Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.5.29.157 par Nicolas Coolman, Update du 29/05/2013
Run by Utilisateur at 01/06/2013 12:14:50
WebSite: http://nicolascoolman.webs.com
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.94
OPIE: Opera v12.15
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : JQH4W
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Panda Cloud Cleaner v1.0.45
Trend Micro Titanium v5.00
Windows Defender W7
---\\ System Optimizer
CCleaner v3.08 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 104 GB (35%) free of 290 GB
---\\ Logged in mode
~ Computer Name: PC-UTILISATEUR
~ User Name: Utilisateur
~ All Users Names: Utilisateur, UpdatusUser, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 104 Go of 290 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.2C96B3921B4CDE10DBAED5AAD760DB67] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/04/2013 - 23:02:17.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/6514
~ Mes musiques (My Musics) : 1/2455
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/62
~ Mes Documents (My Documents) : 2/590
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 14s
---\\ Processus lanc�s
[MD5.B8AEF59154FB5F088A874070A41AD50E] - (.Trend Micro Inc. - Client Session Agent.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe [1011016] [PID.1532]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2828]
[MD5.F370905AB2C99FC3196F250619EE0766] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe [366024] [PID.1252]
[MD5.820BF41BF2471E360DFE0577CAFD4040] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe [263624] [PID.3048]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4968]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.4872]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4956]
[MD5.68B8D980999DC76367F23F390E8D9E35] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7417344] [PID.5312]
~ Processes Running: Scanned in 00mn 01s
---\\ Opera, Plugins,D�marrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [Utilisateur] Home URL=http://www.europe1.fr/Divertissement/Ruquier/
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
~ Opera Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [clmhppmblnfegnnihcbjpklnmnnjacmg] Absolutist Games v.10.14.40.128 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [hipfkgbfllemillcdbonpfpfplgbdned] coiNttinueetosavoe v.3.9 (Activ�)
G2 - GCE: Preference [User Data\Default] [iakpgnpnbjecenhegiidamapakdeodae] SearchNewTab v.1.0 (Activ�) =>Adware.FastSaveApp
~ Google Browser: 16 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\prefs.js
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\user.js
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\rbzsspktaa@y-on.net] [] coiNttinueetosavoe v3.9 (..)
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\zl-2nhbw@j-feuufmgq.net] [] SearchNewTab v1.0 (..) =>Adware.FastSaveApp
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\{19803860-b306-423c-bbb5-f60a7d82cde5}] [] WiseConvert 1.5 v10.15.2.523 (..) =>Toolbar.Conduit
~ Firefox Browser: 38 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>Toolbar.Babylon
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 68.180.210.34 vc.yahoo.com
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Cl� orpheline
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} Cl� orpheline
~ BHO: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-574071615-2167308713-1033793447-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Arr�t.lnk . (.Microsoft Corporation - Outil d�arr�t et d�annotation Windows.) -- C:\Windows\System32\shutdown.exe
O4 - GS\TaskBar: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\opera.exe
O4 - GS\TaskBar: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\TaskBar: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\QuickLaunch: Songbird.lnk . (.POTI, Inc. - Songbird Web Player.) -- C:\Program Files\Songbird\songbird.exe
O4 - GS\QuickLaunch: Ulead Photo Express 5 SE.lnk . (.Ulead Systems, Inc. - Ulead Photo Express.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\Ipe.exe
O4 - GS\QuickLaunch: Upgrade to Paltalk Extreme.lnk - Cl� orpheline
O4 - GS\QuickLaunch: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Amazon Adventure.lnk . (.Sahmon Studio - Inca Ball.) -- C:\Program Files\MyRealGames.com\Amazon Adventure\game.exe
O4 - GS\Desktop: Beetle Bomp.lnk . (...) -- C:\Program Files\MyRealGames.com\Beetle Bomp\game.exe
O4 - GS\Desktop: Bird Valley.lnk . (...) -- C:\Program Files\MyRealGames.com\Bird Valley\game.exe
O4 - GS\Desktop: Bubble Bonanza.lnk . (...) -- C:\Program Files\Absolutist.com\Bubble Bonanza\BubbleBonanza.exe
O4 - GS\Desktop: BVS Solitaire Collection.lnk . (.BVS Development Corporation - BVS Solitaire Collection.) -- C:\Program Files\BVS Solitaire Collection\CARDS.exe
O4 - GS\Desktop: Cosmic Ball.lnk . (...) -- C:\Program Files\MyRealGames.com\Cosmic Ball\game.exe
O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\Utilisateur\Documents
O4 - GS\Desktop: Dragon.lnk . (...) -- C:\Program Files\MyRealGames.com\Dragon\game.exe
O4 - GS\Desktop: Icy Tower.lnk . (...) -- C:\games\icytower1.4\icytower14.exe
O4 - GS\Desktop: Images.lnk . (...) -- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
O4 - GS\Desktop: Journal.lnk . (...) -- C:\Users\Utilisateur\Documents\Comptes et journal\Livre de bord.doc
O4 - GS\Desktop: Mahjong.lnk - Cl� orpheline
O4 - GS\Desktop: Memory.lnk . (.Pas - Pas de description.) -- C:\Program Files\Memory\Memory.exe
O4 - GS\Desktop: Pairs parade.lnk . (...) -- C:\Users\Utilisateur\Documents\FreeSweetGames\Pairsparade\pairsparade.exe
O4 - GS\Desktop: Rainbow Mystery.lnk . (...) -- C:\Program Files\MyRealGames.com\Rainbow Mystery\game.exe
O4 - GS\Desktop: Rainbow Web 2.lnk . (...) -- C:\Program Files\MyRealGames.com\Rainbow Web 2\game.exe
O4 - GS\Desktop: Rainbow Web.lnk . (...) -- C:\Program Files\MyRealGames.com\Rainbow Web\game.exe
O4 - GS\Desktop: Scrabble.lnk . (.gsoft - Pas de description.) -- C:\Program Files\Ordi Mots\ordiscrab.exe
O4 - GS\Desktop: Secrets Of Six Seas.lnk . (...) -- C:\Program Files\MyRealGames.com\Secrets Of Six Seas\game.exe
O4 - GS\Desktop: Solitaire Haven.lnk . (...) -- C:\Program Files\MyRealGames.com\Solitaire Haven\game.exe
O4 - GS\Desktop: Space Bubbles.lnk . (...) -- C:\Program Files\MyRealGames.com\Space Bubbles\spacebubbles.exe
O4 - GS\Desktop: SpiderSolitaire -.lnk . (.Microsoft Corporation - Ex�cutable du jeu Spider Solitaire.) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
O4 - GS\Desktop: T�l�ch..lnk . (...) -- C:\Users\Utilisateur\Downloads
O4 - GS\Desktop: FastDownload.com.lnk . (...) -- C:\Program Files\GameTop.com\Yeti Bubbles\website2.url (.not file.)
O4 - GS\Desktop: GameTeam.com.lnk . (...) -- C:\Program Files\GameTop.com\Yeti Bubbles\website1.url (.not file.)
O4 - GS\Desktop: GameTop.com.lnk . (...) -- C:\Program Files\GameTop.com\Yeti Bubbles\website3.url (.not file.)
