Rapport de ZHPDiag v2013.5.29.157 par Nicolas Coolman, Update du 29/05/2013
Run by Utilisateur at 01/06/2013 12:14:50
WebSite: http://nicolascoolman.webs.com
State : 
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.94
OPIE: Opera v12.15
OBIE: Safari v5.34.57.2

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : JQH4W
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Panda Cloud Cleaner v1.0.45
Trend Micro Titanium v5.00
Windows Defender W7

---\\ System Optimizer
CCleaner v3.08   =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 104 GB (35%) free of 290 GB

---\\ Logged in mode
~ Computer Name: PC-UTILISATEUR
~ User Name: Utilisateur
~ All Users Names: Utilisateur, UpdatusUser, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 104 Go of 290 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
~ Security Center: 26 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.2C96B3921B4CDE10DBAED5AAD760DB67] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/04/2013 - 23:02:17.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/6514
~ Mes musiques (My Musics) : 1/2455
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/62
~ Mes Documents (My Documents) : 2/590
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/51
~ Hidden Files:  Scanned in 00mn 14s



---\\ Processus lancés
[MD5.B8AEF59154FB5F088A874070A41AD50E] - (.Trend Micro Inc. - Client Session Agent.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe   [1011016] [PID.1532]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe   [1821984] [PID.2828]
[MD5.F370905AB2C99FC3196F250619EE0766] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe   [366024] [PID.1252]
[MD5.820BF41BF2471E360DFE0577CAFD4040] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe   [263624] [PID.3048]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [920472] [PID.4968]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe   [17304] [PID.4872]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe   [1855880] [PID.4956]
[MD5.68B8D980999DC76367F23F390E8D9E35] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7417344] [PID.5312]
~ Processes Running:  Scanned in 00mn 01s



---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [Utilisateur] Home URL=http://www.europe1.fr/Divertissement/Ruquier/
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
~ Opera Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [clmhppmblnfegnnihcbjpklnmnnjacmg] Absolutist Games v.10.14.40.128 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hipfkgbfllemillcdbonpfpfplgbdned] coiNttinueetosavoe v.3.9 (Activé)
G2 - GCE: Preference [User Data\Default] [iakpgnpnbjecenhegiidamapakdeodae] SearchNewTab v.1.0 (Activé)   =>Adware.FastSaveApp
~ Google Browser: 16 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\prefs.js
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\user.js
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\rbzsspktaa@y-on.net] [] coiNttinueetosavoe v3.9 (..)
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\zl-2nhbw@j-feuufmgq.net] [] SearchNewTab v1.0 (..)   =>Adware.FastSaveApp
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\{19803860-b306-423c-bbb5-f60a7d82cde5}] [] WiseConvert 1.5  v10.15.2.523 (..)   =>Toolbar.Conduit
~ Firefox Browser: 38 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com   =>Toolbar.Babylon
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 68.180.210.34   vc.yahoo.com
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} Clé orpheline
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe 
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-574071615-2167308713-1033793447-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Arrêt.lnk . (.Microsoft Corporation - Outil d’arrêt et d’annotation Windows.)  -- C:\Windows\System32\shutdown.exe 
O4 - GS\TaskBar: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\TaskBar: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.)  -- C:\Program Files\IncrediMail\bin\IncMail.exe 
