Rapport de ZHPDiag v2013.4.24.149 par Nicolas Coolman, Update du 24/04/2013
Run by Portable at 25/04/2013 21:02:23
State : 
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 12.0 (Defaut)
GCIE: Google Chrome v26.0.1410.64

---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
avast! Free Antivirus v7.0.1474.0
Windows Defender W7

---\\ System Optimizer
CCleaner v3.28

---\\ Software Update
Adobe Flash Player 10 ActiveX
Adobe Reader X

---\\ System Information
~ Processor: AMD64 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1918 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 56 GB (38%) free of 146 GB

---\\ Logged in mode
~ Computer Name: PORTABLE-PC
~ User Name: Portable
~ All Users Names: Portable, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Portable\AppData\Roaming\
~ %Desktop% : C:\Users\Portable\Desktop\
~ %Favorites% : C:\Users\Portable\Favorites\
~ %LocalAppData% : C:\Users\Portable\AppData\Local\
~ %StartMenu% : C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 56 Go of 146 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 129 Go of 153 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 1/42
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/34
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe   [275072] [PID.2400]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4297136] [PID.2828]
[MD5.5BB89B62C340AEFD5967E57FC07DA5EF] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe   [1151152] [PID.2856]  =>Toolbar.AVGSearch
[MD5.92DCCD7AD8FB9FB475A4F48086938838] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe   [114992] [PID.2872]  =>PUP.SweetIM
[MD5.45C8E611C40AF695669544F776D547D4] - (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe   [1718920] [PID.2704]
[MD5.7A4B1226D9ABEA436869A44F65D0E293] - (...) -- C:\Program Files (x86)\majpctuto_fr_6\pctuto_fr_6.exe   [3855224] [PID.2908]
[MD5.53D96678FB89F056D5285101481297D9] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [421160] [PID.2952]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe   [49208] [PID.2984]
[MD5.4F69AABB5D82AA4EF6DFF7871212ADF6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [924600] [PID.2452]
[MD5.A7B6857B7503D9CA4F40D17A7EBB67FB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [16824] [PID.3416]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe   [1822424] [PID.5000]
[MD5.AD7E37EFF04D3B1DE2F8D78881A435BC] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe   [2726912] [PID.3704]
[MD5.8ECBD447964D1D003FF0ADAA10AE3376] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6987264] [PID.3792]
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [44808] [PID.1228]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65192] [PID.1868]
[MD5.20F6F19FE9E753F2780DC2FA083AD597] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [37664] [PID.1912]
[MD5.F2060A34C8A75BC24A9222EB4F8C07BD] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe   [349472] [PID.1264]
[MD5.255E5D46E0AA582C05701791C30ABA27] - (...) -- C:\Users\Portable\AppData\Local\pctuto_fr_6\suppct_fr_6.exe   [3057016] [PID.2320]
[MD5.CBA3F6EF1E70167DB376B4013F71A62B] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe   [722528] [PID.2704]  =>Toolbar.AVGSearch
[MD5.3AD1E72748978D8B0B3B674741E4C3E2] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe   [968880] [PID.2704]  =>Toolbar.AVGSearch
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] gnature":"DK9q7Ww7x7mLj5gj08hO8hn/42/TU0+mPZDhZcs1IuI=","_version":3,"browser":{"show_home_button":false},"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","defdhglnppeioeflggkmglipcecffkhk","gaiilaahiahdejapggenmdmafpmbipje","icmlaeflemplmjndnaapfdbbnpncnbda","mkfokfffehpeedafpekjeddnmnjhmcmk","pjkljhegncpnkpknbcohdijeoejaedia"]},"homepage":"http://www.google.com,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":760,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":18002,"d
G0 - GCSP: Preference [User Data\Default] l","version":"1.1.11"},{"enabled":true,"name":"VLC Multimedia Plug-in"},{"enabled":true,"name":"Windows Live™ Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3538.0513_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Live™ Photo Gallery"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.6r626"},{"enabled":true,"name":"Shockwave"}]},"profile":{"avatar_index":0,"content_settings":{"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"name":"Premier utilisateur"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["http://
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\prefs.js
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\user.js
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\daemon-search.xml
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\Search.xml
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\SearchResults.xml
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\SweetIM Search.xml  =>PUP.SweetIM
M3 - MFPP: Plugins - [Portable] -- C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\sweetim.xml  =>PUP.SweetIM
M3 - MFPP: Plugins - [Portable] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg-secure-search.xml
M3 - MFPP: Plugins - [Portable] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml  =>Toolbar.Babylon
M3 - MFPP: Plugins - [Portable] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\SearchResults.xml
M0 - MFSP: prefs.js [Portable - wea5g4iu.default] www.alice.fr
M2 - MFEP: prefs.js [Portable - wea5g4iu.default\avg@toolbar] [] AVG Security Toolbar v14.2.0.1 (..)
