Rapport de ZHPDiag v2013.4.21.127 par Nicolas Coolman, Update du 21-Apr-2013
Run by Alain at 22-Apr-2013 16:17:00
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0.1 (Defaut)
GCIE: Google Chrome v26.0.1410.64
OBIE: Safari v5.34.57.2

---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 64-bit  (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
avast! Pro Antivirus v7.0.1456.0
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ System Optimizer
CCleaner v3.28

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094.5 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 37 GB (15%) free of 244 GB

---\\ Logged in mode
~ Computer Name: D2R4
~ User Name: Alain
~ All Users Names: HomeGroupUser$, Alain, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Alain\AppData\Roaming\
~ %Desktop% : C:\Users\Alain\Desktop\
~ %Favorites% : C:\Users\Alain\Favorites\
~ %LocalAppData% : C:\Users\Alain\AppData\Local\
~ %StartMenu% : C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 37 Go of 244 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 174 Go of 222 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 53 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 20 Go of 53 Go)
H:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 99 Go)
I:\ Hard drive, Flash drive, Thumb drive (Free 231 Go of 364 Go)
J:\ CD-ROM drive (Free 0 Go of 4 Go)
K:\ Hard drive, Flash drive, Thumb drive (Free 267 Go of 364 Go)
M:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
N:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 541 Go)
O:\ Hard drive, Flash drive, Thumb drive (Free 237 Go of 391 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.31-Oct-2009 - 7:34:59.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14-Jul-2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.870ECFEBD41C7B8F9C6777748368D51F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18-May-2012 - 2:59:14.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28-Oct-2009 - 7:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14-Jul-2009 - 2:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-Dec-2011 - 4:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-Jul-2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-Jul-2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14-Jul-2009 - 0:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27-Apr-2011 - 3:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14-Jul-2009 - 1:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14-Jul-2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-Jul-2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04-May-2011 - 3:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14-Jul-2009 - 0:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14-Jul-2009 - 2:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14-Jul-2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-Jul-2009 - 1:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14-Jul-2009 - 1:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-Jul-2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14-Jul-2009 - 0:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14-Jul-2009 - 2:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes:  Scanned in 00mn 16s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/411
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/12320
~ Mon Bureau (My Desktop) : 1/67
~ Menu demarrer (Programs) : 1/92
~ Hidden Files:  Scanned in 00mn 11s



---\\ Processus lancés
[MD5.2DC64A3446C8C6E020E781456B46573D] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe   [10240] [PID.1428]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.2496]
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe   [2144088] [PID.716]
[MD5.19FB619F2E59A1D9FC8FF5661A89977F] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   [3674320] [PID.4252]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe   [275072] [PID.4152]
[MD5.1BEF98B2BD922836CCDD0F85620BC755] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe   [74752] [PID.4316]
[MD5.799D3B219B84CA5AB76CB13619389A73] - (.Pas de propriétaire - HTC UPCT Loader.) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe   [651264] [PID.4972]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe   [49208] [PID.4948]
[MD5.FAD8BDD26EC67C563CB15140237EA07C] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe   [825560] [PID.4520]
[MD5.79262BF00D0432585DB9C8206D398BE2] - (.Cloanto Corporation - Software Director.) -- C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe   [351112] [PID.4856]
[MD5.03DF48E0F7F58EFF570681D564270A4C] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe   [174952] [PID.4232]
[MD5.761A7F2562827D4D5A4F6B35E0002F54] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe   [565096] [PID.1364]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe   [366720] [PID.912]
[MD5.F17AD5E6AACCE54576FEB6FAF8471C80] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe   [2610896] [PID.6044]
[MD5.862C2B75B223E3E8AAFEB20FE882A602] - (...) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\adb.exe   [162816] [PID.5684]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [1312720] [PID.4240]
[MD5.2D9A1A43307EC9BB267BE9F90B4AF0D5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6936576] [PID.5204]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65192] [PID.1720]
[MD5.1992C2A1867D95AA3A0802539358D162] - (.Pas de propriétaire - Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe   [18656] [PID.1780]
[MD5.3D0F028E87C95C9432B855B21F244994] - (.Dassault Systemes - System.) -- D:\Program Files (x86)\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe   [49152] [PID.1824]
[MD5.07670C1A220BBE5A134A423295E66ED1] - (...) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe   [68136] [PID.2108]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.2200]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.2376]
[MD5.0AF89452A8CE3928168F4E5B2208C68B] - (...) -- D:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe   [86016] [PID.2464]
[MD5.0AF89452A8CE3928168F4E5B2208C68B] - (...) -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe   [86016] [PID.2504]
[MD5.39B9DCD7040654C2E57D7396736C718E] - (.Pas de propriétaire - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe   [88576] [PID.2816]
[MD5.31AB6192005102B0A16E75F02445C266] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe   [378472] [PID.2592]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe   [1153368] [PID.2796]
[MD5.B54B48F6D92423440C264E91225C5FF1] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe   [254808] [PID.6508]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www1.delta-search.com  =>Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default][HomePage] http://www1.delta-search.com  =>Toolbar.DeltaSearch
G0 - GCSP: Preference [User Data\Default] http://www1.delta-search.com  =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Chrome Web Store v.0.1 ()
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 ()
G2 - GCE: Preference [User Data\Default] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.47 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\prefs.js
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\user.js
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\prefs.js
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\user.js
M3 - MFPP: Plugins - [Alain] -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Alain] -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Alain] -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [Alain] -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Alain] -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Alain] -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\searchplugins\delta.xml
M3 - MFPP: Plugins - [Alain] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml  =>Toolbar.Babylon
M2 - MFEP: prefs.js [Alain - x6sijhsh.default\crossriderapp19962@crossrider.com] [] Supreme Savings v (..)  =>PUP.CrossRider
M2 - MFEP: prefs.js [Alain - x6sijhsh.default\piclens@cooliris.com] [] Cooliris v1.12.3.58254 (..)