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar: Opera.lnk . (.Opera Software - Opera Internet Browser.)  -- C:\Program Files\Opera\opera.exe 
O4 - GS\TaskBar: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.)  -- C:\Program Files\Paltalk Messenger\paltalk.exe 
O4 - GS\TaskBar: Safari.lnk . (...)  -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files\Skype\Phone\Skype.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.)  -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Apple Safari.lnk . (...)  -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.)  -- C:\Program Files\CDBurnerXP\cdbxpp.exe 
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.)  -- C:\Program Files\IncrediMail\bin\IncMail.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.)  -- C:\Program Files\Paltalk Messenger\paltalk.exe 
O4 - GS\QuickLaunch: Songbird.lnk . (.POTI, Inc. - Songbird Web Player.)  -- C:\Program Files\Songbird\songbird.exe 
O4 - GS\QuickLaunch: Ulead Photo Express 5 SE.lnk . (.Ulead Systems, Inc. - Ulead Photo Express.)  -- C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\Ipe.exe 
O4 - GS\QuickLaunch: Upgrade to Paltalk Extreme.lnk - Clé orpheline
O4 - GS\QuickLaunch: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.)  -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files\Skype\Phone\Skype.exe 
O4 - GS\Desktop: Amazon Adventure.lnk . (.Sahmon Studio - Inca Ball.)  -- C:\Program Files\MyRealGames.com\Amazon Adventure\game.exe 
O4 - GS\Desktop: Beetle Bomp.lnk . (...)  -- C:\Program Files\MyRealGames.com\Beetle Bomp\game.exe
O4 - GS\Desktop: Bird Valley.lnk . (...)  -- C:\Program Files\MyRealGames.com\Bird Valley\game.exe
O4 - GS\Desktop: Bubble Bonanza.lnk . (...)  -- C:\Program Files\Absolutist.com\Bubble Bonanza\BubbleBonanza.exe
O4 - GS\Desktop: BVS Solitaire Collection.lnk . (.BVS Development Corporation - BVS Solitaire Collection.)  -- C:\Program Files\BVS Solitaire Collection\CARDS.exe 
O4 - GS\Desktop: Cosmic Ball.lnk . (...)  -- C:\Program Files\MyRealGames.com\Cosmic Ball\game.exe
O4 - GS\Desktop: Documents.lnk . (...)  -- C:\Users\Utilisateur\Documents 
O4 - GS\Desktop: Dragon.lnk . (...)  -- C:\Program Files\MyRealGames.com\Dragon\game.exe
O4 - GS\Desktop: Icy Tower.lnk . (...)  -- C:\games\icytower1.4\icytower14.exe
O4 - GS\Desktop: Images.lnk . (...)  -- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms 
O4 - GS\Desktop: Journal.lnk . (...)  -- C:\Users\Utilisateur\Documents\Comptes et journal\Livre de bord.doc 
O4 - GS\Desktop: Mahjong.lnk - Clé orpheline
O4 - GS\Desktop: Memory.lnk . (.Pas - Pas de description.)  -- C:\Program Files\Memory\Memory.exe 
O4 - GS\Desktop: Pairs parade.lnk . (...)  -- C:\Users\Utilisateur\Documents\FreeSweetGames\Pairsparade\pairsparade.exe
O4 - GS\Desktop: Rainbow Mystery.lnk . (...)  -- C:\Program Files\MyRealGames.com\Rainbow Mystery\game.exe
O4 - GS\Desktop: Rainbow Web 2.lnk . (...)  -- C:\Program Files\MyRealGames.com\Rainbow Web 2\game.exe
O4 - GS\Desktop: Rainbow Web.lnk . (...)  -- C:\Program Files\MyRealGames.com\Rainbow Web\game.exe
O4 - GS\Desktop: Scrabble.lnk . (.gsoft - Pas de description.)  -- C:\Program Files\Ordi Mots\ordiscrab.exe 
O4 - GS\Desktop: Secrets Of Six Seas.lnk . (...)  -- C:\Program Files\MyRealGames.com\Secrets Of Six Seas\game.exe
O4 - GS\Desktop: Solitaire Haven.lnk . (...)  -- C:\Program Files\MyRealGames.com\Solitaire Haven\game.exe
O4 - GS\Desktop: Space Bubbles.lnk . (...)  -- C:\Program Files\MyRealGames.com\Space Bubbles\spacebubbles.exe
O4 - GS\Desktop: SpiderSolitaire -.lnk . (.Microsoft Corporation - Exécutable du jeu Spider Solitaire.)  -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe 
O4 - GS\Desktop: Téléch..lnk . (...)  -- C:\Users\Utilisateur\Downloads 
O4 - GS\Desktop: FastDownload.com.lnk . (...)  -- C:\Program Files\GameTop.com\Yeti Bubbles\website2.url  (.not file.)
O4 - GS\Desktop: GameTeam.com.lnk . (...)  -- C:\Program Files\GameTop.com\Yeti Bubbles\website1.url  (.not file.)