M2 - MFEP: prefs.js [Portable - wea5g4iu.default\ffxtlbr@funmoods.com] [] Funmoods.com v1.5.1 (..)  =>PUP.Funmoods
M2 - MFEP: prefs.js [Portable - wea5g4iu.default\toolbar@ask.com] [] VirtualDJ Toolbar v1.5.1 (..)
M2 - MFEP: prefs.js [Portable - wea5g4iu.default\{33e0daa6-3af3-d8b5-6752-10e949c61516}] [] Complitly - Speed up your search with your personal search suggestions tool v1.1 (..)  =>Adware.PredictAd
M2 - MFEP: prefs.js [Portable - wea5g4iu.default\{99079a25-328f-4bd4-be04-00955acaa0a7}] [] Searchqu Toolbar v4.3.1.00 (..)  =>PUP.Datamngr
M2 - MFEP: prefs.js [Portable - wea5g4iu.default\{bb1227ac-7a0d-4076-8c1a-51a1348f6fa8}] [] WinZipBar_FR Community Toolbar v3.18.0.7 (..)
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com  =>PUP.Funmoods
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com  =>PUP.Funmoods
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.funmoods.com  =>PUP.Funmoods
R3 - URLSearchHook: UrlSearchHook Class [64Bits] - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.17.3.36670) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll  =>Toolbar.Ask
R3 - URLSearchHook: WinZipBar_FR Toolbar [64Bits] - {bb1227ac-7a0d-4076-8c1a-51a1348f6fa8} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\WinZipBar_FR\prxtbWinZ.dll  =>Toolbar.Conduit
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: PCTBHO [64Bits] - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} . (.PCTUTO - ....) -- C:\Program Files (x86)\PCTuto\pctutoBHO.dll
O2 - BHO: BHO Project [64Bits] - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} . (.InternetEngine - Pas de description.) -- C:\Program Files (x86)\Object\bho_project.dll
O2 - BHO: AVG Security Toolbar [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.Pas de propriétaire - toolbar.dll.) -- C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll  =>Toolbar.AVGSearch
O2 - BHO: WinZipBar_FR [64Bits] - {bb1227ac-7a0d-4076-8c1a-51a1348f6fa8} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\WinZipBar_FR\prxtbWinZ.dll  =>Toolbar.Conduit
O2 - BHO: Complitly [64Bits] - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} . (.SimplyGen - Complitly - Helps you search the web.) -- C:\Users\Portable\AppData\Roaming\Complitly\Complitly.dll  =>Adware.PredictAd
O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll  =>Toolbar.Ask
O2 - BHO: BHO Project [64Bits] - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} . (.InternetEngine - Pas de description.) -- C:\Program Files (x86)\Object\bho_project.dll
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll  =>PUP.SweetIM
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: DAEMON Tools Toolbar [64Bits] - [HKLM]{32099AAC-C132-4136-9E9A-4E364A424E17} . (.Pas de propriétaire - ToolBand Module.) -- C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe 
O4 - HKCU\..\Run: [StartCCC] . (...) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe 
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe   =>Toolbar.AVGSearch
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe   =>PUP.SweetIM
O4 - HKLM\..\Wow6432Node\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe 
O4 - HKLM\..\Wow6432Node\Run: [pctuto_fr_6] . (...) -- C:\Program Files (x86)\majpctuto_fr_6\pctuto_fr_6.exe 
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe 
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Wow6432Node\RunOnce: [autoupdater] . (.PCTuto - autoupdater.) -- C:\Users\Portable\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-1735111957-1543672001-883108483-501\..\Run: [StartCCC] . (...) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 
O4 - HKUS\S-1-5-21-1735111957-1543672001-883108483-501\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.)  -- C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe 
O4 - GS\QuickLaunch: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.)  -- C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe 
O4 - GS\QuickLaunch: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.)  -- C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe 
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - GS\Desktop: Algobox.lnk . (...)  -- C:\Program Files (x86)\Algobox\algobox.exe
O4 - Global Startup: C:\Users\Portable\Desktop\mAIL nAT.URL . (.International GeoGebra Institute - GeoGebra Installer.)  -- C:\Users\Portable\Desktop\mAIL nAT.URL
O4 - GS\Desktop: xcasfr.lnk . (...)  -- C:\xcas\xcasfr.bat 
O4 - GS\Desktop: xcas_doc.lnk . (...)  -- C:\xcas\doc\index.html 
