cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.6.1.2 par Nicolas Coolman, Update du 01/06/2013
Run by Anne-So at 01/06/2013 22:11:13
WebSite: http://nicolascoolman.webs.com
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 4P2KH
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7

---\\ System Optimizer
CCleaner v3.08 =>Piriform Ltd

---\\ Peer To Peer (P2P)
Pando Media Booster v2.3.5.9

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 10
Java 7 Update 10

---\\ System Information
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3957 MB (57% free)
System Restore: Activ� (Enable)
System drive C: has 167 GB (71%) free of 233 GB

---\\ Logged in mode
~ Computer Name: ANNE-SO-PC
~ User Name: Anne-So
~ All Users Names: UpdatusUser, HomeGroupUser$, Anne-So, All, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Anne-So\AppData\Roaming\
~ %Desktop% : C:\Users\Anne-So\Desktop\
~ %Favorites% : C:\Users\Anne-So\Favorites\
~ %LocalAppData% : C:\Users\Anne-So\AppData\Local\
~ %StartMenu% : C:\Users\Anne-So\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 167 Go of 233 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 223 Go of 232 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/05/2013 - 06:35:35.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 5/6
~ Mes musiques (My Musics) : 5/85
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/44
~ Mon Bureau (My Desktop) : 1/50
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.79A68515003E994D8632D1802C149430] - (.Pas de propri�taire - gm4ie MFC Application.) -- C:\Facemoi\facemoi.exe [59392] [PID.2784] =>PUP.Facemoi
[MD5.1B82BCF0B8F9228B39F75B0DFA079A21] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408] [PID.2644]
[MD5.11DFC7FF30B9B44F1477989C8FFF478F] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032] [PID.1540] =>PUP.SweetIM
[MD5.84A878D2D4A84CC73D53733F80FB57CE] - (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768] [PID.2664] =>PUP.SweetIM
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.2532]
[MD5.51C392EC9DA1119EC86D562FF3E7344F] - (.Google Inc. - Google Chrome.) -- C:\Users\All\AppData\Local\Google\Chrome\Application\chrome.exe [825808] [PID.3792]
[MD5.9987636E1191907AB52F3A49FFB83393] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7431168] [PID.2608]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1960]
[MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.1612]
[MD5.BA400ED640BCA1EAE5C727AE17C10207] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408] [PID.4984]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Anne-So\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.searchamong.com =>Adware.SearchAmong
G0 - GCSP: Preference [User Data\Default] http://www.searchamong.com =>Adware.SearchAmong
G1 - GCS: Preference [User Data\Default] http://dts.search-results.com
G2 - GCE: Preference [User Data\Default] [elhjaoldnkkbifioodjndkijecdeinld] BittorrentBar_FR v.10.13.20.29 (Activ�) =>P2P.BitTorrent
G2 - GCE: Preference [User Data\Default] [hidjnkeodmholilgafgdlgmgggbhnigl] Similar Sites Pro v.3 (Activ�)
G2 - GCE: Preference [User Data\Default] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.2.0.0 (Activ�) =>PUP.SweetIM
~ Google Browser: 10 Legitimates Filtered in 00mn 17s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\prefs.js
C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\user.js
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\askcomsearch.xml
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\bittorrentbarfr-customized-web-search.xml =>P2P.BitTorrent
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\Funmoods.xml =>PUP.Funmoods