O4 - GS\Desktop: GameTop.com.lnk . (...)  -- C:\Program Files\GameTop.com\Yeti Bubbles\website3.url  (.not file.)
~ Global Startup:  Scanned in 00mn 04s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_0_3.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) . (.Pas de propriétaire - Reflect Service - Enables mounting of image.) - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service:  (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
~ Services: 12 Legitimates Filtered in 00mn 24s



---\\ Tâches planifiées en automatique (O39)
[MD5.F370905AB2C99FC3196F250619EE0766] [APT] [{500C7BFE-F2AC-477B-B7AA-E7A33EF1C1C7}] (.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\IncMail.exe   [366024]
[MD5.00000000000000000000000000000000] [APT] [{B58BD320-DF70-484B-888F-9EE65AB98D50}] (...) -- D:\setup.exe (.not file.)   [0]
[MD5.BB3DCC23DAA6737D181763EA3203F0FF] [APT] [{D10D566A-650B-40E7-8F3B-313DDAA79771}] (...) -- C:\Users\Utilisateur\Documents\WinRAR\WinRAR.exe   [823296]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: Amazon Adventure - (.MyRealGames.com.) [HKLM] -- Amazon Adventure_is1
O42 - Logiciel: Beetle Bomp - (.My Real Games Ltd.) [HKLM] -- Beetle Bomp_is1
O42 - Logiciel: Bird Valley - (.My Real Games Ltd.) [HKLM] -- Bird Valley_is1
O42 - Logiciel: BitMania - (.KalityWeb.) [HKLM] -- {0174ff8d-ff0b-464f-b132-c4f84686f9e2}
O42 - Logiciel: BitMania - (.KalityWeb.) [HKLM] -- {1B68EA83-3C98-40F8-B47C-4F89D827D645}
O42 - Logiciel: Bubble Bonanza v1.0 - (...) [HKLM] -- Bubble Bonanza_is1
O42 - Logiciel: Color Cubes - (.My Real Games Ltd.) [HKLM] -- Color Cubes_is1
O42 - Logiciel: ContentSAFER for Wizmax - (...) [HKLM] -- {C19BE821-89B1-4A96-AC7C-873810C0CB5F}
O42 - Logiciel: Cosmic Ball - (.My Real Games Ltd.) [HKLM] -- Cosmic Ball_is1
O42 - Logiciel: DX-Ball 1.09 - (...) [HKLM] -- DX-Ball 1.09
O42 - Logiciel: Dragon - (.My Real Games Ltd.) [HKLM] -- Dragon_is1
O42 - Logiciel: Easy MEMOry v7.10 - (.Bruno Berenguer.) [HKLM] -- {1BAD0E4C-30CA-491A-BADE-DA2F945A3497}_is1
O42 - Logiciel: Icy Tower v1.4 - (.Free Lunch Design.) [HKLM] -- Icy Tower v1.4_is1
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Secrets Of Six Seas - (.My Real Games Ltd.) [HKLM] -- Secrets Of Six Seas_is1
O42 - Logiciel: Solitaire Haven - (.My Real Games Ltd.) [HKLM] -- Solitaire Haven_is1
O42 - Logiciel: Space Bubbles - (...) [HKLM] -- Space Bubbles_is1
~ Logic: 141 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\CT1075414]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\SmartBar]   =>Hijacker.SmartBar
[HKCU\Software\BrowserMngr]
[HKCU\Software\Cosmic Ball]
[HKCU\Software\FreeSweetGames]
[HKCU\Software\HACE]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\KalityWeb]
[HKCU\Software\PIP]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM]   =>PUP.SweetIM
[HKCU\Software\eSupport.com]   =>Rogue.RegistryWizard
[HKLM\Software\Babylon]   =>Toolbar.Babylon
[HKLM\Software\BrowserMngr]
[HKLM\Software\ImInstaller]
[HKLM\Software\KalityWeb]
[HKLM\Software\PIP]
[HKLM\Software\SOLVER]
[HKLM\Software\SweetIM]   =>PUP.SweetIM
~ Key Software: 271 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/05/2013 - 20:17:09 - [5,867] ----D C:\Program Files\BitMania
O43 - CFD: 27/11/2010 - 16:31:12 - [2,261] ----D C:\Program Files\DX-Ball
O43 - CFD: 06/12/2012 - 08:38:31 - [3,333] ----D C:\Program Files\Easy MEMOry
O43 - CFD: 10/09/2012 - 18:07:40 - [0,024] ----D C:\Program Files\FileConverter_1.5
O43 - CFD: 29/01/2013 - 21:57:50 - [0,001] ----D C:\Program Files\Frozen-Bubble
O43 - CFD: 16/01/2013 - 17:12:23 - [1,506] ----D C:\Program Files\GamesBar   =>Adware.GamesBar
O43 - CFD: 13/03/2012 - 21:06:55 - [1,376] ----D C:\Program Files\HACE
O43 - CFD: 06/11/2011 - 18:22:27 - [28,617] ----D C:\Program Files\IncrediMail
O43 - CFD: 16/04/2012 - 18:18:48 - [0,757] ----D C:\Program Files\Memory
O43 - CFD: 14/08/2012 - 20:06:24 - [0] ----D C:\ProgramData\Babylon   =>Toolbar.Babylon
O43 - CFD: 14/08/2012 - 20:06:53 - [8,186] ----D C:\ProgramData\Browser Manager
O43 - CFD: 27/05/2013 - 08:38:05 - [0,132] ----D C:\ProgramData\coiNttinueetosavoe   =>PUP.OfferWare
O43 - CFD: 29/01/2013 - 21:39:20 - [3,146] ----D C:\ProgramData\Cosmic Ball
O43 - CFD: 03/02/2013 - 11:56:36 - [3,256] ----D C:\ProgramData\Dragon
O43 - CFD: 27/11/2010 - 12:43:18 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 27/11/2010 - 12:42:48 - [11,665] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/05/2013 - 13:26:08 - [3,454] ----D C:\ProgramData\InstallMate
O43 - CFD: 27/05/2013 - 08:40:26 - [0,132] ----D C:\ProgramData\SearchNewTab   =>Adware.FastSaveApp
O43 - CFD: 31/05/2013 - 13:26:02 - [0] ----D C:\ProgramData\StarApp
O43 - CFD: 10/09/2012 - 18:07:39 - [0,054] ----D C:\ProgramData\uorvldjkrszrhwy
O43 - CFD: 14/08/2012 - 20:06:24 - [0,007] ----D C:\Users\Utilisateur\AppData\Roaming\Babylon   =>Toolbar.Babylon
O43 - CFD: 16/04/2012 - 18:28:08 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\FreeSweetGames
O43 - CFD: 05/05/2013 - 20:16:17 - [0,019] ----D C:\Users\Utilisateur\AppData\Local\eSupport.com   =>Rogue.RegistryWizard