~ Global Startup:  Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3774AB11-05BD-4168-B043-DEFD7934FD61}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{E17751ED-9578-4C6B-9194-01724576415E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{3774AB11-05BD-4168-B043-DEFD7934FD61}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E17751ED-9578-4C6B-9194-01724576415E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{3774AB11-05BD-4168-B043-DEFD7934FD61}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{E17751ED-9578-4C6B-9194-01724576415E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\WINDOW~2\Datamngr\x64\datamngr.dll (.not file.)  =>PUP.Datamngr
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe
O23 - Service: Software Updater (SrvUpdater) . (.Pas de propriétaire - Updater.) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
O23 - Service: suppct_fr_6 (suppct_fr_6) . (...) - C:\Users\Portable\AppData\Local\pctuto_fr_6\suppct_fr_6.exe
O23 - Service:  (vToolbarUpdater12.2.6) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe  =>Toolbar.AVGSearch
O23 - Service:  (vToolbarUpdater14.2.0) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe  =>Toolbar.AVGSearch
~ Services: 13 Legitimates Filtered in 00mn 16s



---\\ Tâches planifiées en automatique (O39)
[MD5.90FB85DF126AC74CF57AD9C528C08B49] [APT] [DealPly] (...) -- C:\Users\Portable\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe   [91024]  =>PUP.DealPly
[MD5.F8981A707176C89162202985F45A5947] [APT] [Funmoods] (...) -- C:\Users\Portable\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe   [99704]  =>PUP.Funmoods
[MD5.3BC76D8E1DE12122930E3AAF050DE577] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe   [137864]  =>Toolbar.Ask
~ Scheduled Task: 20 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: AcerOrbiCam - (.Sonix.) [HKLM][64Bits] -- {D26569C3-9B03-4669-9EC5-9FCF70933688}
O42 - Logiciel: Chroma v.3.6 - (.© Serge LAGIER.) [HKLM][64Bits] -- Chroma_is1
O42 - Logiciel: Complitly - (...) [HKLM][64Bits] -- Complitly_is1  =>Adware.PredictAd
O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme
O42 - Logiciel: Funmoods Web Search - (...) [HKLM][64Bits] -- funmoods  =>PUP.Funmoods
O42 - Logiciel: Geoplan-Geospace version 1.6 - (.Aid-creem.) [HKLM][64Bits] -- {1AA0F610-7226-4C99-85D7-5E75AFD0D5CE}_is1
O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto_is1
O42 - Logiciel: SweetIM for Messenger 3.6 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {B85C4CB2-B352-4BD8-818C-BCE353599107}  =>PUP.SweetIM
O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1
O42 - Logiciel: Update_DealPly - (...) [HKCU][64Bits] -- DealPly  =>PUP.DealPly
O42 - Logiciel: majpctuto_fr_6-1.0 - (.MajPCTuto.) [HKLM][64Bits] -- majpctuto_fr_6_is1
~ Logic: 116 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Smartbar]  =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\Ask.com]
[HKCU\Software\Complitly]  =>Adware.PredictAd
[HKCU\Software\DataMngr]  =>PUP.Datamngr
[HKCU\Software\Geoplace]
[HKCU\Software\PCTuto]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM]  =>PUP.SweetIM
[HKCU\Software\TutoTag]
[HKCU\Software\Tutorials]
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AedgePerformanceBCN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Babylon]  =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\DataMngr]  =>PUP.Datamngr
[HKLM\Software\Wow6432Node\ENE Technology Inc]
[HKLM\Software\Wow6432Node\MajPCTuto]
[HKLM\Software\Wow6432Node\PCTuto]
[HKLM\Software\Wow6432Node\SearchquMediabarTb]  =>PUP.Datamngr
[HKLM\Software\Wow6432Node\SweetIM]  =>PUP.SweetIM
~ Key Software: 186 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/03/2013 - 20:14:21 - [4,191] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 15/02/2012 - 23:14:30 - [0,749] ----D C:\Program Files (x86)\Complitly  =>Adware.PredictAd
O43 - CFD: 07/08/2012 - 12:20:11 - [2,012] ----D C:\Program Files (x86)\Funmoods  =>PUP.Funmoods
O43 - CFD: 20/10/2011 - 20:25:41 - [7,880] ----D C:\Program Files (x86)\Geoplan-Geospace
O43 - CFD: 05/12/2012 - 10:07:26 - [0] ----D C:\Program Files (x86)\majpctuto
O43 - CFD: 05/12/2012 - 10:07:42 - [4,383] ----D C:\Program Files (x86)\majpctuto_fr_6
O43 - CFD: 15/10/2011 - 16:04:56 - [0,197] ----D C:\Program Files (x86)\Object
O43 - CFD: 24/01/2012 - 09:17:25 - [6,618] ----D C:\Program Files (x86)\PCTuto
O43 - CFD: 09/11/2011 - 15:12:01 - [17,623] ----D C:\Program Files (x86)\Serge_LAGIER
O43 - CFD: 17/02/2012 - 22:02:51 - [8,368] ----D C:\Program Files (x86)\SweetIM  =>PUP.SweetIM
O43 - CFD: 15/02/2012 - 23:11:57 - [0] ----D C:\ProgramData\Babylon  =>Toolbar.Babylon