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\Search_Results.xml
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\SweetIM Search.xml =>PUP.SweetIM
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\sweetim.xml =>PUP.SweetIM
M3 - MFPP: Plugins - [Anne-So] -- C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\Web Search.xml
M3 - MFPP: Plugins - [Anne-So] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Anne-So] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
M0 - MFSP: prefs.js [Anne-So - n9rqrvuj.default] http://search.conduit.com
M2 - MFEP: prefs.js [Anne-So - n9rqrvuj.default\{E71B541F-5E72-5555-A47C-E47863195841}] [] SimilarSites v (..)
M2 - MFEP: prefs.js [Anne-So - n9rqrvuj.default\{ef79f67a-6ad7-4715-a0f8-932fca442023}] [] BittorrentBar_FR v10.13.40.15 (..) =>P2P.BitTorrent
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com =>Adware.SearchAmong
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com =>Adware.SearchAmong
R3 - URLSearchHook: SimilarSites [64Bits] - {FE69C007-C452-4d3e-86D2-1730DF8BC871} . (...) (No version) -- C:\Program Files (x86)\SimilarSites\similarsites.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar Helper Module.) (4, 6, 0, 4) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll =>PUP.SweetIM
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Cl� orpheline
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (...) -- C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (.not file.) =>Adware.Yontoo
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Anne-So\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM
O4 - HKLM\..\Wow6432Node\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3843461945-3932804018-3181229105-1005\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3843461945-3932804018-3181229105-1005\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Jouer � League of Legends.lnk . (...) -- C:\Riot Games\League of Legends\lol.launcher.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: BitTorrent.lnk . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: eType.lnk . (.DSNR Media Innovations - eType Application.) -- C:\Users\Anne-So\AppData\Roaming\eType\eType.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Anne-So\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\Anne-So\Desktop\Search the Web.url . (...) -- C:\Users\Anne-So\Desktop\Search the Web.url =>Adware.IMBooster
O4 - Global Startup: C:\Users\Anne-So\Desktop\SweetPcFix.url . (.SimilarSites - Pas de description.) -- C:\Users\Anne-So\Desktop\SweetPcFix.url =>PUP.SweetPCFix
O4 - GS\TaskBar: Diablo III.lnk . (.Blizzard Entertainment - Diablo III Setup.) -- C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Anne-So\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Desktop: TeamSpeak 3 Client.lnk . (...) -- C:\Users\Anne-So\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (.not file.)
~ Global Startup: Scanned in 00mn 13s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B17AE36-ACC9-4E23-A57B-43051BDA4F2E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F18A31A7-1A66-4484-A90A-33E6AD67912E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B17AE36-ACC9-4E23-A57B-43051BDA4F2E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F18A31A7-1A66-4484-A90A-33E6AD67912E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4B17AE36-ACC9-4E23-A57B-43051BDA4F2E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F18A31A7-1A66-4484-A90A-33E6AD67912E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{BCF92A94-3FC4-4753-9B80-6DC3E233A0B0}] (...) -- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 07s