O43 - CFD: 16/01/2011 - 18:56:51 - [190,729] ----D C:\Users\Utilisateur\AppData\Local\IM
O43 - CFD: 16/01/2013 - 17:16:23 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games
O43 - CFD: 16/04/2012 - 18:28:03 - [0,004] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeSweetGames
~ 721 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1102 Legitimates Filtered in 01mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6C6DD007D9B4BEA1D2D83328F1834D85] - 18/05/2013 - 18:01:30 ---A- . (...) -- C:\Windows\win.ini   [562]
~ Files: 37 Legitimates Filtered in 02mn 08s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.936D87429DC60012A844C6EFB2BFDC76] - 01/06/2013 - 09:48:37 ---A- - C:\Windows\Prefetch\UIUPDATETRAY.EXE-7B204E08.pf
O45 - LFCP:[MD5.E0A2E1A2565C3A495A3B587F13221A7E] - 01/06/2013 - 10:27:03 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-8674A44D.pf
O45 - LFCP:[MD5.EE88D466728102B6DB051BC6E9866BD0] - 01/06/2013 - 10:27:05 ---A- - C:\Windows\Prefetch\IMLPP.EXE-8B4B9E1E.pf
O45 - LFCP:[MD5.D41E0F52B2ED26757F4391B59670C900] - 01/06/2013 - 10:27:10 ---A- - C:\Windows\Prefetch\IMAPP.EXE-005076D7.pf
O45 - LFCP:[MD5.CECB19A840871E0F4AB6871C148B2DA1] - 01/06/2013 - 10:28:14 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-E138605A.pf
O45 - LFCP:[MD5.973506CFDA5F009951545026C11759E6] - 01/06/2013 - 10:40:22 ---A- - C:\Windows\Prefetch\ORDISCRAB.EXE-7A579950.pf
O45 - LFCP:[MD5.7018F20DCA1D36E0C4C4861B25B81210] - 31/05/2013 - 09:18:46 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-70506E97.pf
O45 - LFCP:[MD5.2EBB4B12DC1C8AF17DD45A342743C0F5] - 31/05/2013 - 09:22:29 ---A- - C:\Windows\Prefetch\ICYTOWER14.EXE-DAD97674.pf
O45 - LFCP:[MD5.1F6085643D40CC7B9BB4B1D378FB0A0D] - 31/05/2013 - 10:55:56 ---A- - C:\Windows\Prefetch\MEMORY.EXE-261CBA18.pf
O45 - LFCP:[MD5.B1B86C6487F096604EE7FE173B7A0D9E] - 31/05/2013 - 10:59:02 ---A- - C:\Windows\Prefetch\PSTARTER.EXE-20868020.pf
O45 - LFCP:[MD5.E7313557482330F04B29E543548B7202] - 31/05/2013 - 12:25:46 ---A- - C:\Windows\Prefetch\CHARMED.S08E08.FRENCH.INTERNA-406F0950.pf
O45 - LFCP:[MD5.6A103CCFD0A6BC0E5063A8AFA3794432] - 31/05/2013 - 12:31:25 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-02848152.pf
O45 - LFCP:[MD5.A57C3FDE3CB7E2CC53B516F7E3DEA9DB] - 31/05/2013 - 18:30:12 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.TMP-D5DA7350.pf
O45 - LFCP:[MD5.3ACE7E788F5312CCC9575C647F69E08D] - 31/05/2013 - 18:30:42 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.EXE-85CE687C.pf
O45 - LFCP:[MD5.BE110B397B10292CC86E862D28D394F5] - 31/05/2013 - 18:30:42 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.TMP-6380031D.pf
O45 - LFCP:[MD5.FAA08ED50ED41335FE7964D9F419C117] - 31/05/2013 - 18:31:37 ---A- - C:\Windows\Prefetch\PCLOUDCLEANER.EXE-E61A89A4.pf
O45 - LFCP:[MD5.D45EA69F4925E7BB1A9E74C969F33284] - 31/05/2013 - 18:32:46 ---A- - C:\Windows\Prefetch\PAVCL.EXE-877C902D.pf
O45 - LFCP:[MD5.5962FAB5D946A9112C066686F4594E28] - 31/05/2013 - 19:33:01 ---A- - C:\Windows\Prefetch\GAME.SGD-0B15B566.pf
O45 - LFCP:[MD5.1A6855FA94FF8B502F246389F71C772A] - 31/05/2013 - 19:47:29 ---A- - C:\Windows\Prefetch\IMBPP.EXE-8150060C.pf
~ Prefetcher: 120 Legitimates Filtered in 00mn 02s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail  [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O53 - SMSR:HKLM\...\startupreg\Mmm  [Key] . (...) -- C:\Program Files\HACE\Mmm\Mmm.exe
~ SMSR Keys: 25 Legitimates Filtered in 00mn 02s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 10:27:13 ---A- C:\Users\Utilisateur\AppData\Local\IM\content.xml   [32786]
O61 - LFC: 01/06/2013 - 11:20:07 ---A- C:\Users\Utilisateur\AppData\Local\IM\Lex\IMSTP12.gif   [47958]
O61 - LFC: 29/05/2013 - 18:39:05 ---A- C:\Users\Utilisateur\AppData\Roaming\BVS Solitaire Collection\bvslog.dat   [6272]
O61 - LFC: 31/05/2013 - 09:01:50 ---A- C:\Users\Utilisateur\Downloads\PandaCloudCleaner.exe   [21353400]
O61 - LFC: 31/05/2013 - 09:15:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Sahmon Games\game\1.0\Options.lbm   [556]
O61 - LFC: 31/05/2013 - 10:48:56 ---A- C:\Users\Utilisateur\Downloads\ticket.pdf   [18666]
O61 - LFC: 31/05/2013 - 12:39:54 ---A- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Local State   [39200]
O61 - LFC: 31/05/2013 - 12:39:56 ---A- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt   [5]
O61 - LFC: 31/05/2013 - 17:52:58 ---A- C:\Users\Utilisateur\Documents\Comptes et journal\Livre de bord.doc   [175104]