M2 - MFEP: prefs.js [Alain - x6sijhsh.default\support@predictad.com] [] AutocompletePro - Your handy search suggestions tool v1.12.3.58254 (..)
M2 - MFEP: prefs.js [Alain - x6sijhsh.default - Copie\piclens@cooliris.com] [] Cooliris v1.12.3.58254 (..)
M2 - MFEP: prefs.js [Alain - x6sijhsh.default - Copie\support@predictad.com] [] AutocompletePro - Your handy search suggestions tool v1.12.3.58254 (..)
M2 - MFEP: prefs.js [Alain - x6sijhsh.default - Copie\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [] Vuze Remote  v10.15.0.562 (..)
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yhs.delta-search.com  =>Toolbar.DeltaSearch
R3 - URLSearchHook: UrlSearchHook Class [64Bits] - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.8.0.0) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll  =>Toolbar.Ask
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 0.0.0.0   www.widdit.com
O1 - Hosts: 0.0.0.0   loading1.widdit.com
O1 - Hosts: 0.0.0.0   loading2.widdit.com
O1 - Hosts: 0.0.0.0   loading3.widdit.com
O1 - Hosts: 0.0.0.0   loading4.widdit.com
O1 - Hosts: 0.0.0.0   loading5.widdit.com
O1 - Hosts: 0.0.0.0   loading.retry.widdit.com
O1 - Hosts: 0.0.0.0   svc.vtgsrv.com
O1 - Hosts: 0.0.0.0   edge6rx3.envolve.com
O1 - Hosts: 0.0.0.0   www.appround.net
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 79



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: SuggestMeYesBHO [64Bits] - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - AutocompletePro - Helps you search the web.) -- C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: CrossriderApp0019962 [64Bits] - {11111111-1111-1111-1111-110111991162} . (.Innovative Apps - Supreme Savings BHO.) -- C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll  =>PUP.CrossRider
O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll  =>Toolbar.Ask
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 
O4 - HKLM\..\Run: [MacroKeyManager] . (.Pas de propriétaire - Macro Key Manager MFC Application.) -- C:\Windows\System32\WTMKM.exe 
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe 
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- K:\Program Files (x86)\Steam\Steam.exe 
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe 
O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe 
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe 
O4 - HKLM\..\Wow6432Node\Run: [HTC Sync Loader] . (.Pas de propriétaire - HTC UPCT Loader.) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe 
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe 
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-349307784-729255409-2369226634-1001\..\Run: [AdobeBridge] Clé orpheline 
O4 - HKUS\S-1-5-21-349307784-729255409-2369226634-1001\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKUS\S-1-5-21-349307784-729255409-2369226634-1001\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe 
O4 - HKUS\S-1-5-21-349307784-729255409-2369226634-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- K:\Program Files (x86)\Steam\Steam.exe 
O4 - HKUS\S-1-5-21-349307784-729255409-2369226634-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 
O4 - HKUS\S-1-5-21-349307784-729255409-2369226634-1001\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: GOM Player.lnk . (...)  -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: LEGO Digital Designer.lnk . (.LEGO Company - LEGO Digital Designer.)  -- K:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe 
O4 - GS\QuickLaunch: Marine Aquarium 3.lnk . (.SereneScreen - MarineAquarium3.)  -- C:\Windows\system32\MarineAquarium3.scr  
O4 - GS\QuickLaunch: MidRadio Player.lnk . (.YAMAHA CORPORATION - YAMAHA MidRadio Player.)  -- C:\Program Files (x86)\YAMAHA\MidRadio Player\MidRadio.exe 
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.)  -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
O4 - GS\QuickLaunch: Oracle VM VirtualBox.lnk . (...)  -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\QuickLaunch: Pointofix.lnk . (...)  -- C:\Program Files (x86)\Pointofix\Pointofix-en.exe
O4 - GS\QuickLaunch: vanBasco's Karaoke Player.lnk . (...)  -- C:\Program Files (x86)\vanBascos Karaoke Player\vmidi.exe
O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.)  -- C:\Program Files (x86)\Winamp\winamp.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Cool Edit Pro 2.0.lnk . (.Syntrillium Software Corporation - Cool Edit Pro.)  -- C:\Program Files (x86)\coolpro2\coolpro2.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.)  -- C:\Windows\System32\fsquirt.exe 
O4 - GS\Desktop: Autodesk 123D Catch.lnk . (...)  -- D:\Program Files (x86)\Autodesk\123D Catch\123D Catch.exe
O4 - GS\Desktop: FreeCommander.lnk . (.Marek Jasinski - www.FreeCommander.com - Freeware file manager for windows.)  -- C:\Program Files (x86)\FreeCommander\FreeCommander.exe 