~ Global Startup: Scanned in 00mn 04s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_0_3.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) . (.Pas de propri�taire - Reflect Service - Enables mounting of image.) - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
~ Services: 12 Legitimates Filtered in 00mn 24s
---\\ T�ches planifi�es en automatique (O39)
[MD5.F370905AB2C99FC3196F250619EE0766] [APT] [{500C7BFE-F2AC-477B-B7AA-E7A33EF1C1C7}] (.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\IncMail.exe [366024]
[MD5.00000000000000000000000000000000] [APT] [{B58BD320-DF70-484B-888F-9EE65AB98D50}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.BB3DCC23DAA6737D181763EA3203F0FF] [APT] [{D10D566A-650B-40E7-8F3B-313DDAA79771}] (...) -- C:\Users\Utilisateur\Documents\WinRAR\WinRAR.exe [823296]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 08s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Amazon Adventure - (.MyRealGames.com.) [HKLM] -- Amazon Adventure_is1
O42 - Logiciel: Beetle Bomp - (.My Real Games Ltd.) [HKLM] -- Beetle Bomp_is1
O42 - Logiciel: Bird Valley - (.My Real Games Ltd.) [HKLM] -- Bird Valley_is1
O42 - Logiciel: BitMania - (.KalityWeb.) [HKLM] -- {0174ff8d-ff0b-464f-b132-c4f84686f9e2}
O42 - Logiciel: BitMania - (.KalityWeb.) [HKLM] -- {1B68EA83-3C98-40F8-B47C-4F89D827D645}
O42 - Logiciel: Bubble Bonanza v1.0 - (...) [HKLM] -- Bubble Bonanza_is1
O42 - Logiciel: Color Cubes - (.My Real Games Ltd.) [HKLM] -- Color Cubes_is1
O42 - Logiciel: ContentSAFER for Wizmax - (...) [HKLM] -- {C19BE821-89B1-4A96-AC7C-873810C0CB5F}
O42 - Logiciel: Cosmic Ball - (.My Real Games Ltd.) [HKLM] -- Cosmic Ball_is1
O42 - Logiciel: DX-Ball 1.09 - (...) [HKLM] -- DX-Ball 1.09
O42 - Logiciel: Dragon - (.My Real Games Ltd.) [HKLM] -- Dragon_is1
O42 - Logiciel: Easy MEMOry v7.10 - (.Bruno Berenguer.) [HKLM] -- {1BAD0E4C-30CA-491A-BADE-DA2F945A3497}_is1
O42 - Logiciel: Icy Tower v1.4 - (.Free Lunch Design.) [HKLM] -- Icy Tower v1.4_is1
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Secrets Of Six Seas - (.My Real Games Ltd.) [HKLM] -- Secrets Of Six Seas_is1
O42 - Logiciel: Solitaire Haven - (.My Real Games Ltd.) [HKLM] -- Solitaire Haven_is1
O42 - Logiciel: Space Bubbles - (...) [HKLM] -- Space Bubbles_is1
~ Logic: 141 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\CT1075414]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\BrowserMngr]
[HKCU\Software\Cosmic Ball]
[HKCU\Software\FreeSweetGames]
[HKCU\Software\HACE]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\KalityWeb]
[HKCU\Software\PIP]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\eSupport.com] =>Rogue.RegistryWizard
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\BrowserMngr]
[HKLM\Software\ImInstaller]
[HKLM\Software\KalityWeb]
[HKLM\Software\PIP]
[HKLM\Software\SOLVER]
[HKLM\Software\SweetIM] =>PUP.SweetIM
~ Key Software: 271 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/05/2013 - 20:17:09 - [5,867] ----D C:\Program Files\BitMania
O43 - CFD: 27/11/2010 - 16:31:12 - [2,261] ----D C:\Program Files\DX-Ball
O43 - CFD: 06/12/2012 - 08:38:31 - [3,333] ----D C:\Program Files\Easy MEMOry
O43 - CFD: 10/09/2012 - 18:07:40 - [0,024] ----D C:\Program Files\FileConverter_1.5
O43 - CFD: 29/01/2013 - 21:57:50 - [0,001] ----D C:\Program Files\Frozen-Bubble
O43 - CFD: 16/01/2013 - 17:12:23 - [1,506] ----D C:\Program Files\GamesBar =>Adware.GamesBar
O43 - CFD: 13/03/2012 - 21:06:55 - [1,376] ----D C:\Program Files\HACE
O43 - CFD: 06/11/2011 - 18:22:27 - [28,617] ----D C:\Program Files\IncrediMail
O43 - CFD: 16/04/2012 - 18:18:48 - [0,757] ----D C:\Program Files\Memory
O43 - CFD: 14/08/2012 - 20:06:24 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 14/08/2012 - 20:06:53 - [8,186] ----D C:\ProgramData\Browser Manager
O43 - CFD: 27/05/2013 - 08:38:05 - [0,132] ----D C:\ProgramData\coiNttinueetosavoe =>PUP.OfferWare
O43 - CFD: 29/01/2013 - 21:39:20 - [3,146] ----D C:\ProgramData\Cosmic Ball
O43 - CFD: 03/02/2013 - 11:56:36 - [3,256] ----D C:\ProgramData\Dragon
O43 - CFD: 27/11/2010 - 12:43:18 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 27/11/2010 - 12:42:48 - [11,665] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/05/2013 - 13:26:08 - [3,454] ----D C:\ProgramData\InstallMate
O43 - CFD: 27/05/2013 - 08:40:26 - [0,132] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
O43 - CFD: 31/05/2013 - 13:26:02 - [0] ----D C:\ProgramData\StarApp
O43 - CFD: 10/09/2012 - 18:07:39 - [0,054] ----D C:\ProgramData\uorvldjkrszrhwy
O43 - CFD: 14/08/2012 - 20:06:24 - [0,007] ----D C:\Users\Utilisateur\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 16/04/2012 - 18:28:08 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\FreeSweetGames
O43 - CFD: 05/05/2013 - 20:16:17 - [0,019] ----D C:\Users\Utilisateur\AppData\Local\eSupport.com =>Rogue.RegistryWizard
O43 - CFD: 16/01/2011 - 18:56:51 - [190,729] ----D C:\Users\Utilisateur\AppData\Local\IM
O43 - CFD: 16/01/2013 - 17:16:23 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games
O43 - CFD: 16/04/2012 - 18:28:03 - [0,004] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeSweetGames
~ 721 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1102 Legitimates Filtered in 01mn 02s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.6C6DD007D9B4BEA1D2D83328F1834D85] - 18/05/2013 - 18:01:30 ---A- . (...) -- C:\Windows\win.ini [562]
~ Files: 37 Legitimates Filtered in 02mn 08s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.936D87429DC60012A844C6EFB2BFDC76] - 01/06/2013 - 09:48:37 ---A- - C:\Windows\Prefetch\UIUPDATETRAY.EXE-7B204E08.pf
O45 - LFCP:[MD5.E0A2E1A2565C3A495A3B587F13221A7E] - 01/06/2013 - 10:27:03 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-8674A44D.pf
O45 - LFCP:[MD5.EE88D466728102B6DB051BC6E9866BD0] - 01/06/2013 - 10:27:05 ---A- - C:\Windows\Prefetch\IMLPP.EXE-8B4B9E1E.pf
O45 - LFCP:[MD5.D41E0F52B2ED26757F4391B59670C900] - 01/06/2013 - 10:27:10 ---A- - C:\Windows\Prefetch\IMAPP.EXE-005076D7.pf
O45 - LFCP:[MD5.CECB19A840871E0F4AB6871C148B2DA1] - 01/06/2013 - 10:28:14 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-E138605A.pf
O45 - LFCP:[MD5.973506CFDA5F009951545026C11759E6] - 01/06/2013 - 10:40:22 ---A- - C:\Windows\Prefetch\ORDISCRAB.EXE-7A579950.pf
O45 - LFCP:[MD5.7018F20DCA1D36E0C4C4861B25B81210] - 31/05/2013 - 09:18:46 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-70506E97.pf
O45 - LFCP:[MD5.2EBB4B12DC1C8AF17DD45A342743C0F5] - 31/05/2013 - 09:22:29 ---A- - C:\Windows\Prefetch\ICYTOWER14.EXE-DAD97674.pf
O45 - LFCP:[MD5.1F6085643D40CC7B9BB4B1D378FB0A0D] - 31/05/2013 - 10:55:56 ---A- - C:\Windows\Prefetch\MEMORY.EXE-261CBA18.pf
O45 - LFCP:[MD5.B1B86C6487F096604EE7FE173B7A0D9E] - 31/05/2013 - 10:59:02 ---A- - C:\Windows\Prefetch\PSTARTER.EXE-20868020.pf
O45 - LFCP:[MD5.E7313557482330F04B29E543548B7202] - 31/05/2013 - 12:25:46 ---A- - C:\Windows\Prefetch\CHARMED.S08E08.FRENCH.INTERNA-406F0950.pf
O45 - LFCP:[MD5.6A103CCFD0A6BC0E5063A8AFA3794432] - 31/05/2013 - 12:31:25 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-02848152.pf
O45 - LFCP:[MD5.A57C3FDE3CB7E2CC53B516F7E3DEA9DB] - 31/05/2013 - 18:30:12 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.TMP-D5DA7350.pf
O45 - LFCP:[MD5.3ACE7E788F5312CCC9575C647F69E08D] - 31/05/2013 - 18:30:42 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.EXE-85CE687C.pf
O45 - LFCP:[MD5.BE110B397B10292CC86E862D28D394F5] - 31/05/2013 - 18:30:42 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.TMP-6380031D.pf
O45 - LFCP:[MD5.FAA08ED50ED41335FE7964D9F419C117] - 31/05/2013 - 18:31:37 ---A- - C:\Windows\Prefetch\PCLOUDCLEANER.EXE-E61A89A4.pf
O45 - LFCP:[MD5.D45EA69F4925E7BB1A9E74C969F33284] - 31/05/2013 - 18:32:46 ---A- - C:\Windows\Prefetch\PAVCL.EXE-877C902D.pf
O45 - LFCP:[MD5.5962FAB5D946A9112C066686F4594E28] - 31/05/2013 - 19:33:01 ---A- - C:\Windows\Prefetch\GAME.SGD-0B15B566.pf
O45 - LFCP:[MD5.1A6855FA94FF8B502F246389F71C772A] - 31/05/2013 - 19:47:29 ---A- - C:\Windows\Prefetch\IMBPP.EXE-8150060C.pf
~ Prefetcher: 120 Legitimates Filtered in 00mn 02s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O53 - SMSR:HKLM\...\startupreg\Mmm [Key] . (...) -- C:\Program Files\HACE\Mmm\Mmm.exe
~ SMSR Keys: 25 Legitimates Filtered in 00mn 02s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 10:27:13 ---A- C:\Users\Utilisateur\AppData\Local\IM\content.xml [32786]
O61 - LFC: 01/06/2013 - 11:20:07 ---A- C:\Users\Utilisateur\AppData\Local\IM\Lex\IMSTP12.gif [47958]
O61 - LFC: 29/05/2013 - 18:39:05 ---A- C:\Users\Utilisateur\AppData\Roaming\BVS Solitaire Collection\bvslog.dat [6272]
O61 - LFC: 31/05/2013 - 09:01:50 ---A- C:\Users\Utilisateur\Downloads\PandaCloudCleaner.exe [21353400]
O61 - LFC: 31/05/2013 - 09:15:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Sahmon Games\game\1.0\Options.lbm [556]
O61 - LFC: 31/05/2013 - 10:48:56 ---A- C:\Users\Utilisateur\Downloads\ticket.pdf [18666]
O61 - LFC: 31/05/2013 - 12:39:54 ---A- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Local State [39200]
O61 - LFC: 31/05/2013 - 12:39:56 ---A- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 31/05/2013 - 17:52:58 ---A- C:\Users\Utilisateur\Documents\Comptes et journal\Livre de bord.doc [175104]