~ 12 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 708 Legitimates Filtered in 07mn 40s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_TMP_city", "");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_TMP_country", "FR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_country", "FRANCE");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_locId", "FRXX0076");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_location", "Paris, France");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_region", "FR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_temp_dis", "c");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_wind_dis", "kmh");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.weatherData", "{\"icon\":\"05.png\",\"temperature\":\"2°C\",\"temperatureClear\":\"2°C\",\"highTemp[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.CBOpenMAMSettings.enc", "MA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_DaysActivity.enc", "MTM2MzAxMjk3NTA3MQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_firstTimeNotification_129684275535203882.enc", "bm8=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_lang.enc", "RlI=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_welcome_popup_text.enc", "Q2xpcXVleiBwb3VyIG9yZ2FuaXNlciB2b3MgcmVuZGV6LXZvdXMsIGFubml2ZXJzYWlyZXMgZX[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_welcome_popup_title.enc", "QmllbnZlbnVlIHN1ciBDYWxlbmRhcis=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.FirstTime", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.FirstTimeFF3", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.LoginRevertSettingsEnabled", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.PG_ENABLE", "dHJ1ZQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.RevertSettingsEnabled", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchAppState.enc", "MQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchAppTracking.enc", "c2VudA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN2062[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.UserID", "UN20628278292440757");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.appButtonDisablenull.enc", "MA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.autoDisableScopes", -1);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.bDay_InstallDate.enc", "MTEtMg==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.bDay_InstallFromToolbar.enc", "eWVz");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.browser.search.defaultthis.engineName", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.cbcountry_001.enc", "RlI=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.cbfirsttime.enc", "V2VkIEphbiAxNiAyMDEzIDE2OjIwOjA0IEdNVCswMTAw");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.defaultSearch", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.embeddedsData", "[{\"appId\":\"128286974206156684\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.enableFix404ByUser", "TRUE");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.enableSearchFromAddressBar", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundErrorByUser", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixUrls", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.homepageuserchanged", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.http___calendar_conduitapps_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZW[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.http___pinterest_aot_im.isEnabled.enc", "WQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installDate", "16/1/2013 11:11:56");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installId", "toolbarconduit.exe");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isPerformedSmartBarTransition", "true");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.keyword", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT1075414&octid=CT1[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.lastVersion", "10.14.65.43");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TI[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.openThankYouPage", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.openUninstallPage", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.price-gong.isManagedApp", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.revertSettingsEnabled", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.search.searchAppId", "128286974206156684");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.search.searchCount", "0");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1075414\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Absoluti[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Absolutist Game[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358334103629");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_appsMetadata_lastUpdate", "1358334103781");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358349591024");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_location_lastUpdate", "1363012958140");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362497653236");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363012957811");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358349590413");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_searchAPI_lastUpdate", "1358334100504");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_serviceMap_lastUpdate", "1363012604563");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_setupAPI_lastUpdate", "1363012960117");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358349590926");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_toolbarSettings_lastUpdate", "1363012604440");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_translation_lastUpdate", "1363012604539");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.settingsINI", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.CTID", "CT1075414");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.Uninstall", "1");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.homepage", "true");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.isHidden", false);   