (Browser Manager) . (...) - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe =>PUP.Babylon SS - | Auto 21/07/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 21/07/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 04/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 06/09/2013 288776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe SS - | Demand 10/12/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 18/06/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SS - | Auto 30/09/2012 1698848 | (Video Performer Manager) . (...) - C:\ProgramData\Video Performer Manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe =>PUP.VideoPerformer SR - | Auto 04/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 24/05/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 28/11/2011 127192 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 05/07/2010 1454920 | (CableAssociation) . (.Wisair Ltd..) - C:\Program Files (x86)\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe SR - | Auto 12/05/2010 9321832 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe SR - | Auto 29/10/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe SR - | Demand 07/06/2012 936848 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 14/04/2010 1052328 | (lxed_device) . (...) - C:\Windows\system32\lxedcoms.exe SR - | Auto 22/09/2011 117648 | (Norton Internet Security) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe SR - | Auto 18/06/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 27s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by RAMON at 04/02/2014 11:23:04 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by RAMON at 04/02/2014 11:23:06 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13030 - (25/01/2014) Clés trouvées (Keys found) : 368 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 37 Fichiers trouvés (Files found) : 23 [HKLM\Software\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo] =>Adware.GamePlayLabs^ [HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>PUP.Babylon^ [HKLM\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn] =>PUP.SweetIM^ [HKLM\Software\Google\Chrome\Extensions\mpmfjcpampmdgkjfjbjfloolnfojlogf] =>Adware.DealScout^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>PUP.Babylon^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^ [HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^ [HKLM\SYSTEM\CurrentControlSet\Services\Video Performer Manager] =>PUP.VideoPerformer^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1] =>PUP.AdvancedSystemProtector^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>PUP.Babylon^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}] =>PUP.Babylon^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1] =>Rogue.RegistryPowerCleaner^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick] =>PUP.SpecialSavings^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}] =>PUP.SweetIM^ [HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch [HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent [HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe] =>PUP.SweetIM [HKLM\Software\Classes\b] =>PUP.Babylon [HKLM\Software\Classes\Babylon.dskBnd] =>PUP.Babylon [HKLM\Software\Classes\Babylon.dskBnd.1] =>PUP.Babylon [HKLM\Software\Classes\bbylnApp.appCore] =>PUP.Babylon [HKLM\Software\Classes\bbylnApp.appCore.1] =>PUP.Babylon [HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\escort.escrtBtn.1] =>PUP.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc] =>PUP.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc.1] =>PUP.Babylon [HKLM\Software\Classes\sim-packages] =>Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo] =>Adware.GamePlayLabs [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>PUP.Babylon [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>Hijacker.Eazel [HKCU\Software\BabylonToolbar] =>PUP.Babylon [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKCU\Software\bProtector] =>PUP.BProtector [HKCU\Software\BrowserMngr] =>PUP.Babylon [HKLM\Software\Wow6432Node\BrowserMngr] =>PUP.Babylon [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\Cr_Installer] =>PUP.CrossRider [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Somoto] =>Adware.MegaSearch [HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick] =>PUP.SpecialSavings [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}] =>PUP.SweetIM [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealScout] =>Adware.DealScout [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Classes\MediaPlayer.GraphicsUtils] =>PUP.SweetIM [HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1] =>PUP.SweetIM [HKLM\Software\Classes\MgMediaPlayer.GifAnimator] =>PUP.SweetIM [HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo] =>Toolbar.DVDVideoSoft [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.DVDVideoSoft [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.DVDVideoSoft [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.DVDVideoSoft [HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32] =>PUP.SavingsSidekick [HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS] =>PUP.SavingsSidekick [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}] =>Toolbar.DVDVideoSoft [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector [HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector [HKLM\Software\Classes\CrossriderApp0005060.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0005060.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0005060.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0005060.