---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (rdmfyxym) . (. - .) - C:\Windows\system32\drivers\rdmfyxym.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM
O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM
O42 - Logiciel: eType - (.eType.) [HKCU][64Bits] -- eType
~ Logic: 88 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>PUP.Datamngr
[HKCU\Software\DSNR Labs]
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\CrazyLoader] =>Adware.SPointer
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SimilarSites]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 192 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/05/2012 - 22:39:09 - [0] ----D C:\Program Files (x86)\PriceGong =>Adware.PriceGong
O43 - CFD: 24/09/2012 - 20:27:01 - [11,448] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM
O43 - CFD: 06/05/2013 - 14:31:12 - [12,337] ----D C:\Program Files (x86)\Webplayer setup =>Adware.SocialSkinz
O43 - CFD: 23/01/2012 - 19:42:54 - [4,313] ----D C:\ProgramData\Ask
O43 - CFD: 15/09/2011 - 14:27:46 - [0,000] ----D C:\ProgramData\Atoowin
O43 - CFD: 14/01/2012 - 00:23:31 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 24/05/2012 - 10:46:22 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 27/12/2012 - 12:24:16 - [0,000] ----D C:\ProgramData\SimilarSites
O43 - CFD: 24/09/2012 - 20:27:01 - [1,551] ----D C:\ProgramData\SweetIM =>PUP.SweetIM
O43 - CFD: 14/01/2012 - 00:23:31 - [0,005] ----D C:\Users\Anne-So\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 25/04/2012 - 21:49:38 - [747,030] ----D C:\Users\Anne-So\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 26/06/2011 - 15:20:12 - [0,010] ----D C:\Users\Anne-So\AppData\Roaming\CrazyLoader =>Adware.SPointer
O43 - CFD: 01/06/2013 - 19:28:45 - [27,072] ----D C:\Users\Anne-So\AppData\Roaming\eType
O43 - CFD: 09/01/2013 - 00:52:50 - [0] ----D C:\Users\Anne-So\AppData\Roaming\Funmoods =>PUP.Funmoods
O43 - CFD: 27/12/2012 - 12:23:46 - [0,517] ----D C:\Users\Anne-So\AppData\Roaming\SimilarSites
O43 - CFD: 19/12/2012 - 00:56:36 - [0,165] ----D C:\Users\Anne-So\AppData\Local\APN
O43 - CFD: 14/01/2012 - 00:23:34 - [3,744] ----D C:\Users\Anne-So\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 24/05/2012 - 01:03:18 - [0,014] ----D C:\Users\Anne-So\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 03/09/2012 - 21:21:45 - [0,002] ----D C:\Users\Anne-So\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eType
~ 801 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1100 Legitimates Filtered in 00mn 50s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.75D3AAB9D22CE264FBD8E6A9FFFD8DEA] - 01/06/2013 - 18:23:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [103868]
O44 - LFC:[MD5.7C58CBD6C667CF8A759797B0DB0D09AE] - 28/05/2013 - 13:02:26 ---A- . (...) -- C:\Windows\SysNative\nvinfo.pb [20536]
O44 - LFC:[MD5.7C58CBD6C667CF8A759797B0DB0D09AE] - 28/05/2013 - 13:02:26 RSHAD . (...) -- C:\Windows\System32\nvinfo.pb [20536]
O44 - LFC:[MD5.7E4329E154AA90EAD21C9FCDE0CBC50E] - 23/05/2013 - 06:43:23 ---A- . (...) -- C:\Windows\IE10_main.log [9534]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 23/05/2013 - 06:35:34 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 23/05/2013 - 06:35:34 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
~ Files: 146 Legitimates Filtered in 00mn 14s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.D05ADE4C00050B33B28709B24B325269] - 01/06/2013 - 17:14:51 ---A- - C:\Windows\Prefetch\DAO.16081870.EXE-1E5CEF41.pf
O45 - LFCP:[MD5.035DD6D8BDDA724999B498AB3A8D0B27] - 28/05/2013 - 16:04:42 ---A- - C:\Windows\Prefetch\ERRORREPORTER.EXE-82E0577E.pf
O45 - LFCP:[MD5.DC4395A25CF8794C17D62A0F8518B022] - 30/05/2013 - 17:13:24 ---A- - C:\Windows\Prefetch\DAO.16044919.EXE-13E34778.pf
~ Prefetcher: 144 Legitimates Filtered in 00mn 02s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent [Key] . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\Facemoi [Key] . (.Pas de propri�taire - gm4ie MFC Application.) -- c:\Facemoi\facemoi.exe =>PUP.Facemoi
O53 - SMSR:HKLM\...\startupreg\GM4IE [Key] . (.Pas de propri�taire - gm4ie MFC Application.) -- C:\Facemoi\facemoi.exe =>PUP.Facemoi
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.48D9D00C2E0E72C3D4F52772C80355F6] - 22/12/2009 - 03:31:26 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 18:27:12 ---A- C:\Users\Anne-So\Links\Desktop.lnk [483]
O61 - LFC: 01/06/2013 - 18:27:12 ---A- C:\Users\Anne-So\Links\Downloads.lnk [942]
O61 - LFC: 01/06/2013 - 18:27:12 ---A- C:\Users\Anne-So\Links\RecentPlaces.lnk [383]
O61 - LFC: 01/06/2013 - 18:27:30 ---A- C:\Users\Anne-So\AppData\Roaming\eType\ClientSettings.bin [894]
O61 - LFC: 01/06/2013 - 18:27:30 ---A- C:\Users\Anne-So\AppData\Roaming\eType\ExcludeLogEvents.bin [488]
O61 - LFC: 01/06/2013 - 18:27:30 ---A- C:\Users\Anne-So\AppData\Roaming\eType\NumOfActivations.txt [1]
O61 - LFC: 01/06/2013 - 18:28:33 ---A- C:\Users\Anne-So\AppData\Roaming\eType\tpe.bin [0]
O61 - LFC: 01/06/2013 - 18:28:33 ---A- C:\Users\Anne-So\AppData\Roaming\eType\u.bin [29]
O61 - LFC: 01/06/2013 - 18:28:35 ---A- C:\Users\Anne-So\AppData\Roaming\eType\UserDictionaries.xml [276]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\NotificationMessages.xml [206]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\Scoreboard.dat [8]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\ScoreboardDiff.dat [2]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\friendsInstalled.dat [2]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\friendsNew.dat [6]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\tasks.dat [82]