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.toolbarName", "Absolutist Games ");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.startPage", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.superCalendar_close_popup_129684275535203882.enc", "MC4zMDQzNDcyMjk1NTkyOTY2");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.super_Calendar_show_welcome_popup_129684275535203882.enc", "eWVz");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.toolbarBornServerTime", "16-1-2013");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.toolbarCurrentServerTime", "11-3-2013");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363012862667,\"isWithState\"[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.EMailNotifierPollDate", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.FirstTimeFF3", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.FirstTimeSettingsDone", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Initialize", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InstallationType", "UnknownIntegration");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InstalledDate", "Wed Dec 01 2010 19:34:03 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsGrouping", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsMulticommunity", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsOpenThankYouPage", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.LanguagePackLastCheckTime", "Wed Dec 01 2010 19:34:05 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Locale", "fr-fr");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SearchEngine", "Recherche||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2613520&octid=EB_O[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsCheckIntervalMin", 120);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsLastCheckTime", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsLastUpdate", "1285580322");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsLastCheck", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsLastUpdate", "1255348267");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Uninstall", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.alertChannelId", "1006317");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CommunityToolbar.ToolbarsList", "CT2613520");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 01 2010 19:34:04 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT1075414&SearchSource=13&CUI=UN20628278292440757");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitSearchEngineList", "Absolutist Games Customized Web Search");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN20628278[...]   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.newtab.url", "http://home.sweetim.com/?src=97&barid={CDB639EE-E63C-11E1-A8B1-6C626D6A10FA}");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaultenginename", "SweetIM Search");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaultthis.engineName", "Absolutist Games Customized Web Search");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=3&q={searchTerms}&CU[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.selectedEngine", "Absolutist Games Customized Web Search");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.5184d41585207.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...]   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.admin", false);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.aflt", "babsst");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.bbDpng", 20);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.cntry", "FR");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.dfltLng", "en");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.excTlbr", false);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.firstRun", false);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.hdrMd5", "A3C43F2839CD4D8147ADAA566BA95AA5");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.id", "e84277fa0000000000006c626d6a10fa");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.instlDay", "15566");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.instlRef", "sst");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.lastActv", "20");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.lastDP", 20);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.newTab", true);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.propectorlck", 60366536);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.ptch_0717", true);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.sid", "78267d2bdfbb4d989c344facd2362362");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.tlbrId", "base");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q=");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.babExt", "");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111804&tt=120812_bandext_3312_2");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.newTab", true);   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=111804&tt=120812_bandext_3312_2&babsrc=NT_ss&[...]   