O43 - CFD: 22/08/2011 - 08:33:40 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 23/06/2011 - 19:59:34 - [0,245] ----D C:\ProgramData\SweetIM  =>PUP.SweetIM
O43 - CFD: 15/02/2012 - 23:11:56 - [0,011] ----D C:\Users\Portable\AppData\Roaming\Babylon  =>Toolbar.Babylon
O43 - CFD: 15/02/2012 - 23:14:30 - [0,467] ----D C:\Users\Portable\AppData\Roaming\Complitly  =>Adware.PredictAd
O43 - CFD: 15/02/2013 - 16:16:11 - [0,087] ----D C:\Users\Portable\AppData\Roaming\DealPly  =>PUP.DealPly
O43 - CFD: 15/02/2013 - 16:16:58 - [0,095] ----D C:\Users\Portable\AppData\Roaming\Funmoods  =>PUP.Funmoods
O43 - CFD: 23/06/2011 - 19:59:25 - [2,062] ----D C:\Users\Portable\AppData\Roaming\PCtuto
O43 - CFD: 05/12/2012 - 10:07:45 - [2,916] ----D C:\Users\Portable\AppData\Local\pctuto_fr_6
O43 - CFD: 05/12/2012 - 10:07:45 - [0,000] ----D C:\Users\Portable\AppData\Local\suppct_fr_6
O43 - CFD: 09/11/2011 - 15:12:06 - [0,001] ----D C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serge.LAGIER
~ 198 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 404 Legitimates Filtered in 01mn 02s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.7FD57A6F4936E63381AB9CC20CE066E4] - 08/04/2013 - 18:06:34 ---A- - C:\Windows\Prefetch\ONECLICK.EXE-946FCD3E.pf
O45 - LFCP:[MD5.298D5A2FEC0072FF80C2A1A4A42E1B28] - 08/04/2013 - 18:41:59 ---A- - C:\Windows\Prefetch\ZUNE.EXE-FDE8F2F5.pf
O45 - LFCP:[MD5.CA86BFE173B8A6122F5B87FD67226FCC] - 08/04/2013 - 18:42:46 ---A- - C:\Windows\Prefetch\WMZUNECOMM.EXE-2B5BEF9D.pf
O45 - LFCP:[MD5.19037A6B7F5FFE1966B018688BD950CC] - 19/04/2013 - 14:50:43 ---A- - C:\Windows\Prefetch\SWEETIM.EXE-65CDB3C1.pf  =>PUP.SweetIM
O45 - LFCP:[MD5.A354C6E676881E2A345F868AC2263447] - 20/04/2013 - 15:04:54 ---A- - C:\Windows\Prefetch\UPDATEPCTUTO.EXE-2C9FBFD0.pf
O45 - LFCP:[MD5.9986A9A4AC45FF3AB3F03D08AAE74B89] - 20/04/2013 - 15:34:50 ---A- - C:\Windows\Prefetch\VPROT.EXE-0ECD5C8A.pf
~ Prefetcher: 105 Legitimates Filtered in 00mn 02s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{848bc154-ac56-11e0-a317-0016d4a8f644}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
~ Drivers:  Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 123 Legitimates Filtered in 00mn 01s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\askcom.xml
O69 - SBI: C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.InstallationId", "ConduitStubGeneric");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.InstallationType", "ConduitStubIntegration");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.SearchCaption", "WinZipBar_FR Customized Web Search");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.SearchEngineBeforeUnload", "WinZipBar_FR Customized Web Search");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3148726&SearchSource=2&q=");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.TBHomePageUrl", "http://search.conduit.com/?ctid=CT3148726&SearchSource=13");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.TrusteLinkUrl", "http://trust.conduit.com/CT3148726");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CT3148726.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3148726&SearchSource=13");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ConduitSearchList", "WinZipBar_FR Customized Web Search");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3148726/CT3148726", "\"2a84ff-82f-49024409b8900[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1547114/1542153/FR", "\"0\"");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3148726", "\"0\"");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "YL5qGEbYRXsHz8aKeY8[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "baZTA2tXV7T4AAbft31a[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "jKoBOjdPF2fwBUlNTkZ[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "VobDslsbJdJvb4C6TOif7w[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"04afd94b864cd1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"")[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3148726", "\"e139de4683379d27a8b98ba428[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT3148726&octid=CT3148726", "\"1322516048\"");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"da1aa0987fa552be22d0ed64dc[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"9728ae2b8c1e57d1876ec9fe7946c560\[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Portable\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\wea5g4iu.[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q=");  =>PUP.Datamngr