O61 - LFC: 01/06/2013 - 18:28:45 ---A- C:\Users\Anne-So\AppData\Roaming\eType\wDat.bin [16]
O61 - LFC: 01/06/2013 - 18:33:10 ---A- C:\Users\Anne-So\Downloads\RogueKiller-8.5.4.exe [816128]
O61 - LFC: 01/06/2013 - 18:34:38 ---A- C:\Users\Anne-So\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273204]
O61 - LFC: 01/06/2013 - 18:57:27 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe [216968]
O61 - LFC: 01/06/2013 - 18:57:27 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\GoogleUpdate.exe [116648]
O61 - LFC: 01/06/2013 - 18:57:27 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdate.dll [848776]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe [287624]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\GoogleUpdateBroker.exe [59784]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe [59784]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_am.dll [25480]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ar.dll [27016]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_bg.dll [30600]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_bn.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ca.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_cs.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_da.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_de.dll [31624]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_el.dll [31112]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_en-GB.dll [28552]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_en.dll [28040]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_es-419.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_es.dll [31624]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_et.dll [28552]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_fa.dll [28040]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_fi.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_fil.dll [30600]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_fr.dll [31112]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_gu.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_hi.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_hr.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_hu.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_id.dll [28552]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_is.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_it.dll [31112]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_iw.dll [26504]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ja.dll [24968]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll [585608]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\psmachine.dll [162184]
O61 - LFC: 01/06/2013 - 18:57:28 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\psuser.dll [162184]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_kn.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ko.dll [23944]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_lt.dll [28552]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_lv.dll [30600]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ml.dll [32136]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_mr.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ms.dll [28552]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_nl.dll [30600]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_no.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_pl.dll [30600]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_pt-BR.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_pt-PT.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ro.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ru.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_sk.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_sl.dll [30088]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_sr.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_sv.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_sw.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ta.dll [30600]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_te.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_th.dll [28040]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_tr.dll [29576]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_uk.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_ur.dll [29064]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_vi.dll [28552]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_zh-CN.dll [22408]
O61 - LFC: 01/06/2013 - 18:57:29 ---A- C:\Users\Anne-So\AppData\Local\Google\Update\1.3.21.145\goopdateres_zh-TW.dll [22408]
O61 - LFC: 01/06/2013 - 19:49:48 ---A- C:\Users\Anne-So\AppData\Local\Google\Chrome\User Data\Local State [25939]
~ 5 Fichiers temporaires (Temporary files)