O4 - GS\Desktop: NFS13.lnk . (.Electronic Arts - Need for Speed™ Most Wanted.)  -- K:\Need.For.Speed.Most.Wanted.Limited.Edition.Multi7-\NFS13.exe 
O4 - GS\Desktop: PlayerPlus.exe.lnk . (...)  -- C:\Program Files (x86)\PlayerPlus\playerplus.exe
O4 - GS\Desktop: Pointofix.lnk . (...)  -- C:\Program Files (x86)\Pointofix\Pointofix-en.exe
O4 - GS\Desktop: UseNeXT.lnk . (...)  -- C:\Program Files (x86)\UseNeXT\UseNeXT.exe
~ Global Startup:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9073E2-6F63-43DE-B88F-D30906835095}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB9073E2-6F63-43DE-B88F-D30906835095}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB9073E2-6F63-43DE-B88F-D30906835095}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Backbone Service (BBDemon) . (.Dassault Systemes - System.) - D:\Program Files (x86)\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: DAZ Content Management Service (DAZContentManagementService) . (...) - D:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
O23 - Service: GEST Service for program management. (GEST Service) . (...) - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: MySQL5 (MySQL5) . (...) - C:\Program Files\MySQL\MySQL Server 5.1\my.ini
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: wampapache (wampapache) . (.Apache Software Foundation - Apache HTTP Server.) - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: WTService (WTService) . (.Pas de propriétaire - User Mode Tablet Driver.) - C:\Windows\System32\atwtusb.exe
~ Services: 17 Legitimates Filtered in 00mn 10s



---\\ Tâches planifiées en automatique (O39)
[MD5.95B44F3CCAC43A47649C1F1BC84ED517] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe   [96136]  =>Toolbar.Ask
[MD5.4BE294C6D202A4495A48ABA8F5F11599] [APT] [Updater19962.exe] (.Innovative Apps.) -- C:\Users\Alain\AppData\Local\Updater19962\Updater19962.exe   [210312]
[MD5.00000000000000000000000000000000] [APT] [{BB962E8E-F6BE-4A47-A743-BE6F8C8FFC34}] (...) -- I:\_APPS\Autocad 2008 fra\Setup.exe (.not file.)   [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 06s



---\\ Logiciels installés (O42)
O42 - Logiciel: Amiga Forever - (.Cloanto.) [HKLM][64Bits] -- {DCB8DF8D-6F0E-405B-B870-89709242F5C0}
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM][64Bits] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE}  =>Toolbar.Ask
O42 - Logiciel: AutocompletePro - (...) [HKLM][64Bits] -- AutocompletePro3_is1
O42 - Logiciel: Cool Edit Pro 2.0 - (...) [HKLM][64Bits] -- Cool Edit Pro 2.0
O42 - Logiciel: MPEG2 Codec(libmpeg2/mad) - (...) [HKLM][64Bits] -- MPEG2 Codec(libmpeg2/mad)
O42 - Logiciel: MilkShape 3D 1.8.5 - (.chUmbaLum sOft.) [HKLM][64Bits] -- MilkShape 3D 1.8.5
O42 - Logiciel: PNOO 2.4.1 - (.PNOteurs Wiwiland.) [HKLM][64Bits] -- WiwilandPNOO_is1
O42 - Logiciel: Poser - Eastern Girl For V4 - (...) [HKLM][64Bits] -- Poser - Eastern Girl For V4
O42 - Logiciel: Poser Pro 2012 - (.Smith Micro Software, Inc..) [HKLM][64Bits] -- Poser Pro 2012_is1
O42 - Logiciel: PoserContent2012 - (.Smith Micro Software, Inc..) [HKLM][64Bits] -- Poser Pro_is1
O42 - Logiciel: PoserFusion 2012 for 3ds Max - (...) [HKLM][64Bits] -- PoserFusion 2012 for 3ds Max_is1
O42 - Logiciel: Shazzam 1.3 - (.Walt Ritscher.) [HKLM][64Bits] -- Shazzam_is1
O42 - Logiciel: Sherlock 7.1.8.0 - (.Teledyne DALSA, Industrial Products.) [HKLM][64Bits] -- {771FC154-9A17-4829-8F57-70B8C8951A39}
O42 - Logiciel: Sofia for Victoria 4.2 + Aiko 4 - (...) [HKLM][64Bits] -- Sofia for Victoria 4.2 + Aiko 4
O42 - Logiciel: Supreme Savings - (.Innovative Apps.) [HKLM][64Bits] -- Supreme Savings
O42 - Logiciel: UseNeXT - (.Tangysoft Ltd..) [HKLM][64Bits] -- UseNeXT_is1
O42 - Logiciel: Vue 10 xStream 64bit - (.e-on software.) [HKLM][64Bits] -- Vue 10 xStream 64bit
O42 - Logiciel: Wrye Bash - (.Wrye & Wrye Bash Development Team.) [HKLM][64Bits] -- Wrye Bash
O42 - Logiciel: YAMAHA MidRadio Player - (...) [HKLM][64Bits] -- {02964CA5-77A1-4EAE-888B-0F88377738B1}
O42 - Logiciel: Zend Studio 8.0.0 - (.Zend Technologies Ltd..) [HKLM][64Bits] -- {A73D4BEE-2BBE-4285-BF6C-4B8C7C002100}
~ Logic: 291 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\590df8bb738bd15]
[HKCU\Software\Amerigomedia]
[HKCU\Software\AppDataLow\AskToolbarInfo]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\Crossrider]  =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\SmartBar]  =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\Supreme Savings]
[HKCU\Software\Ask.com]
[HKCU\Software\AutocompletePro]
[HKCU\Software\AxTools]
[HKCU\Software\BI]
[HKCU\Software\BabylonToolbar]  =>Toolbar.Babylon
[HKCU\Software\Cloanto]
[HKCU\Software\ConcerityCore]
[HKCU\Software\Cr_Installer]
[HKCU\Software\DataMngr]  =>PUP.Datamngr
[HKCU\Software\Faux]
[HKCU\Software\IGearSettings]
[HKCU\Software\Imaging Technology, Inc.]