~ 12 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 708 Legitimates Filtered in 07mn 40s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_TMP_city", "");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_TMP_country", "FR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_country", "FRANCE");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_locId", "FRXX0076");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_location", "Paris, France");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_region", "FR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_temp_dis", "c");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_wind_dis", "kmh");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.weatherData", "{\"icon\":\"05.png\",\"temperature\":\"2°C\",\"temperatureClear\":\"2°C\",\"highTemp[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.CBOpenMAMSettings.enc", "MA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_DaysActivity.enc", "MTM2MzAxMjk3NTA3MQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_firstTimeNotification_129684275535203882.enc", "bm8=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_lang.enc", "RlI=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_welcome_popup_text.enc", "Q2xpcXVleiBwb3VyIG9yZ2FuaXNlciB2b3MgcmVuZGV6LXZvdXMsIGFubml2ZXJzYWlyZXMgZX[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_welcome_popup_title.enc", "QmllbnZlbnVlIHN1ciBDYWxlbmRhcis=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.FirstTime", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.FirstTimeFF3", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.LoginRevertSettingsEnabled", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.PG_ENABLE", "dHJ1ZQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.RevertSettingsEnabled", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchAppState.enc", "MQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchAppTracking.enc", "c2VudA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN2062[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.UserID", "UN20628278292440757");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.appButtonDisablenull.enc", "MA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.autoDisableScopes", -1);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.bDay_InstallDate.enc", "MTEtMg==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.bDay_InstallFromToolbar.enc", "eWVz");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.browser.search.defaultthis.engineName", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.cbcountry_001.enc", "RlI=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.cbfirsttime.enc", "V2VkIEphbiAxNiAyMDEzIDE2OjIwOjA0IEdNVCswMTAw");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.defaultSearch", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.embeddedsData", "[{\"appId\":\"128286974206156684\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.enableFix404ByUser", "TRUE");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.enableSearchFromAddressBar", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundErrorByUser", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixUrls", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.homepageuserchanged", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.http___calendar_conduitapps_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZW[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.http___pinterest_aot_im.isEnabled.enc", "WQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installDate", "16/1/2013 11:11:56");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installId", "toolbarconduit.exe");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.keyword", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT1075414&octid=CT1[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.lastVersion", "10.14.65.43");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TI[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.openThankYouPage", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.openUninstallPage", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.price-gong.isManagedApp", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.revertSettingsEnabled", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.search.searchAppId", "128286974206156684");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.search.searchCount", "0");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1075414\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Absoluti[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Absolutist Game[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358334103629");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_appsMetadata_lastUpdate", "1358334103781");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358349591024");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_location_lastUpdate", "1363012958140");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362497653236");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363012957811");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358349590413");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_searchAPI_lastUpdate", "1358334100504");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_serviceMap_lastUpdate", "1363012604563");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_setupAPI_lastUpdate", "1363012960117");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358349590926");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_toolbarSettings_lastUpdate", "1363012604440");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_translation_lastUpdate", "1363012604539");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.settingsINI", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.CTID", "CT1075414"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.Uninstall", "1"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.homepage", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.isHidden", false); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.toolbarName", "Absolutist Games "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.startPage", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.superCalendar_close_popup_129684275535203882.enc", "MC4zMDQzNDcyMjk1NTkyOTY2");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.super_Calendar_show_welcome_popup_129684275535203882.enc", "eWVz");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.toolbarBornServerTime", "16-1-2013");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.toolbarCurrentServerTime", "11-3-2013");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363012862667,\"isWithState\"[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.EMailNotifierPollDate", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.FirstTimeFF3", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.FirstTimeSettingsDone", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Initialize", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InstallationType", "UnknownIntegration");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InstalledDate", "Wed Dec 01 2010 19:34:03 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsGrouping", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsMulticommunity", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsOpenThankYouPage", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.LanguagePackLastCheckTime", "Wed Dec 01 2010 19:34:05 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Locale", "fr-fr");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SearchEngine", "Recherche||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2613520&octid=EB_O[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsCheckIntervalMin", 120);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsLastCheckTime", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsLastUpdate", "1285580322");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsLastCheck", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsLastUpdate", "1255348267");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Uninstall", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.alertChannelId", "1006317");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CommunityToolbar.ToolbarsList", "CT2613520");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 01 2010 19:34:04 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT1075414&SearchSource=13&CUI=UN20628278292440757"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitSearchEngineList", "Absolutist Games Customized Web Search"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN20628278[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.newtab.url", "http://home.sweetim.com/?src=97&barid={CDB639EE-E63C-11E1-A8B1-6C626D6A10FA}"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaultenginename", "SweetIM Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaultthis.engineName", "Absolutist Games Customized Web Search");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=3&q={searchTerms}&CU[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.selectedEngine", "Absolutist Games Customized Web Search");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.5184d41585207.