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.620:06:40");   =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT1075414&SearchSource=13&CUI=UN20628278292440757");   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN2[...]   =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.intervaldays", "7");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cargo", "3.1010000.10015");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.returnValue", "none");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.height", "335");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version[...]   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.width", "761");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.height", "300");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.width", "500");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.height", "150");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.width", "530");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.[...]   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.mode.debug", "false");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.newtab.created", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.newtab.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.newtab.url", "http://search.babylon.com/?affID=111804&tt=120812_bandext_3312_2&babsrc=[...]   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "SpeedBit Search");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.speedbit.com/searchresults.asp?src=default&q=");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SpeedBit Search");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.speedbit.com");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.keyword.URL", "http://search.speedbit.com/searchresults.asp?src=default&q=");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.enable", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.callback", "");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*[...]   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.enable", "false");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.url", "http://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.enable", "false");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_httpS");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.url", "https://sc.sweetim.com/apps/in/fb/infb.js");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\[...]   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.search.history.capacity", "10");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.enable", "false");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.simapp_id", "{CDB639EE-E63C-11E1-A8B1-6C626D6A10FA}");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000.10015");   =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.version", "1.7.0.3");   =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {13C3C90C-3A3D-4564-A4BA-60A5A757CE0F} - (Absolutist Games Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {149DB845-9E3F-4902-9E71-70A9309284C9} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {21856B40-4CF0-4930-B0DD-1D5AFEDAD4D2} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.A117983DC9825757A5AE5450293DE580] [SPRF][28/11/2010] (...) -- C:\ProgramData\ezsidmv.dat   [56]
[MD5.C34CC35F46740BFFC39AC47B0043E5F5] [SPRF][30/05/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\MaConfigSetupTemp.exe   [4309920]
[MD5.82147E41781B52BEFB69139DBB211177] [SPRF][31/05/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Utilisateur\AppData\Local\Temp\setup.exe   [1122440]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll   [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe   [196608]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll   [172032]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll   [161976]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{B8AC3ED6-3D56-4097-BE2C-4F83A95925AE}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{A604AD83-A14B-4365-82A0-47055FE110D3}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{F75014EA-128D-4CC7-9428-38C81988A3AE}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{55480057-F24C-49B1-93A5-423AA86F18D9}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{597CD18C-B23F-499C-9D83-459EEF5D45C8}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "{24788F46-CB7F-4301-8733-0ABA89E776EF}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
~ Firewall: 215 Legitimates Filtered in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (29/05/2013)