[HKCU\Software\InstallCore]  =>PUP.InstallCore
[HKCU\Software\InstalledBrowserExtensions]
[HKCU\Software\Noesis]
[HKCU\Software\SYCODE]
[HKCU\Software\Steve Cox Consulting]
[HKCU\Software\Syntrillium]
[HKCU\Software\YAMAHA]
[HKCU\Software\Zend]
[HKCU\Software\bsa commander]
[HKCU\Software\chUmbaLum sOft]
[HKCU\Software\delta LTD]
[HKCU\Software\ipd]
[HKLM\Software\Cloanto]
[HKLM\Software\CrazyLoader]
[HKLM\Software\DomaIQ]
[HKLM\Software\Tarma Installer]  =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Babylon]  =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Boxore]  =>Adware.Boxore
[HKLM\Software\Wow6432Node\Cloanto]
[HKLM\Software\Wow6432Node\DataMngr]  =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Gradient]
[HKLM\Software\Wow6432Node\Imaging Technology, Inc.]
[HKLM\Software\Wow6432Node\Privateer]
[HKLM\Software\Wow6432Node\Syntrillium]
[HKLM\Software\Wow6432Node\TeledyneDALSA]
[HKLM\Software\Wow6432Node\YAMAHA]
~ Key Software: 382 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07-Oct-2011 - 12:19:38 - [1.696] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 07-Oct-2011 - 12:19:20 - [0.825] ----D C:\Program Files (x86)\AutocompletePro
O43 - CFD: 15-May-2012 - 16:51:40 - [29.130] ----D C:\Program Files (x86)\coolpro2
O43 - CFD: 30-Apr-2012 - 15:17:35 - [106.754] ----D C:\Program Files (x86)\ipd
O43 - CFD: 12-Mar-2012 - 10:33:39 - [16.937] ----D C:\Program Files (x86)\MilkShape 3D 1.8.5
O43 - CFD: 05-Oct-2011 - 16:19:19 - [178.219] ----D C:\Program Files (x86)\Open XML SDK
O43 - CFD: 03-Nov-2011 - 18:37:25 - [53.469] ----D C:\Program Files (x86)\Shazzam
O43 - CFD: 19-Apr-2013 - 8:59:42 - [5.767] ----D C:\Program Files (x86)\Supreme Savings
O43 - CFD: 20-Dec-2012 - 11:57:07 - [9.305] ----D C:\Program Files (x86)\UseNeXT
O43 - CFD: 28-Dec-2011 - 17:10:26 - [21.279] ----D C:\Program Files (x86)\YAMAHA
O43 - CFD: 04-Oct-2011 - 9:53:09 - [703.266] ----D C:\Program Files (x86)\Zend
O43 - CFD: 02-Oct-2012 - 17:04:06 - [8.648] ----D C:\Program Files (x86)\Common Files\Cloanto
O43 - CFD: 01-Sep-2012 - 23:05:05 - [0.073] ----D C:\Program Files (x86)\Common Files\Mycop
O43 - CFD: 04-Sep-2012 - 14:01:23 - [57.039] ----D C:\Program Files (x86)\Common Files\SYCODE
O43 - CFD: 30-Nov-2011 - 20:52:41 - [0.064] ----D C:\Program Files (x86)\Common Files\Wrye Bash
O43 - CFD: 04-Feb-2013 - 9:39:52 - [0] ----D C:\ProgramData\Babylon  =>Toolbar.Babylon
O43 - CFD: 19-Apr-2013 - 8:59:30 - [7.662] ----D C:\ProgramData\BrowserProtect  =>Toolbar.Babylon
O43 - CFD: 02-Oct-2012 - 17:05:31 - [66.808] ----D C:\ProgramData\Cloanto
O43 - CFD: 01-Dec-2011 - 11:58:30 - [0] ----D C:\ProgramData\NexusDB3
O43 - CFD: 06-Dec-2011 - 12:15:37 - [0.001] ----D C:\ProgramData\Poser Pro
O43 - CFD: 06-Dec-2011 - 14:10:44 - [0.000] ----D C:\ProgramData\PoserFusion
O43 - CFD: 04-Dec-2012 - 19:49:03 - [0.280] ----D C:\ProgramData\Tarma Installer  =>Toolbar.Tarma
O43 - CFD: 24-Dec-2011 - 16:05:31 - [0.000] ----D C:\ProgramData\YAMAHA
O43 - CFD: 03-Apr-2013 - 23:09:42 - [13.503] --H-D C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
O43 - CFD: 20-Oct-2011 - 14:53:40 - [0.023] ----D C:\Users\Alain\AppData\Roaming\AxTools
O43 - CFD: 25-Mar-2013 - 16:11:48 - [0.585] ----D C:\Users\Alain\AppData\Roaming\Azureus
O43 - CFD: 04-Feb-2013 - 9:39:52 - [0.013] ----D C:\Users\Alain\AppData\Roaming\Babylon  =>Toolbar.Babylon
O43 - CFD: 02-Oct-2012 - 17:33:17 - [0.000] ----D C:\Users\Alain\AppData\Roaming\Cloanto
O43 - CFD: 07-Oct-2011 - 12:08:12 - [0.003] ----D C:\Users\Alain\AppData\Roaming\CrazyLoader
O43 - CFD: 20-Oct-2011 - 19:20:15 - [0.000] ----D C:\Users\Alain\AppData\Roaming\LSMGUIAIR.64AAB1E9DCCE40D96A4E881F8BD26884D826DB32.1
O43 - CFD: 06-Dec-2011 - 12:15:47 - [0.000] ----D C:\Users\Alain\AppData\Roaming\LSMGUIAIR.75FD082802CFD201679ACAC756A932447464AEBF.1
O43 - CFD: 24-Oct-2012 - 10:14:17 - [0.057] ----D C:\Users\Alain\AppData\Roaming\Marine Aquarium 3
O43 - CFD: 23-Apr-2012 - 16:54:09 - [0] ----D C:\Users\Alain\AppData\Roaming\Poser
O43 - CFD: 06-Dec-2011 - 12:14:44 - [25.107] ----D C:\Users\Alain\AppData\Roaming\Poser Pro
O43 - CFD: 07-Jun-2012 - 20:14:49 - [0.000] ----D C:\Users\Alain\AppData\Roaming\ScripterRon
O43 - CFD: 07-Oct-2011 - 11:13:50 - [0.165] ----D C:\Users\Alain\AppData\Roaming\Syntrillium
O43 - CFD: 19-Apr-2013 - 14:14:41 - [25.763] ----D C:\Users\Alain\AppData\Roaming\UseNeXT
O43 - CFD: 24-Dec-2011 - 16:05:26 - [0.002] ----D C:\Users\Alain\AppData\Roaming\YAMAHA
O43 - CFD: 02-Oct-2012 - 17:05:33 - [21.874] ----D C:\Users\Alain\AppData\Local\Cloanto
O43 - CFD: 15-Dec-2011 - 10:35:27 - [0.002] ----D C:\Users\Alain\AppData\Local\FOMM
O43 - CFD: 03-Nov-2011 - 18:38:30 - [0.380] ----D C:\Users\Alain\AppData\Local\Shazzam
O43 - CFD: 19-Apr-2013 - 8:59:42 - [0.015] ----D C:\Users\Alain\AppData\Local\Supreme Savings
O43 - CFD: 19-Apr-2013 - 8:59:29 - [0.201] ----D C:\Users\Alain\AppData\Local\Updater19962
O43 - CFD: 13-Oct-2011 - 19:48:44 - [0.001] --H-D C:\Users\Alain\AppData\Local\uuBba8so9wIUA
O43 - CFD: 21-Mar-2012 - 16:17:54 - [0.002] ----D C:\Users\Alain\AppData\Local\Zend Studio
O43 - CFD: 12-Mar-2012 - 10:33:39 - [0.007] ----D C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.5
O43 - CFD: 30-Apr-2012 - 15:17:49 - [0.030] ----D C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teledyne DALSA
O43 - CFD: 30-Nov-2011 - 20:52:41 - [0.005] ----D C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
~ Program Folder: 312 Legitimates Filtered in 02mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.28B8E7F2080DC34F620258537493AD2A] - 14-Apr-2013 - 18:19:20 ---A- . (...) -- C:\Windows\win.ini   [656]
O44 - LFC:[MD5.01E1ACC6F3507677E2DB1FEC8FCF06B7] - 22-Apr-2013 - 15:20:09 ---A- . (...) -- C:\service.log   [5852513]
~ Files: 17 Legitimates Filtered in 00mn 03s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\avast  [Key] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14-Jul-2009 - 2:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.1D4D2261509FDC49BF2E250B8AC62ADE] - 30-Mar-2009 - 11:05:24 ---A- . (.Tetradyne Software, Inc. - DriverX NT Driver.) -- C:\Windows\SysWOW64\drivers\driverx.sys   [54112]
~ Drivers:  Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\searchplugins\askcom.xml
O69 - SBI: C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364546304059,\"isWithState\"[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("Smartbar.ConduitHomepagesList", "");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("Smartbar.ConduitSearchEngineList", "");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("Smartbar.ConduitSearchUrlList", "");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("browser.search.defaultthis.engineName", "Web Search Customized Web Search");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.5147871c1a04f.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.BabylonToolbar_i.newTab", true);  =>Toolbar.Babylon