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.bbDpng", 20); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.cntry", "FR"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.firstRun", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.hdrMd5", "A3C43F2839CD4D8147ADAA566BA95AA5"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.id", "e84277fa0000000000006c626d6a10fa"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.instlDay", "15566"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.lastActv", "20"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.lastDP", 20); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.propectorlck", 60366536); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.sid", "78267d2bdfbb4d989c344facd2362362"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111804&tt=120812_bandext_3312_2"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=111804&tt=120812_bandext_3312_2&babsrc=NT_ss&[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.620:06:40"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT1075414&SearchSource=13&CUI=UN20628278292440757"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN2[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cargo", "3.1010000.10015"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.returnValue", "none"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.height", "335"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.width", "761"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.height", "300"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.width", "500"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.height", "150"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.width", "530"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.mode.debug", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.newtab.created", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.newtab.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.newtab.url", "http://search.babylon.com/?affID=111804&tt=120812_bandext_3312_2&babsrc=[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "SpeedBit Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.speedbit.com/searchresults.asp?src=default&q="); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SpeedBit Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.speedbit.com"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.keyword.URL", "http://search.speedbit.com/searchresults.asp?src=default&q="); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.callback", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.domain-whitelist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.enable", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.url", "http://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.callback", "simVerification"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.enable", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_httpS"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.url", "https://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.search.external", "PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.search.history.capacity", "10"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.simapp_id", "{CDB639EE-E63C-11E1-A8B1-6C626D6A10FA}"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000.10015"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.version", "1.7.0.3"); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {13C3C90C-3A3D-4564-A4BA-60A5A757CE0F} - (Absolutist Games Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {149DB845-9E3F-4902-9E71-70A9309284C9} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {21856B40-4CF0-4930-B0DD-1D5AFEDAD4D2} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.A117983DC9825757A5AE5450293DE580] [SPRF][28/11/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.C34CC35F46740BFFC39AC47B0043E5F5] [SPRF][30/05/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\MaConfigSetupTemp.exe [4309920]
[MD5.82147E41781B52BEFB69139DBB211177] [SPRF][31/05/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Utilisateur\AppData\Local\Temp\setup.exe [1122440]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{B8AC3ED6-3D56-4097-BE2C-4F83A95925AE}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{A604AD83-A14B-4365-82A0-47055FE110D3}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{F75014EA-128D-4CC7-9428-38C81988A3AE}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{55480057-F24C-49B1-93A5-423AA86F18D9}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{597CD18C-B23F-499C-9D83-459EEF5D45C8}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "{24788F46-CB7F-4301-8733-0ABA89E776EF}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
~ Firewall: 215 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (29/05/2013)
Cl�s trouv�es (Keys found) : 94
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 15
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware. BullseyeToolbar
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\BrowserMngr] =>Toolbar.Babylon
[HKLM\Software\BrowserMngr] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\KalityWeb] =>Toolbar.Agent
[HKLM\Software\KalityWeb] =>Toolbar.Agent
[HKCU\Software\PIP] =>Toolbar.Ask
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar] =>Toolbar.ZoneAlarm
[HKCU\Software\eSupport.com] =>Rogue.RegistryWizard
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2613520] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
C:\Program Files\GamesBar =>Adware.GamesBar
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\Browser Manager =>Toolbar.Babylon
C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\Users\Utilisateur\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Utilisateur\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\eSupport.com =>Rogue.RegistryWizard
C:\Users\Utilisateur\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\Utilisateur\AppData\LocalLow\SearchNewTab =>Adware.FastSaveApp
C:\Users\Utilisateur\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Utilisateur\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\ProgramData\coiNttinueetosavoe =>PUP.Offerware^
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\Smartbar =>Hijacker.SmartBar
~ Additionnel Scan: 249605 Items scanned in 00mn 22s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
~ Update Products: 60 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 31/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/09/2012 200632 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SS - | Auto 29/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 30/04/2012 497280 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SS - | Auto 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 24/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 29/12/2012 1260472 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 220824 | (ReflectService) . (...) - C:\Program Files\Macrium\Reflect\ReflectService.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Demand 03/05/2012 2446872 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Utilisateur at 01/06/2013 12:30:13
~ MBR: 3 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Utilisateur at 01/06/2013 12:30:15
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2963 Legitimates filtered by white list
End of the scan (947 lines in 15mn 24s)(0)
Run by Utilisateur at 01/06/2013 12:14:50
WebSite: http://nicolascoolman.webs.com
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.94
OPIE: Opera v12.15
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : JQH4W
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Panda Cloud Cleaner v1.0.45
Trend Micro Titanium v5.00
Windows Defender W7
---\\ System Optimizer
CCleaner v3.08 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 104 GB (35%) free of 290 GB
---\\ Logged in mode
~ Computer Name: PC-UTILISATEUR
~ User Name: Utilisateur
~ All Users Names: Utilisateur, UpdatusUser, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 104 Go of 290 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.2C96B3921B4CDE10DBAED5AAD760DB67] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/04/2013 - 23:02:17.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/6514
~ Mes musiques (My Musics) : 1/2455
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/62
~ Mes Documents (My Documents) : 2/590
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 14s
---\\ Processus lanc�s
[MD5.B8AEF59154FB5F088A874070A41AD50E] - (.Trend Micro Inc. - Client Session Agent.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe [1011016] [PID.1532]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2828]
[MD5.F370905AB2C99FC3196F250619EE0766] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe [366024] [PID.1252]
[MD5.820BF41BF2471E360DFE0577CAFD4040] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe [263624] [PID.3048]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4968]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.4872]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4956]
[MD5.68B8D980999DC76367F23F390E8D9E35] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7417344] [PID.5312]
~ Processes Running: Scanned in 00mn 01s
---\\ Opera, Plugins,D�marrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [Utilisateur] Home URL=http://www.europe1.fr/Divertissement/Ruquier/
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
~ Opera Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [clmhppmblnfegnnihcbjpklnmnnjacmg] Absolutist Games v.10.14.40.128 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [hipfkgbfllemillcdbonpfpfplgbdned] coiNttinueetosavoe v.3.9 (Activ�)
G2 - GCE: Preference [User Data\Default] [iakpgnpnbjecenhegiidamapakdeodae] SearchNewTab v.1.0 (Activ�) =>Adware.FastSaveApp
~ Google Browser: 16 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\prefs.js
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\user.js
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\rbzsspktaa@y-on.net] [] coiNttinueetosavoe v3.9 (..)