~ Files: 868 Legitimates Filtered in 04mn 08s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Anne-So\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.1000234.TWC_locId", "FRXX0074");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"3°C\",\"temperatureClear\":\"3°C\",\"highTemp[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.CBOpenMAMSettings.enc", "MA==");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.Facebook_Mode.enc", "Mg==");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.Facebook_User_Locale.enc", "ZnI=");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.FirstTime", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.FirstTimeFF3", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.LoginRevertSettingsEnabled", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.RevertSettingsEnabled", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.UserID", "UN17420355360327844");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.autoDisableScopes", -1);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.browser.search.defaultthis.engineName", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.cbcountry_001.enc", "RlI=");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.cbfirsttime.enc", "VHVlIERlYyAxOCAyMDEyIDIzOjU3OjA2IEdNVCswMTAw");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.defaultSearch", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.embeddedsData", "[{\"appId\":\"129349795935906563\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.enableAlerts", "always");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.enableSearchFromAddressBar", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.fixUrls", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.installType", "xpe");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isNewTabEnabled", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.keyword", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Ftigzyrk.blogspot.fr%2F[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.openThankYouPage", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.openUninstallPage", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.revertSettingsEnabled", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.search.searchAppId", "129349795935906563");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.search.searchCount", "0");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2849852\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Bittorre[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BittorrentBar_F[...] =>P2P.BitTorrent
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370108280520");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_appsMetadata_lastUpdate", "1370108280519");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370108279895");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_login_10.13.40.15_lastUpdate", "1370108280779");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370108279895");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_searchAPI_lastUpdate", "1370108280837");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_serviceMap_lastUpdate", "1370108279652");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370108279894");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_toolbarSettings_lastUpdate", "1370108280532");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.serviceLayer_services_translation_lastUpdate", "1370108280518");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.settingsINI", true);
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.smartbar.CTID", "CT2849852"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.smartbar.homepage", true); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.smartbar.toolbarName", "BittorrentBar_FR "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.startPage", "TRUE");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.toolbarBornServerTime", "19-12-2012");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.toolbarCurrentServerTime", "19-12-2012");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852.url_history0001.enc", "aHR0cDovL3d3dy50b2JpLmNvbS93b21lbi9kcmVzc2VzOjo6Y2xpY2toYW5kbGVyOjo6MTM1NTg3MTU0NTMzMi[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("CT2849852_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1370108145017,\"isWithState\"[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13&CUI=SB_CUI"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("Smartbar.ConduitSearchEngineList", "BittorrentBar_FR Customized Web Search"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q="); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.sweetim.com/search.asp?src=2&q="); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("browser.search.selectedEngine", "BittorrentBar_FR Customized Web Search"); =>P2P.BitTorrent
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13&CUI=SB_CUI");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.hardId", "d8b81ffc000000000000701a04c32583"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.id", "d8b81ffc000000000000701a04c32583"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15352"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:24:06"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13&CUI=SB_CUI"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q="); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("smartbar.originalSearchAddressUrl", "http://search.sweetim.com/search.asp?src=2&q="); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.Visibility.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.0.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); =>PUP.SweetIM