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=NT_ss&mntrId[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossrider.bic", "13e212e2fa2b597e7b89a8ed5630f571");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.InstallationThankYouPage", true);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1366354750);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.searchUserConifrmation", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setHomepage", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setNewTab", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setSearch", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.active", true);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.addressbar", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.addressbarenhanced", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.backgroundjs", "\n\n//\n");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.backgroundver", 34);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.can_run_bg_code", true);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.certdomaininstaller", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.changeprevious", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1366354750");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.value", "1366354750");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.expiration", "Mon Apr 22 2013 16:18:39 GMT+0200");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.value", "%22%21appAPI.db.get%28%5C%22_GPL_ib_disclosure%[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_blocklist.expiration", "Mon Apr 22 2013 16:18:39 GMT+0200");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration", "Fri Apr 26 2013 09:24:44 GMT+0200");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.value", "%22FR%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.value", "1366640012");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value", "%221366222555%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value", "%221%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22163377%22%2C%22sub_id[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.value", "%221366222555%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value", "%22163377%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value", "1366356335835");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.value", "%221488%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr_halt.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr_halt.value", "1366640019");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value", "%22174289%22");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.value", "1366356284168");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.description", "Supreme Savings");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.domain", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.enablesearch", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.homepage", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.iframe", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2233237A52BF2D44[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value", "47");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value", "1");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.value", "%7B%7D");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration", "Mon Apr 22 2013 16:55:34 GMT+0200");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value", "true");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.value", "%7B%7D");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+01[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Atrue%2C%22Wireshark%22%[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.manifesturl", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.name", "Supreme Savings");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.newtab", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.opensearch", "");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.ver", 4);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.name", "GPL Plugin (Loader)");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver", 15);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver", 35);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.ver", 2);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.ver", 2);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.name", "FFAppAPIWrapper");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.ver", 5);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.ver", 3);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.name", "debug");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.ver", 3);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.ver", 3);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.name", "initializer");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.ver", 2);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.name", "jquery_1_7_1");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.ver", 3);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.ver", 2);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.name", "appApiMessage");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.ver", 1);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.ver", 2);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.name", "CrossriderInfo");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.ver", 2);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.name", "omniCommands");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.ver", 1);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.pluginsurl", "http://app-static.crossrider.com/plugin/apps/19962/plugins/091/ff/plu[...]  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.pluginsversion", 43);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.publisher", "215 Apps");  =>PUP.SpecialSavings
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.searchstatus", 0);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.setnewtab", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.thankyou", "http://crossrider.com/thank_you/19962");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.updateinterval", 360);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.19962.ver", 47);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.apps", "19962");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.bic", "13e212e2fa2b597e7b89a8ed5630f571");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.cid", 19962);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.firstrun", false);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.hadappinstalled", true);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.installationdate", 1366356275);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.lastcheck", 22777016);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.lastcheckitem", 22777334);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.modetype", "production");  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.reportInstall", true);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.crossriderapp19962.statsDailyCounter", 7);  =>PUP.CrossRider
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.id", "261b34ad0000000000001c6f6559cfaa");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.instlDay", "15814");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.vrsn", "1.8.16.16");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.vrsnTs", "1.8.16.168:59:16");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.delta.vrsni", "1.8.16.16");