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\zl-2nhbw@j-feuufmgq.net] [] SearchNewTab v1.0 (..) =>Adware.FastSaveApp
M2 - MFEP: prefs.js [Utilisateur - 6z1dnpzd.default\{19803860-b306-423c-bbb5-f60a7d82cde5}] [] WiseConvert 1.5 v10.15.2.523 (..) =>Toolbar.Conduit
~ Firefox Browser: 38 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>Toolbar.Babylon
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 68.180.210.34 vc.yahoo.com
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Cl� orpheline
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} Cl� orpheline
~ BHO: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-574071615-2167308713-1033793447-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Arr�t.lnk . (.Microsoft Corporation - Outil d�arr�t et d�annotation Windows.) -- C:\Windows\System32\shutdown.exe
O4 - GS\TaskBar: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\opera.exe
O4 - GS\TaskBar: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\TaskBar: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\QuickLaunch: Songbird.lnk . (.POTI, Inc. - Songbird Web Player.) -- C:\Program Files\Songbird\songbird.exe
O4 - GS\QuickLaunch: Ulead Photo Express 5 SE.lnk . (.Ulead Systems, Inc. - Ulead Photo Express.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\Ipe.exe
O4 - GS\QuickLaunch: Upgrade to Paltalk Extreme.lnk - Cl� orpheline
O4 - GS\QuickLaunch: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Amazon Adventure.lnk . (.Sahmon Studio - Inca Ball.) -- C:\Program Files\MyRealGames.com\Amazon Adventure\game.exe
O4 - GS\Desktop: Beetle Bomp.lnk . (...) -- C:\Program Files\MyRealGames.com\Beetle Bomp\game.exe
O4 - GS\Desktop: Bird Valley.lnk . (...) -- C:\Program Files\MyRealGames.com\Bird Valley\game.exe
O4 - GS\Desktop: Bubble Bonanza.lnk . (...) -- C:\Program Files\Absolutist.com\Bubble Bonanza\BubbleBonanza.exe
O4 - GS\Desktop: BVS Solitaire Collection.lnk . (.BVS Development Corporation - BVS Solitaire Collection.) -- C:\Program Files\BVS Solitaire Collection\CARDS.exe
O4 - GS\Desktop: Cosmic Ball.lnk . (...) -- C:\Program Files\MyRealGames.com\Cosmic Ball\game.exe
O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\Utilisateur\Documents
O4 - GS\Desktop: Dragon.lnk . (...) -- C:\Program Files\MyRealGames.com\Dragon\game.exe
O4 - GS\Desktop: Icy Tower.lnk . (...) -- C:\games\icytower1.4\icytower14.exe
O4 - GS\Desktop: Images.lnk . (...) -- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
O4 - GS\Desktop: Journal.lnk . (...) -- C:\Users\Utilisateur\Documents\Comptes et journal\Livre de bord.doc
O4 - GS\Desktop: Mahjong.lnk - Cl� orpheline
O4 - GS\Desktop: Memory.lnk . (.Pas - Pas de description.) -- C:\Program Files\Memory\Memory.exe
O4 - GS\Desktop: Pairs parade.lnk . (...) -- C:\Users\Utilisateur\Documents\FreeSweetGames\Pairsparade\pairsparade.exe
O4 - GS\Desktop: Rainbow Mystery.lnk . (...) -- C:\Program Files\MyRealGames.com\Rainbow Mystery\game.exe
O4 - GS\Desktop: Rainbow Web 2.lnk . (...) -- C:\Program Files\MyRealGames.com\Rainbow Web 2\game.exe
O4 - GS\Desktop: Rainbow Web.lnk . (...) -- C:\Program Files\MyRealGames.com\Rainbow Web\game.exe
O4 - GS\Desktop: Scrabble.lnk . (.gsoft - Pas de description.) -- C:\Program Files\Ordi Mots\ordiscrab.exe
O4 - GS\Desktop: Secrets Of Six Seas.lnk . (...) -- C:\Program Files\MyRealGames.com\Secrets Of Six Seas\game.exe
O4 - GS\Desktop: Solitaire Haven.lnk . (...) -- C:\Program Files\MyRealGames.com\Solitaire Haven\game.exe
O4 - GS\Desktop: Space Bubbles.lnk . (...) -- C:\Program Files\MyRealGames.com\Space Bubbles\spacebubbles.exe
O4 - GS\Desktop: SpiderSolitaire -.lnk . (.Microsoft Corporation - Ex�cutable du jeu Spider Solitaire.) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
O4 - GS\Desktop: T�l�ch..lnk . (...) -- C:\Users\Utilisateur\Downloads
O4 - GS\Desktop: FastDownload.com.lnk . (...) -- C:\Program Files\GameTop.com\Yeti Bubbles\website2.url (.not file.)
O4 - GS\Desktop: GameTeam.com.lnk . (...) -- C:\Program Files\GameTop.com\Yeti Bubbles\website1.url (.not file.)
O4 - GS\Desktop: GameTop.com.lnk . (...) -- C:\Program Files\GameTop.com\Yeti Bubbles\website3.url (.not file.)