O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.0.width", "761");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.1.enable", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.1.height", "300");
O69 - SBI: prefs.js [Anne-So - n9rqrvO =>PUP.SweetIMeetIMuj.default] user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
O69 - SBI: prefs. =>PUP.SweetIMprefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_pa =>PUP.SweetIMt] user_pref("sweetim.toolbar.dialogs.2.enable", "true");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_to =>PUP.SweetIMref("sweetim.toolbar.dialogs.2.height", "150");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj =>PUP.SweetIMjs [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.2.title", "Option Dial =>PUP.SweetIM prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.dialogs.2.width", "530");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_p =>PUP.SweetIM*|.*.google.co.in/.*|.[...]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.mode.debug", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.newtab.cre =>PUP.SweetIM - n9rqrvuj.default] user_pref("sweetim.toolbar.previous.keyword.URL", "");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pr =>PUP.SweetIMo;");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.0.addc =>PUP.SweetIMimVerification");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.0.do =>PUP.SweetIM", "http://(www.|apps.)?facebook\\.com.*");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweeti =>PUP.SweetIMm.toolbar.scripts.0.enable", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweeti =>PUP.SweetIM.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.d =>PUP.SweetIM - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.enable", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.script =>PUP.SweetIMain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*[...] =>PUP.SweetIMrvuj.default] user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj =>PUP.SweetIMr_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.defaul =>PUP.SweetIMi=3104&tid=chff1");
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.to =>PUP.SweetIM]
O69 - SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.search.history.capaci =>PUP.SweetIMs [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
O69 - SBI: prefs.js [Ann =>PUP.SweetIM- SBI: prefs.js [Anne-So - n9rqrvuj.default] user_pref("sweetim.toolbar.version", "1.7.0.3");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com
O69 - SBI: SearchScopes [HKCU] {10B4E706-0FB5-43BE-88B2-C3CC5CCFECC8} - (Surf Canyon) - http://search.surfcanyon.com
O69 - SBI: SearchScopes [HKCU] {154d339e-ccaa-49a5-9b38-6878ad4220bc} [DefaultScope] - (Web Search) - http://www.searchamong.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {85EB6BFB-61CC-4AFE-A55B-EF368EB0060D} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (BittorrentBar_FR Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (Sw =>Adware.IMBooster dossiers (O84)
[MD5.24D16C3C586D852BCE312BC113D6FB79] [SPRF][31/05/2011] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.CAF1923233C024A79090197859564EAD] [SPRF][08/01/2013] (.Setup � - Setup.) -- C:\Users\Anne-So\AppData\L =>Adware.SearchAmongn.) -- C:\Users\Anne-So\AppData\Local\Temp\APNStub.exe [358600]
[MD5.D79B88BAB3231EBEBD3C6505AB68CE56] [SPRF][12/12/2011] (.Somoto Ltd - Better Installer Host.) -- C:\Users\Anne-So\AppData\Local\Temp\BI_RunOnce.exe [212480]
[MD5.992E52F7F30376894FF23B089521605C] [SPRF][03/09/2012] (.SweetIM Technologies Ltd. - SweetIM Installer by SweetPacks.) -- C:\Users\Anne-So\AppData\Local\Temp\bundlesweetimsetup.exe [6204760]
[MD5.41BE2D89E2F421CB =>P2P.BitTorrent] [SPRF][03/09/2012] (.Pas de propri�taire - eType Setup Application.) -- C:\Users\Anne-So\AppData\Local\Temp\eTypeSetup.exe [415128]