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods._xpiupdate", true);  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.aflt", "_#wbst");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.first_time", false);  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.id", "_#f2eb465227d049a6a2f1577d5590d2a8");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.instlDay", "_#15257");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.sid", "_#f2eb465227d049a6a2f1577d5590d2a8");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.uninst", true);  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.update", "_#v1.4.0");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default] user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");  =>Adware.Facemoods
O69 - SBI: C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\searchplugins\askcom.xml
O69 - SBI: C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\searchplugins\conduit.xml
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.FF19Solved", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.FirstTime", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.FirstTimeFF3", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.PG_ENABLE", "dHJ1ZQ==");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.SearchAppState.enc", "Mg==");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&CUI=UN3314[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.UserID", "UN33149963043160069");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.autoDisableScopes", 14);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.browser.search.defaultthis.engineName", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.defaultSearch", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.enableAlerts", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.enableFix404ByUser", "FALSE");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.enableSearchFromAddressBar", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.fixPageNotFoundErrorByUser", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.fixUrls", true);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.homepageuserchanged", true);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.installDate", "18/3/2013 22:01:11");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.installId", "stub.exe");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.installUsage", "2013-03-19T00:02:12.0280207+03:00");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.installUsageEarly", "2013-03-19T00:02:11.2168415+03:00");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.installerVersion", "1.3.6.5");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.keyword", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2504091&octid=CT2[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.lastVersion", "10.15.0.562");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"E[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.openThankYouPage", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.openUninstallPage", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.revertSettingsEnabled", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.search.searchAppId", "129079840422026594");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.search.searchCount", "0");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.searchFromAddressBarEnabledByUser", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://VuzeRemo[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}"[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363640508141");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1363640508115");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363640507994");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1363640507752");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1363640508256");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_location_lastUpdate", "1364542748915");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_login_10.14.370.24_lastUpdate", "1363683769489");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363849407975");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364542748841");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363640508057");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1363640507095");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1364542747827");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363640507838");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1364542748279");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1364542748089");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.settingsINI", true);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.showToolbarPermission", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.smartbar.CTID", "CT2504091");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.smartbar.Uninstall", "0");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.smartbar.homepage", "true");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.smartbar.isHidden", true);  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.startPage", "true");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.toolbarBornServerTime", "19-3-2013");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.toolbarCurrentServerTime", "29-3-2013");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091.toolbarLoginClientTime", "Mon Mar 18 2013 22:01:48 GMT+0100");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364544099716,\"isWithState\"[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("Smartbar.ConduitHomepagesList", "");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("Smartbar.ConduitSearchEngineList", "");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("Smartbar.ConduitSearchUrlList", "");  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("browser.search.defaultthis.engineName", "Web Search Customized Web Search");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&CUI=UN33149963043160069&UM=1&Sear[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.BabylonToolbar_i.newTab", true);  =>Toolbar.Babylon
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=NT_ss&mntrId[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.id", "261b34ad0000000000001c6f6559cfaa");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.instlDay", "15740");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.vrsnTs", "1.8.10.08:40:08");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods._xpiupdate", true);  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.aflt", "_#wbst");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.first_time", false);  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.id", "_#f2eb465227d049a6a2f1577d5590d2a8");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.instlDay", "_#15257");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.sid", "_#f2eb465227d049a6a2f1577d5590d2a8");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.uninst", true);  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.update", "_#v1.4.0");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");  =>Adware.Facemoods
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&CUI=UN33149963043160069&UM=&q=")[...]