~ Global Startup: Scanned in 00mn 04s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_0_3.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FB37800-12BC-4496-8B75-6AD4861EFB4C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) . (.Pas de propri�taire - Reflect Service - Enables mounting of image.) - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
~ Services: 12 Legitimates Filtered in 00mn 24s
---\\ T�ches planifi�es en automatique (O39)
[MD5.F370905AB2C99FC3196F250619EE0766] [APT] [{500C7BFE-F2AC-477B-B7AA-E7A33EF1C1C7}] (.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\IncMail.exe [366024]
[MD5.00000000000000000000000000000000] [APT] [{B58BD320-DF70-484B-888F-9EE65AB98D50}] (...) -- D:\setup.exe (.not file.) [0]
[MD5.BB3DCC23DAA6737D181763EA3203F0FF] [APT] [{D10D566A-650B-40E7-8F3B-313DDAA79771}] (...) -- C:\Users\Utilisateur\Documents\WinRAR\WinRAR.exe [823296]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 08s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Amazon Adventure - (.MyRealGames.com.) [HKLM] -- Amazon Adventure_is1
O42 - Logiciel: Beetle Bomp - (.My Real Games Ltd.) [HKLM] -- Beetle Bomp_is1
O42 - Logiciel: Bird Valley - (.My Real Games Ltd.) [HKLM] -- Bird Valley_is1
O42 - Logiciel: BitMania - (.KalityWeb.) [HKLM] -- {0174ff8d-ff0b-464f-b132-c4f84686f9e2}
O42 - Logiciel: BitMania - (.KalityWeb.) [HKLM] -- {1B68EA83-3C98-40F8-B47C-4F89D827D645}
O42 - Logiciel: Bubble Bonanza v1.0 - (...) [HKLM] -- Bubble Bonanza_is1
O42 - Logiciel: Color Cubes - (.My Real Games Ltd.) [HKLM] -- Color Cubes_is1
O42 - Logiciel: ContentSAFER for Wizmax - (...) [HKLM] -- {C19BE821-89B1-4A96-AC7C-873810C0CB5F}
O42 - Logiciel: Cosmic Ball - (.My Real Games Ltd.) [HKLM] -- Cosmic Ball_is1
O42 - Logiciel: DX-Ball 1.09 - (...) [HKLM] -- DX-Ball 1.09
O42 - Logiciel: Dragon - (.My Real Games Ltd.) [HKLM] -- Dragon_is1
O42 - Logiciel: Easy MEMOry v7.10 - (.Bruno Berenguer.) [HKLM] -- {1BAD0E4C-30CA-491A-BADE-DA2F945A3497}_is1
O42 - Logiciel: Icy Tower v1.4 - (.Free Lunch Design.) [HKLM] -- Icy Tower v1.4_is1
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Secrets Of Six Seas - (.My Real Games Ltd.) [HKLM] -- Secrets Of Six Seas_is1
O42 - Logiciel: Solitaire Haven - (.My Real Games Ltd.) [HKLM] -- Solitaire Haven_is1
O42 - Logiciel: Space Bubbles - (...) [HKLM] -- Space Bubbles_is1
~ Logic: 141 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\CT1075414]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\BrowserMngr]
[HKCU\Software\Cosmic Ball]
[HKCU\Software\FreeSweetGames]
[HKCU\Software\HACE]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\KalityWeb]
[HKCU\Software\PIP]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\eSupport.com] =>Rogue.RegistryWizard
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\BrowserMngr]
[HKLM\Software\ImInstaller]
[HKLM\Software\KalityWeb]
[HKLM\Software\PIP]
[HKLM\Software\SOLVER]
[HKLM\Software\SweetIM] =>PUP.SweetIM
~ Key Software: 271 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/05/2013 - 20:17:09 - [5,867] ----D C:\Program Files\BitMania
O43 - CFD: 27/11/2010 - 16:31:12 - [2,261] ----D C:\Program Files\DX-Ball
O43 - CFD: 06/12/2012 - 08:38:31 - [3,333] ----D C:\Program Files\Easy MEMOry
O43 - CFD: 10/09/2012 - 18:07:40 - [0,024] ----D C:\Program Files\FileConverter_1.5
O43 - CFD: 29/01/2013 - 21:57:50 - [0,001] ----D C:\Program Files\Frozen-Bubble
O43 - CFD: 16/01/2013 - 17:12:23 - [1,506] ----D C:\Program Files\GamesBar =>Adware.GamesBar
O43 - CFD: 13/03/2012 - 21:06:55 - [1,376] ----D C:\Program Files\HACE
O43 - CFD: 06/11/2011 - 18:22:27 - [28,617] ----D C:\Program Files\IncrediMail
O43 - CFD: 16/04/2012 - 18:18:48 - [0,757] ----D C:\Program Files\Memory
O43 - CFD: 14/08/2012 - 20:06:24 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 14/08/2012 - 20:06:53 - [8,186] ----D C:\ProgramData\Browser Manager
O43 - CFD: 27/05/2013 - 08:38:05 - [0,132] ----D C:\ProgramData\coiNttinueetosavoe =>PUP.OfferWare
O43 - CFD: 29/01/2013 - 21:39:20 - [3,146] ----D C:\ProgramData\Cosmic Ball
O43 - CFD: 03/02/2013 - 11:56:36 - [3,256] ----D C:\ProgramData\Dragon
O43 - CFD: 27/11/2010 - 12:43:18 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 27/11/2010 - 12:42:48 - [11,665] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/05/2013 - 13:26:08 - [3,454] ----D C:\ProgramData\InstallMate
O43 - CFD: 27/05/2013 - 08:40:26 - [0,132] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
O43 - CFD: 31/05/2013 - 13:26:02 - [0] ----D C:\ProgramData\StarApp
O43 - CFD: 10/09/2012 - 18:07:39 - [0,054] ----D C:\ProgramData\uorvldjkrszrhwy
O43 - CFD: 14/08/2012 - 20:06:24 - [0,007] ----D C:\Users\Utilisateur\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 16/04/2012 - 18:28:08 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\FreeSweetGames
O43 - CFD: 05/05/2013 - 20:16:17 - [0,019] ----D C:\Users\Utilisateur\AppData\Local\eSupport.com =>Rogue.RegistryWizard
O43 - CFD: 16/01/2011 - 18:56:51 - [190,729] ----D C:\Users\Utilisateur\AppData\Local\IM
O43 - CFD: 16/01/2013 - 17:16:23 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games
O43 - CFD: 16/04/2012 - 18:28:03 - [0,004] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeSweetGames
~ 721 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1102 Legitimates Filtered in 01mn 02s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.6C6DD007D9B4BEA1D2D83328F1834D85] - 18/05/2013 - 18:01:30 ---A- . (...) -- C:\Windows\win.ini [562]
~ Files: 37 Legitimates Filtered in 02mn 08s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.936D87429DC60012A844C6EFB2BFDC76] - 01/06/2013 - 09:48:37 ---A- - C:\Windows\Prefetch\UIUPDATETRAY.EXE-7B204E08.pf
O45 - LFCP:[MD5.E0A2E1A2565C3A495A3B587F13221A7E] - 01/06/2013 - 10:27:03 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-8674A44D.pf
O45 - LFCP:[MD5.EE88D466728102B6DB051BC6E9866BD0] - 01/06/2013 - 10:27:05 ---A- - C:\Windows\Prefetch\IMLPP.EXE-8B4B9E1E.pf
O45 - LFCP:[MD5.D41E0F52B2ED26757F4391B59670C900] - 01/06/2013 - 10:27:10 ---A- - C:\Windows\Prefetch\IMAPP.EXE-005076D7.pf
O45 - LFCP:[MD5.CECB19A840871E0F4AB6871C148B2DA1] - 01/06/2013 - 10:28:14 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-E138605A.pf
O45 - LFCP:[MD5.973506CFDA5F009951545026C11759E6] - 01/06/2013 - 10:40:22 ---A- - C:\Windows\Prefetch\ORDISCRAB.EXE-7A579950.pf
O45 - LFCP:[MD5.7018F20DCA1D36E0C4C4861B25B81210] - 31/05/2013 - 09:18:46 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-70506E97.pf
O45 - LFCP:[MD5.2EBB4B12DC1C8AF17DD45A342743C0F5] - 31/05/2013 - 09:22:29 ---A- - C:\Windows\Prefetch\ICYTOWER14.EXE-DAD97674.pf
O45 - LFCP:[MD5.1F6085643D40CC7B9BB4B1D378FB0A0D] - 31/05/2013 - 10:55:56 ---A- - C:\Windows\Prefetch\MEMORY.EXE-261CBA18.pf
O45 - LFCP:[MD5.B1B86C6487F096604EE7FE173B7A0D9E] - 31/05/2013 - 10:59:02 ---A- - C:\Windows\Prefetch\PSTARTER.EXE-20868020.pf
O45 - LFCP:[MD5.E7313557482330F04B29E543548B7202] - 31/05/2013 - 12:25:46 ---A- - C:\Windows\Prefetch\CHARMED.S08E08.FRENCH.INTERNA-406F0950.pf
O45 - LFCP:[MD5.6A103CCFD0A6BC0E5063A8AFA3794432] - 31/05/2013 - 12:31:25 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-02848152.pf
O45 - LFCP:[MD5.A57C3FDE3CB7E2CC53B516F7E3DEA9DB] - 31/05/2013 - 18:30:12 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.TMP-D5DA7350.pf
O45 - LFCP:[MD5.3ACE7E788F5312CCC9575C647F69E08D] - 31/05/2013 - 18:30:42 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.EXE-85CE687C.pf
O45 - LFCP:[MD5.BE110B397B10292CC86E862D28D394F5] - 31/05/2013 - 18:30:42 ---A- - C:\Windows\Prefetch\PANDACLOUDCLEANER.TMP-6380031D.pf
O45 - LFCP:[MD5.FAA08ED50ED41335FE7964D9F419C117] - 31/05/2013 - 18:31:37 ---A- - C:\Windows\Prefetch\PCLOUDCLEANER.EXE-E61A89A4.pf
O45 - LFCP:[MD5.D45EA69F4925E7BB1A9E74C969F33284] - 31/05/2013 - 18:32:46 ---A- - C:\Windows\Prefetch\PAVCL.EXE-877C902D.pf
O45 - LFCP:[MD5.5962FAB5D946A9112C066686F4594E28] - 31/05/2013 - 19:33:01 ---A- - C:\Windows\Prefetch\GAME.SGD-0B15B566.pf
O45 - LFCP:[MD5.1A6855FA94FF8B502F246389F71C772A] - 31/05/2013 - 19:47:29 ---A- - C:\Windows\Prefetch\IMBPP.EXE-8150060C.pf
~ Prefetcher: 120 Legitimates Filtered in 00mn 02s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O53 - SMSR:HKLM\...\startupreg\Mmm [Key] . (...) -- C:\Program Files\HACE\Mmm\Mmm.exe
~ SMSR Keys: 25 Legitimates Filtered in 00mn 02s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 10:27:13 ---A- C:\Users\Utilisateur\AppData\Local\IM\content.xml [32786]
O61 - LFC: 01/06/2013 - 11:20:07 ---A- C:\Users\Utilisateur\AppData\Local\IM\Lex\IMSTP12.gif [47958]
O61 - LFC: 29/05/2013 - 18:39:05 ---A- C:\Users\Utilisateur\AppData\Roaming\BVS Solitaire Collection\bvslog.dat [6272]
O61 - LFC: 31/05/2013 - 09:01:50 ---A- C:\Users\Utilisateur\Downloads\PandaCloudCleaner.exe [21353400]