Clés trouvées (Keys found) : 94
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 15
Fichiers trouvés  (Files found) : 0

[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}]   =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]   =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}]   =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}]   =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}]   =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}]   =>Hijacker.Seeearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}]   =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}]   =>Adware. BullseyeToolbar
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}]   =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE]   =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler]   =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1]   =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils]   =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1]   =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook]   =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook]   =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1]   =>Adware.Agent
[HKCU\Software\1ClickDownload]   =>PUP.1ClickDownloader
[HKCU\Software\APN PIP]   =>Toolbar.Ask
[HKCU\Software\BrowserMngr]   =>Toolbar.Babylon
[HKLM\Software\BrowserMngr]   =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]   =>Toolbar.Conduit
[HKCU\Software\KalityWeb]   =>Toolbar.Agent
[HKLM\Software\KalityWeb]   =>Toolbar.Agent
[HKCU\Software\PIP]   =>Toolbar.Ask
[HKLM\Software\PIP]   =>Toolbar.Ask
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKCU\Software\SweetIM]   =>PUP.SweetIM
[HKLM\Software\SweetIM]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]   =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]   =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]   =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]   =>Toolbar.Yahoo
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]   =>Adware.MagniPic
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar]   =>Toolbar.ZoneAlarm
[HKCU\Software\eSupport.com]   =>Rogue.RegistryWizard
[HKLM\Software\Classes\IncrediSpooler.DeltaSync]   =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1]   =>toolbar.DeltaSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper]   =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2613520]   =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager]   =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1]   =>Toolbar.Agent
C:\Program Files\GamesBar   =>Adware.GamesBar
C:\ProgramData\Babylon   =>Toolbar.Babylon
C:\ProgramData\Browser Manager   =>Toolbar.Babylon
C:\ProgramData\SearchNewTab   =>Adware.FastSaveApp
C:\ProgramData\InstallMate   =>Toolbar.Agent
C:\Users\Utilisateur\AppData\Roaming\Babylon   =>Toolbar.Babylon
C:\Users\Utilisateur\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\eSupport.com   =>Rogue.RegistryWizard
C:\Users\Utilisateur\AppData\LocalLow\BabylonToolbar   =>Toolbar.Babylon
C:\Users\Utilisateur\AppData\LocalLow\SearchNewTab   =>Adware.FastSaveApp
C:\Users\Utilisateur\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\LocalLow\PriceGong   =>Adware.PriceGong
C:\Users\Utilisateur\AppData\LocalLow\Toolbar4   =>Toolbar.Conduit
C:\ProgramData\coiNttinueetosavoe  =>PUP.Offerware^
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\Smartbar   =>Hijacker.SmartBar
~ Additionnel Scan: 249605 Items scanned in 00mn 22s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
~ Update Products: 60 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 31/05/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/09/2012 200632 |  (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SS - | Auto 29/11/2010 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/11/2010 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 30/04/2012 497280 |  (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SS - | Auto  8192 |  (KMService) . (...) - C:\Windows\system32\srvany.exe
SR - | Auto 15/05/2013 755536 |  (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 24/05/2013 117144 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 18/01/2013 639776 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 29/12/2012 1260472 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto  220824 |  (ReflectService) . (...) - C:\Program Files\Macrium\Reflect\ReflectService.exe
SS - | Auto 01/03/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 18/01/2013 383264 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 18/01/2012 450848 |  (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Demand 03/05/2012 2446872 |  (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 04s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Utilisateur at 01/06/2013 12:30:13

~ MBR: 3 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Utilisateur at 01/06/2013 12:30:15

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 2963 Legitimates filtered by white list
End of the scan (947 lines in 15mn 24s)(0)