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT2504091&CUI=UN33149963043160069&UM=1&SearchSource=13"[...]  =>Hijacker.SmartBar
O69 - SBI: prefs.js [Alain - x6sijhsh.default - Copie] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&CUI=UN3[...]  =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com  =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {B8D9F72F-8B94-4331-872E-F2491C50E155} - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D52D5557B4A058DD5BE8426A13A1CC53] [SPRF][17-Apr-2013] (...) -- C:\Users\Alain\AppData\Local\Temp\busunint.exe   [12872]
[MD5.B94610EE073523E89C57C5AC2ED6DCC4] [SPRF][05-Dec-2007] (.Ashok P. Nadkarni - Tcl Windows API Extension DLL.) -- C:\Users\Alain\AppData\Local\Temp\twapi-2.0a7.dll   [417884]
[MD5.3C6C79F8A875D11D920EAF0F63EDC1A5] [SPRF][17-Apr-2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Alain\AppData\Local\Temp\uninst1.exe   [394312]  =>Toolbar.Babylon
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][26-Jul-2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll   [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][26-Jul-2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe   [196608]
[MD5.8E8CEA4D58BBAA30FDF39EE1936360F2] [SPRF][03-Feb-2011] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll   [113888]
[MD5.CBE31015B53BE10F453C7B93A3056CB8] [SPRF][18-Feb-2011] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropFRA.dll   [116040]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][17-Feb-2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll   [401408]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{BD428C14-C18C-436B-89AB-3A6386BFF63F}C:\program files (x86)\zend\zend studio - 8.0.0\zendstudio.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\zend\zend studio - 8.0.0\zendstudio.exe
O87 - FAEL: "UDP Query User{C68795BF-342B-450C-AEBB-D971A53B7951}C:\program files (x86)\zend\zend studio - 8.0.0\zendstudio.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\zend\zend studio - 8.0.0\zendstudio.exe
O87 - FAEL: "{2D9E206F-F38A-4545-8FF1-4715857C168D}" |In - None - P17 - TRUE | .(...) -- J:\setup\hpznui40.exe (.not file.)
O87 - FAEL: "TCP Query User{37CF94D5-D49A-4C55-AE1A-11E866E64479}D:\program files\smith micro\poser pro 2012\poserpro.exe" | In - Private - P6 - TRUE | .(.Smith Micro Software, Inc.) -- D:\program files\smith micro\poser pro 2012\poserpro.exe
O87 - FAEL: "UDP Query User{7721816A-FF75-4185-9D42-5B8016825C18}D:\program files\smith micro\poser pro 2012\poserpro.exe" | In - Private - P17 - TRUE | .(.Smith Micro Software, Inc.) -- D:\program files\smith micro\poser pro 2012\poserpro.exe
~ Firewall: 290 Legitimates Filtered in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.11631 - (21-Apr-2013)
Clés trouvées (Keys found) : 108
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 14
Fichiers trouvés  (Files found) : 4

[HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}]   =>Adware.PredictAd
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]   =>Adware.PredictAd
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]   =>Adware.PredictAd
[HKCU\Software\delta LTD]   =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}]   =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]   =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}]   =>Adware.PredictAd
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7555B87D-D711-48B2-B97D-04DF700652BA}]   =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7555B87D-D711-48B2-B97D-04DF700652BA}]   =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]   =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}]   =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]   =>Adware.AskSBAR
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]   =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]   =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}]   =>Parasite.Pugi
[HKLM\Software\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}]   =>Parasite.Pugi
[HKLM\Software\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}]   =>Adware.PredictAd
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]   =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]   =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]   =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\autocompletepro.dll]   =>Adware.PredictAd
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk]   =>Adware.PredictAd
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd]   =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1]   =>Adware.AskSBAR
[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho]   =>Adware.PredictAd
[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1]   =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]   =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]   =>Adware.MyWebSearch
[HKCU\Software\Ask.com]   =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar]   =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\AskToolbarInfo]   =>Toolbar.AskTBar
[HKCU\Software\AutocompletePro]   =>Adware.PredictAd
[HKCU\Software\BabylonToolbar]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Boxore]   =>Adware.Boxore
[HKCU\Software\Cr_Installer]   =>Adware.VidSaver
[HKLM\Software\CrazyLoader]   =>Adware.SPointer
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Tarma Installer]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\autocompletepro3_is1]   =>Adware.PredictAd
[HKCU\Software\JavaSoft\Prefs\crazyloader]   =>Adware.SPointer
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32]   =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS]   =>Adware.Boxore