O61 - LFC: 31/05/2013 - 09:15:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Sahmon Games\game\1.0\Options.lbm [556]
O61 - LFC: 31/05/2013 - 10:48:56 ---A- C:\Users\Utilisateur\Downloads\ticket.pdf [18666]
O61 - LFC: 31/05/2013 - 12:39:54 ---A- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Local State [39200]
O61 - LFC: 31/05/2013 - 12:39:56 ---A- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 31/05/2013 - 17:52:58 ---A- C:\Users\Utilisateur\Documents\Comptes et journal\Livre de bord.doc [175104]
~ 12 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 708 Legitimates Filtered in 07mn 40s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_TMP_city", "");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_TMP_country", "FR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_country", "FRANCE");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_locId", "FRXX0076");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_location", "Paris, France");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_region", "FR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_temp_dis", "c");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.TWC_wind_dis", "kmh");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.1000234.weatherData", "{\"icon\":\"05.png\",\"temperature\":\"2°C\",\"temperatureClear\":\"2°C\",\"highTemp[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.CBOpenMAMSettings.enc", "MA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_DaysActivity.enc", "MTM2MzAxMjk3NTA3MQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_firstTimeNotification_129684275535203882.enc", "bm8=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_lang.enc", "RlI=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_welcome_popup_text.enc", "Q2xpcXVleiBwb3VyIG9yZ2FuaXNlciB2b3MgcmVuZGV6LXZvdXMsIGFubml2ZXJzYWlyZXMgZX[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.Calendar_welcome_popup_title.enc", "QmllbnZlbnVlIHN1ciBDYWxlbmRhcis=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.FirstTime", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.FirstTimeFF3", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.LoginRevertSettingsEnabled", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.PG_ENABLE", "dHJ1ZQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.RevertSettingsEnabled", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchAppState.enc", "MQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchAppTracking.enc", "c2VudA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN2062[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.UserID", "UN20628278292440757");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.appButtonDisablenull.enc", "MA==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.autoDisableScopes", -1);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.bDay_InstallDate.enc", "MTEtMg==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.bDay_InstallFromToolbar.enc", "eWVz");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.browser.search.defaultthis.engineName", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.cbcountry_001.enc", "RlI=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.cbfirsttime.enc", "V2VkIEphbiAxNiAyMDEzIDE2OjIwOjA0IEdNVCswMTAw");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.defaultSearch", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.embeddedsData", "[{\"appId\":\"128286974206156684\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.enableFix404ByUser", "TRUE");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.enableSearchFromAddressBar", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundErrorByUser", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.fixUrls", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.homepageuserchanged", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.http___calendar_conduitapps_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZW[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.http___pinterest_aot_im.isEnabled.enc", "WQ==");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installDate", "16/1/2013 11:11:56");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installId", "toolbarconduit.exe");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.keyword", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT1075414&octid=CT1[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.lastVersion", "10.14.65.43");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TI[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.openThankYouPage", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.openUninstallPage", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.price-gong.isManagedApp", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.revertSettingsEnabled", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.search.searchAppId", "128286974206156684");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.search.searchCount", "0");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1075414\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Absoluti[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Absolutist Game[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358334103629");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_appsMetadata_lastUpdate", "1358334103781");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358349591024");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_location_lastUpdate", "1363012958140");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362497653236");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363012957811");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358349590413");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_searchAPI_lastUpdate", "1358334100504");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_serviceMap_lastUpdate", "1363012604563");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_setupAPI_lastUpdate", "1363012960117");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358349590926");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_toolbarSettings_lastUpdate", "1363012604440");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.serviceLayer_services_translation_lastUpdate", "1363012604539");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.settingsINI", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.CTID", "CT1075414"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.Uninstall", "1"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.homepage", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.isHidden", false); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.smartbar.toolbarName", "Absolutist Games "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.startPage", "true");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.superCalendar_close_popup_129684275535203882.enc", "MC4zMDQzNDcyMjk1NTkyOTY2");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.super_Calendar_show_welcome_popup_129684275535203882.enc", "eWVz");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.toolbarBornServerTime", "16-1-2013");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414.toolbarCurrentServerTime", "11-3-2013");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT1075414_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363012862667,\"isWithState\"[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.EMailNotifierPollDate", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.FirstTimeFF3", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.FirstTimeSettingsDone", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Initialize", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InstallationType", "UnknownIntegration");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.InstalledDate", "Wed Dec 01 2010 19:34:03 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsGrouping", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsMulticommunity", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsOpenThankYouPage", false);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.LanguagePackLastCheckTime", "Wed Dec 01 2010 19:34:05 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Locale", "fr-fr");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SearchEngine", "Recherche||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2613520&octid=EB_O[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsCheckIntervalMin", 120);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsLastCheckTime", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.SettingsLastUpdate", "1285580322");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsLastCheck", "Wed Dec 01 2010 19:34:02 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.ThirdPartyComponentsLastUpdate", "1255348267");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.Uninstall", true);