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ToolbarsList", "CT3148726");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ToolbarsList2", "CT3148726");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.ToolbarsList4", "CT3148726");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.globalUserId", "df4b3362-7a70-411f-9e4a-047456f40734");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3148726");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Mar 22 2013 18:48:19 GMT+0100");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Mar 22 2013 18:48:54 GMT+0100");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.locale", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Mar 22 2013 18:48:47 GMT+0100");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.notifications.userId", "f84fa339-e174-4a7b-9910-96875a61aa57");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.originalHomepage", "http://www.searchqu.com/410");  =>PUP.Datamngr
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("CommunityToolbar.originalSearchEngine", "Web Search");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.cc", "FR");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.client_js_http_src", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.client_js_https_src", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.date", "1361813625000");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.finished", "14.2.0.1");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guardKUCount", 1);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guardKUCountInit", 156);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.guid", "{5aa454f6-b890-43bc-8521-62d581c44e43}");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.installDirPath", "C:\\Users\\Portable\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\wea5g4iu.default\\exte[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.isHidden", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.lastUpdaterReq", "1366474765000");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.laststatreq", "1366474461000");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.newtab", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.overlayVersion", "634961130452065000");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.rewardsDisabled", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.updateAddonDate", "2013-02-26 16:17:12");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.updaterInterval", "24");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.userHPSettings", "http://isearch.avg.com/?cid={55E3F7BF-A18A-43CB-9D8B-0EFC60381C3A}&mid=455bbafa677c47d1b4[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("avg.install.userSPSettings", "WinZipBar_FR Customized Web Search");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("browser.search.defaultthis.engineName", "WinZipBar_FR Customized Web Search");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.babExt", "");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_ctrl");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.hardId", "e01ce7ab00000000000000197d36e20a");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.id", "e01ce7ab00000000000000197d36e20a");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15385");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.newTab", true);  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?AF=110000&tt=090212_ctrl&babsrc=NT_ss&mntrId=e01ce7[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:12:14");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");  =>Toolbar.Babylon
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.apn_dbr", "ff_12.0");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.cbid", "8Q");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.config-updated", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.crumb", "2012.06.16+12.47.12-toolbar007iad-FR-Qm9yZGVhdXgsRnJhbmNl");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.default-channel-url-mask", "http://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.displaybehavior", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.displaytext", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.ff-original-keyword-url", "http://isearch.avg.com/search?cid=%7B5aa454f6-b890-43bc-8521-62d581c44e43%7[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.first-launch-url", "http://zimbra.aliceadsl.fr/zimbra/mail#1");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.fresh-install", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.guid", "736C3B9B-F5B5-48A1-BFA7-21D1F31E14AD");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.hpr", "YES");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"ww[...]