[MD5.05FECA1B4B1F7F9D924191716AD3F0BA] [SPRF][03/09/2012] (.Pas de propri�taire - IncrediMail Installer.) -- C:\Users\Anne-So\AppData\Local\Temp\incredibar_installer.exe [463184]
[MD5.8A4AF3B0695F29186AD02E2FD766FA3B] [SPRF][24/09/2012] (.SweetIM Technologies Ltd. - SQLite DLL.) -- C:\Users\Anne-So\AppData\Local\Temp\mgsqlite3.dll [393016]
[MD5.3BC99A0FA7587F04633059DFFE232101] [SPRF][02 =>Adware.MegaSearch2] (...) -- C:\Users\Anne-So\AppData\Local\Temp\PricePeepInstaller-BetterInstaller.exe [453728]
[MD5.AA70C0E09D582B4346FF46F163F8B0D0] [SPR =>PUP.SweetIMweetIM Installer by SweetPacks.) -- C:\Users\Anne-So\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe [6796120]
[MD5.7704B843006444B69486FD27D4660845] [SPRF][24/09/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\Anne-So\AppData\Local\Temp\SIMEEIInstaller.exe [3380216]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][08/01/2013] (...) -- =>Adware.IncrediBar\Local\Temp\tbBitt.dll [4451144]
[MD5.73406FA9287B36CA4163797C73A2CD04] [SPRF][16/07/2012] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Anne-So\AppData\Loca =>PUP.SweetIM5.6197B2FAA9D92650B39B50633A745A97] [SPRF][27/12/2012] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Anne-So\Desktop\jre-7u10-windows-x64.exe [32946152]
[MD5.7D64E668F29E33EB66925BF3EE443614] [SPRF][27/12/2012] (...) -- C:\Users\Anne-So\Desktop\SearchAmong_Softonic.exe [1098752]
[MD5.D6B659CCAA7A769A922B16849405B7C4] [SPRF][27/12/2012] (.SimilarSites - Pas de description.) -- C:\Users\Anne-So\Desktop\SimilarBundleDl.exe [73096]
[MD5.2548F911A49D1BD3377A2F88B1422 =>PUP.SweetIM230D453AD168EF54EA] [SPRF][05/05/2011] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 10.3 r181.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3119264]
~ Files: Scanned in 00mn 06s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{253A8E75-1543-461A-B71A-9069C982024F}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (.not file.)
O87 - FAEL: "{9E01CC50-B7B1-468F-A2DB-F9B19983EBBE}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\NVIDIA Corporation\NVI =>Adware.SearchAmong Technologies, Ltd. - SweetIM Installer.) -- C:\Users\Anne-So\Downloads\SweetImSetup.exe
O87 - FAEL: "{A7943A69-F803-4DF8-A643-DDB61D77E917}" | In - Public - P17 - TRUE | .(.SweetIM Technologies, Ltd. - SweetIM Installer.) -- C:\Users\Anne-So\Downloads\SweetImSetup.exe
O87 - FAEL: "{0DE1A6F7-579C-4CF1-9285-53431EB188EB}" | In - Private - P6 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O87 - FAEL: "{DC106C6E-595D-4E55-B0FA-751DF7A7B443}" | In - Private - P17 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O87 - FAEL: "TCP Query User{9CA7FA46-DB0A-4973-9D67-0E0B5B8566CB}C:\users\all\appdata\local\temp\gw2.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\all\appdata\local\temp\gw2.exe (.not file.)
O87 - FAEL: "UDP Query User{27F7F06B-7C5B-4D64-93FA-A2080C47FD22}C:\users\all\appdata\local\temp\gw2.exe" |I =>PUP.SweetIMild wars 2\gw2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\guild wars 2\gw2.exe (.not file.)
O87 - FAEL: "UDP Query User{6A475164-C88F-4C15-9941 =>PUP.SweetIM}C:\program files (x86)\guild wars 2\gw2.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\guild wars 2\gw2.exe (.not file.)
O87 - FAEL: "UDP Query User{B785C0F8-3030-4AC6-96B1-3ECEFB3CF3E9} =>PUP.SweetIMwnloads\teeworlds-0.6.1-win32\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\all\downloads\teeworlds-0.6.1-win32\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe
O87 - FAEL: "UDP Query User{9C9A0B38-C424-40B1-A7D6-9C74EC3D121D}C:\users\all\downloads\teeworlds-0.6.1-win32\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\all\downloads\teeworlds-0.6.1-win32\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe
~ Firewall: 254 Legitimates Filtered in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.12368 - (01/06/2013)
Cl�s trouv�es (Keys found) : 252
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 25
Fichiers trouv�s (Files found) : 19