[HKLM\Software\Classes\CrossriderApp0019962.BHO]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0019962.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0019962.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0019962.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0019962.BHO]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0019962.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0019962.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0019962.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122992262}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}   =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440}   =>Adware.AskSBAR
C:\Program Files (x86)\Ask.com   =>Toolbar.AskBar
C:\Program Files (x86)\AutocompletePro   =>Adware.PredictAd
C:\Program Files (x86)\Software   =>Adware.Boxore
C:\Program Files (x86)\Supreme Savings   =>PUP.RewardsArcade
C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com   =>Toolbar.Babylon
C:\ProgramData\Babylon   =>Toolbar.Babylon
C:\ProgramData\Software   =>Adware.Boxore
C:\Users\Alain\AppData\Roaming\Babylon   =>Toolbar.Babylon
C:\Users\Alain\AppData\Roaming\Crazyloader   =>Adware.SPointer
C:\Users\Alain\AppData\Local\Software   =>Adware.Boxore
C:\Users\Alain\AppData\Local\Supreme Savings   =>PUP.RewardsArcade
C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk   =>PUP.RewardsArcade
C:\Users\Alain\AppData\Local\\Updater19962  =>PUP.CrossRider^
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\Smartbar   =>Hijacker.SmartBar
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default\SearchPlugins\conduit.xml   =>Toolbar.Conduit
C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\x6sijhsh.default - Copie\SearchPlugins\conduit.xml   =>Toolbar.Conduit
C:\Users\Alain\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon
~ Additionnel Scan: 928751 Items scanned in 01mn 08s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "7B97E000527E10F478A01C92247B8F4E" . (.Crysis(R).) -- C:\Windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.VDownloader Toolbar.) -- c:\program files (x86)\ask.com\fv_bceb.ico
O90 - PUC: "A9434A6655AA5E347A182668A707A109" . (.MacroKey Manager.) -- C:\Windows\Installer\{66A4349A-AA55-43E5-A781-62867A701A90}\ARPPRODUCTICON.exe
O90 - PUC: "D8FD8BCDE0F6B5048B07980729245F0C" . (.Amiga Forever.) -- C:\Windows\Installer\{DCB8DF8D-6F0E-405B-B870-89709242F5C0}\ARPPRODUCTICON.exe
O90 - PUC: "EEB4D37AEBB25824FBC6B4C8C7001200" . (.Zend Studio 8.0.0.) -- C:\Windows\Installer\{A73D4BEE-2BBE-4285-BF6C-4B8C7C002100}\ZendStudio.exe
~ Update Products: 214 Legitimates Filtered in 00mn 01s



---\\ Random Export Key (O91)
[HKCU\Software\590df8bb738bd15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\590df8bb738bd15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\590df8bb738bd15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\590df8bb738bd15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\590df8bb738bd15]   =>Toolbar.Babylon^
~ Export Key Software:  Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18-Dec-2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 17-Mar-2013 253656 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand  0 | C:\Windows\System32\AppleChargerSrv.exe (AppleChargerSrv) . (...) - c:\system32\AppleChargerSrv.exe
SR - | Auto  18656 |  (Autodesk Content Service) . (...) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SS - | Disabled 03-Jul-2012 44808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 29-Apr-2006 49152 |  (BBDemon) . (.Dassault Systemes.) - D:\Program Files (x86)\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
SR - | Auto  22528 |  (DAZContentManagementService) . (...) - D:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
SS - | Demand 04-Oct-2011 651720 |  (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 22-Oct-2011 1431888 |  (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto  68136 |  (GEST Service) . (...) - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
SS - | Auto 03-Oct-2011 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03-Oct-2011 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08-Feb-2011 136120 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 14-Jul-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14-Jul-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14-Jul-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 03-Apr-2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 04-Apr-2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04-Apr-2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto  86016 |  (mi-raysat_3dsmax2010_32) . (...) - D:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
SR - | Auto  86016 |  (mi-raysat_3dsmax2010_64) . (...) - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
SS - | Demand 12-Apr-2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto  8920 |  (MySQL5) . (...) - C:\Program Files\MySQL\MySQL Server 5.1\my.ini
SR - | Auto 14-Jul-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 27-Dec-2010 1005160 |  (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto  88576 |  (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 14-Jul-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26-Jan-2009 1153368 |  (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SS - | Demand 14-Feb-2013 543144 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 27-Dec-2010 378472 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 19-Feb-2010 517096 |  (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 26-Sep-2011 21504 |  (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
SS - | Demand  9665536 |  (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
SR - | Auto 14-Jul-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto  665320 |  (WTService) . (...) - C:\Windows\System32\atwtusb.exe
SR - | Auto 14-Jul-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 02s



~ 1592 Legitimates filtered by white list
End of the scan (1077 lines in 04mn 36s)(0)