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CT2613520.alertChannelId", "1006317");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CommunityToolbar.ToolbarsList", "CT2613520");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 01 2010 19:34:04 GMT+0100");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT1075414&SearchSource=13&CUI=UN20628278292440757"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitSearchEngineList", "Absolutist Games Customized Web Search"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN20628278[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.newtab.url", "http://home.sweetim.com/?src=97&barid={CDB639EE-E63C-11E1-A8B1-6C626D6A10FA}"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaultenginename", "SweetIM Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaultthis.engineName", "Absolutist Games Customized Web Search");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=3&q={searchTerms}&CU[...]
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("browser.search.selectedEngine", "Absolutist Games Customized Web Search");
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.5184d41585207.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.bbDpng", 20); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.cntry", "FR"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.firstRun", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.hdrMd5", "A3C43F2839CD4D8147ADAA566BA95AA5"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.id", "e84277fa0000000000006c626d6a10fa"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.instlDay", "15566"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.lastActv", "20"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.lastDP", 20); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.propectorlck", 60366536); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.sid", "78267d2bdfbb4d989c344facd2362362"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111804&tt=120812_bandext_3312_2"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=111804&tt=120812_bandext_3312_2&babsrc=NT_ss&[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.620:06:40"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT1075414&SearchSource=13&CUI=UN20628278292440757"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1075414&SearchSource=2&CUI=UN2[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cargo", "3.1010000.10015"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.cda.returnValue", "none"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.height", "335"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.0.width", "761"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.height", "300"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.1.width", "500"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.height", "150"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dialogs.2.width", "530"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.mode.debug", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.newtab.created", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.newtab.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.newtab.url", "http://search.babylon.com/?affID=111804&tt=120812_bandext_3312_2&babsrc=[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "SpeedBit Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.speedbit.com/searchresults.asp?src=default&q="); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SpeedBit Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.speedbit.com"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.previous.keyword.URL", "http://search.speedbit.com/searchresults.asp?src=default&q="); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.callback", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.domain-whitelist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.enable", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.1.url", "http://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.callback", "simVerification"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.enable", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_httpS"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.scripts.2.url", "https://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.search.external", "
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.search.history.capacity", "10"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.simapp_id", "{CDB639EE-E63C-11E1-A8B1-6C626D6A10FA}"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000.10015"); =>PUP.SweetIM
O69 - SBI: prefs.js [Utilisateur - 6z1dnpzd.default] user_pref("sweetim.toolbar.version", "1.7.0.3"); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {13C3C90C-3A3D-4564-A4BA-60A5A757CE0F} - (Absolutist Games Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {149DB845-9E3F-4902-9E71-70A9309284C9} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {21856B40-4CF0-4930-B0DD-1D5AFEDAD4D2} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.A117983DC9825757A5AE5450293DE580] [SPRF][28/11/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.C34CC35F46740BFFC39AC47B0043E5F5] [SPRF][30/05/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\MaConfigSetupTemp.exe [4309920]
[MD5.82147E41781B52BEFB69139DBB211177] [SPRF][31/05/2013] (.AirInstaller Inc. - Adobe Flash Player.) -- C:\Users\Utilisateur\AppData\Local\Temp\setup.exe [1122440]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{B8AC3ED6-3D56-4097-BE2C-4F83A95925AE}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{A604AD83-A14B-4365-82A0-47055FE110D3}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O87 - FAEL: "{F75014EA-128D-4CC7-9428-38C81988A3AE}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{55480057-F24C-49B1-93A5-423AA86F18D9}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
O87 - FAEL: "{597CD18C-B23F-499C-9D83-459EEF5D45C8}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
O87 - FAEL: "{24788F46-CB7F-4301-8733-0ABA89E776EF}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe
~ Firewall: 215 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (29/05/2013)
Cl�s trouv�es (Keys found) : 94
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 15
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware. BullseyeToolbar
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\BrowserMngr] =>Toolbar.Babylon
[HKLM\Software\BrowserMngr] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\KalityWeb] =>Toolbar.Agent
[HKLM\Software\KalityWeb] =>Toolbar.Agent
[HKCU\Software\PIP] =>Toolbar.Ask
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar] =>Toolbar.ZoneAlarm
[HKCU\Software\eSupport.com] =>Rogue.RegistryWizard
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2613520] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
C:\Program Files\GamesBar =>Adware.GamesBar
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\Browser Manager =>Toolbar.Babylon
C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\Users\Utilisateur\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Utilisateur\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\eSupport.com =>Rogue.RegistryWizard
C:\Users\Utilisateur\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\Utilisateur\AppData\LocalLow\SearchNewTab =>Adware.FastSaveApp
C:\Users\Utilisateur\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Utilisateur\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\ProgramData\coiNttinueetosavoe =>PUP.Offerware^
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\6z1dnpzd.default\Smartbar =>Hijacker.SmartBar
~ Additionnel Scan: 249605 Items scanned in 00mn 22s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
~ Update Products: 60 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 31/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/09/2012 200632 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SS - | Auto 29/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 30/04/2012 497280 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SS - | Auto 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 24/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 29/12/2012 1260472 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 220824 | (ReflectService) . (...) - C:\Program Files\Macrium\Reflect\ReflectService.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Demand 03/05/2012 2446872 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Utilisateur at 01/06/2013 12:30:13
~ MBR: 3 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Utilisateur at 01/06/2013 12:30:15
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2963 Legitimates filtered by white list
End of the scan (947 lines in 15mn 24s)(0)