[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}] =>Adware.SearchAmong
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}] =>Adware.SearchAmong
[HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Classes\sim-packages] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj] =>PUP.SweetIM
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKLM\Software\CrazyLoader] =>Adware.SPointer
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DSNR Labs] =>Toolbar.Agent
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}] =>Adware.DoubleD
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}] =>Adware.DoubleD
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}] =>Adware.DoubleD
[HKCU\Software\JavaSoft\Prefs\crazyloader] =>Adware.SPointer
[HKCU\SOFTWARE\InstallCore\funmoods] =>PUP.Funmoods
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}] =>Adware.SearchAmong
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}] =>Adware.SearchAmong
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl] =>Toolbar.SimilarSites
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{807DF5E0-4EF7-48a8-A405-239F3E29FFA9}] =>Toolbar.SimilarSites
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}] =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils] =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1] =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator] =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}] =>Toolbar.SimilarSites
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}] =>Toolbar.SimilarSites
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}] =>Toolbar.SimilarSites
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}] =>Toolbar.SimilarSites
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Vid-Saver_RASAPI32] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Vid-Saver_RASMANCS] =>Adware.VidSaver
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}] =>Toolbar.SimilarSites
[HKLM\Software\Wow6432Node\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}] =>Toolbar.SimilarSites
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_cacaoweb_RASMANCS] =>PUP.CacaoWeb
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_cacaoweb_RASAPI32] =>PUP.CacaoWeb
[HKLM\Software\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM
[HKLM\Software\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar.CT2849852] =>Toolbar.Conduit
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar.1] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE.1] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2849852] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\PriceGong =>Adware.PriceGong
C:\Program Files (x86)\SweetIM =>PUP.SweetIM
C:\Program Files (x86)\Webplayer setup =>Adware.SocialSkinz
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\SweetIM =>PUP.SweetIM
C:\ProgramData\SimilarSites =>Toolbar.SimilarSites
C:\Users\Anne-So\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Anne-So\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
C:\Users\Anne-So\AppData\Roaming\Crazyloader =>Adware.SPointer
C:\Users\Anne-So\AppData\Roaming\eType =>Adware.Zugo
C:\Users\Anne-So\AppData\Roaming\Funmoods =>PUP.Funmoods
C:\Users\Anne-So\AppData\Roaming\SimilarSites =>Toolbar.SimilarSites
C:\Users\Anne-So\AppData\Local\Babylon =>Toolbar.Babylon
C:\Users\Anne-So\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Anne-So\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\Anne-So\AppData\LocalLow\BittorrentBar_FR =>Toolbar.Conduit
C:\Users\Anne-So\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Anne-So\AppData\LocalLow\Minibar =>Toolbar.Minibar
C:\Users\Anne-So\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Anne-So\AppData\LocalLow\searchquband =>Adware.Bandoo
C:\Users\Anne-So\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
C:\Users\Anne-So\AppData\LocalLow\SweetIM =>PUP.SweetIM
C:\Users\Anne-So\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM
C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\Smartbar =>Hijacker.SmartBar
C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\SearchPlugins\SweetIM Search.xml =>PUP.SweetIM
C:\Users\Anne-So\AppData\Roaming\Mozilla\Firefox\Profiles\n9rqrvuj.default\SearchPlugins\sweetim.xml =>PUP.SweetIM
C:\Users\Anne-So\AppData\Local\Temp\bundlesweetimsetup.exe =>PUP.SweetIM
C:\Users\Anne-So\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe =>PUP.SweetIM
C:\Users\Anne-So\AppData\Local\Temp\SIMEEIInstaller.exe =>PUP.SweetIM
C:\Users\Anne-So\AppData\Local\Temp\incredibar_installer.exe =>Adware.IncrediBar
C:\Users\Anne-So\AppData\Local\Temp\YontooTix2109133.log =>Adware.Yontoo
C:\Users\Anne-So\AppData\Local\Temp\PricePeepInstaller-BetterInstaller.exe =>Adware.PricePeep
C:\Users\Anne-So\AppData\Local\Temp\BI_RunOnce.exe =>Adware.MegaSearch
C:\Users\Anne-So\AppData\Local\Temp\mgsqlite3.dll =>PUP.SweetIM
C:\Users\Anne-So\AppData\Local\Temp\tbBitt.dll =>Toolbar.Conduit
C:\Users\Anne-So\AppData\Local\Temp\tbedrs.dll =>Toolbar.Conduit
~ Additionnel Scan: 234288 Items scanned in 00mn 36s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "9EE58E3C298524145B73CBBED3CAC4D3" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe
~ Update Products: 95 Legitimates Filtered in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 27/01/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/01 =>PUP.SweetIMram Files\iPod\bin\iPodService.exe
SR - | Auto 15/05/2013 1144144 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2012 654408 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 12/05/2013 884512 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s




--\\ Recherche Master Boot Record Infection (MBR)(O80)
tealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
un by Anne-So at 01/06/2013 22:22:23

evice: opened successfully
ser: error reading MBR

isk trace:
rror: Read Descripteur non valide
ernel: error reading MBR
MBR: 9 Legitimates Filtered in 00mn 02s



--\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
ritten by ad13, http://ad13.geekstog
un by Anne-So at 01/06/2013 22:22:25

******** Dump file Name *********
:\PhysicalDisk0_MBR.bin
MBR: Scanned in 00mn 04s



3194 Legitimates filtered by white list
nd of the scan (1074 lines in 11mn 11s)(0)







































Publicité


Signaler le contenu de ce document

Publicité