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM [HKLM\Software\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM [HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM [HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM [HKLM\Software\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM [HKLM\Software\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM [HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB06155.IEToolbar] =>Toolbar.Agent [HKLM\Software\Classes\TBSB06155.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB06155.TBSB06155] =>Toolbar.Agent [HKLM\Software\Classes\TBSB06155.TBSB06155.3] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB06155] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB06155.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar.CT2269050] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKCU\Software\AppDataLow\conduit_CT2269050] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\CrossriderApp0005060.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0005060.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0005060.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0005060.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escrtBtn.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB06155.IEToolbar] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB06155.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB06155.TBSB06155] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB06155.TBSB06155.3] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB06155] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB06155.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2269050] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^ [HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^ [HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^ [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{872b5b88-9db5-4310-bdd0-ac189557e5f5} =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SweetIM =>PUP.SweetIM^ [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{CA3EB689-8F09-4026-AA10-B9534C691CE0} =>Adware.SocialSkinz C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo =>Adware.GamePlayLabs^ C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb =>PUP.Babylon^ C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM^ C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmfjcpampmdgkjfjbjfloolnfojlogf =>Adware.DealScout^ C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\extensions\crossriderapp5060@crossrider.com =>PUP.CrossRider^ C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\extensions\ffxtlbr@babylon.com =>PUP.Babylon^ C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector^ C:\Program Files (x86)\BrightBreeze =>Adware.SPointer^ C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^ C:\Program Files (x86)\Savings Sidekick =>Adware.GamePlayLabs^ C:\Program Files (x86)\SweetIM =>PUP.SweetIM^ C:\Program Files (x86)\~BabylonToolbar =>PUP.Babylon^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\ProgramData\BabylonUpdater =>PUP.Babylon^ C:\ProgramData\BrightBreezeSA =>Adware.SPointer^ C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^ C:\ProgramData\SweetIM =>PUP.SweetIM^ C:\ProgramData\Video Performer Manager =>PUP.VideoPerformer^ C:\Users\RAMON\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\RAMON\AppData\Roaming\BabylonToolbar =>PUP.Babylon^ C:\Users\RAMON\AppData\Local\Savings Sidekick =>Adware.GamePlayLabs^ C:\Users\RAMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\seeearch =>Toolbar.Agent C:\Program Files (x86)\DVDVideoSoftTB =>Toolbar.DVDVideoSoft C:\Program Files (x86)\VideoPerformer =>PUP.VideoPerformer C:\ProgramData\Partner =>Spyware.Partner C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner C:\Users\RAMON\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\RAMON\AppData\LocalLow\BabylonToolbar =>PUP.Babylon C:\Users\RAMON\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\RAMON\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\RAMON\AppData\LocalLow\SweetIM =>PUP.SweetIM C:\Users\RAMON\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\RAMON\AppData\LocalLow\DVDVideoSoftTB =>Toolbar.DVDVideoSoft C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\Smartbar =>Hijacker.SmartBar C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\bprotector_extensions.sqlite =>PUP.BProtector C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\bprotector_prefs.js =>PUP.BProtector C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\SearchPlugins\conduit.xml =>Toolbar.Conduit C:\Users\RAMON\AppData\Roaming\Mozilla\Firefox\Profiles\gny5fcid.default\SearchPlugins\sweetim.xml =>PUP.SweetIM C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^ C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM^ C:\Windows\Tasks\RegClean Pro_DEFAULT.job =>Rogue.RegistryPowerCleaner^ C:\Windows\Tasks\RegClean Pro_UPDATES.job =>Rogue.RegistryPowerCleaner^ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\BrightBreeze] =>Adware.SPointer^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ C:\Users\RAMON\AppData\Local\Temp\sdpupdater.exe =>Adware.MegaSearch^ [HKCU\Software\5d2dadae76deb44\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon^ [HKCU\Software\5d2dadae76deb44] =>PUP.Babylon^^ [HKLM\Software\Wow6432Node\5d2dadae76deb44] =>PUP.Babylon^^ C:\Windows\Installer\33a20ce.msi =>PUP.Babylon^ C:\Windows\Installer\348e12f.msi =>PUP.SweetIM^ C:\Windows\Installer\348e134.msi =>PUP.SweetIM^ C:\Windows\Installer\348e139.msi =>PUP.SweetIM^ ~ Additionnel Scan: 326315 Items scanned in 02mn 40s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings =>PUP.SpecialSavings ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/29895028-pup-videoperformer =>PUP.VideoPerformer ~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer ~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly ~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner ~ MSI: 27 link(s) detected in 02mn 43s ~ 1715 Legitimates filtered by white list End of the scan (1448 lines in 09mn 32s)(0)