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.if", "first");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.keyword-toggled-in-session", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.last-config-req", "1366467567959");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.last-search-timestamp", "1360172329129");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.locale", "fr_FR");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.location", "Bordeaux,France");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.lstation", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.new-tab-opt-out", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.news-native-on", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.o", "41647959");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.pstate", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.r", "3");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.sa", "YES");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.saguid", "3B4DB566-6C10-441A-BFF3-D5D9BFB5CFA1");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.search-history-queries", "jeanmonnetblanquefort.fr||fepem||certificat de non gage");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.search-suggestions-enabled", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.silent-upgrade", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-first", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-interval", "1200000");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-max-items", "30");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-native-on", true);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-speed", "10000");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.socialmini-transition-first-open", false);
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.themeid", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.timeinstalled", "16/06/2012 21:47:47");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.v", "3.17.3.100013");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.version", "5.17.3.36670");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("extensions.asktb.volume", "");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3148726&SearchSource=2&q=");
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.mode.debug", "false");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3148726&SearchSo[...]  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://isearch.avg.com/?cid={55E3F7BF-A18A-43CB-9D8B-0EFC60381C3A}[...]  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.previous.keyword.URL", "");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\[...]  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.search.history", "tbc,Train%20au%20d%C3%A9part%20de%20bordeaux%20arriv%C3%A9e%20Parempuyre01%2F11%2F11,[...]  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.search.history.capacity", "10");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.searchguard.enable", "true");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.simapp_id", "{8E46C5E0-9DC2-11E0-A803-0016D4A8F644}");  =>PUP.SweetIM
O69 - SBI: prefs.js [Portable - wea5g4iu.default] user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?barid={8E46C5E0-9DC2-11E0-A803-0016D4A8F644}");  =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com  =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {3022CFBE-FD88-48EC-9A26-03A9263A8EFF} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {7DA1E934-CC29-CABE-E4E4-0BE97FEBF9C0} - (SweetIM Search) - http://search.sweetim.com  =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com  =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} - (Web Search) - http://www.searchqu.com  =>PUP.Datamngr
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (WinZipBar_FR Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (Funmoods) - http://start.funmoods.com  =>PUP.Funmoods
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D59F24B86431EEB25281BCE7817783F1] [SPRF][12/10/2012] (.Pas de propriétaire - Audacity Setup.) -- C:\Users\Portable\AppData\Local\audacity-1-2-6.exe   [2228534]
[MD5.0F871F3D13B8736D0FE59983ADAB5E81] [SPRF][12/10/2012] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\Portable\AppData\Local\BabylonToolbar.exe   [867480]  =>Toolbar.Babylon
[MD5.70E170057A349351139EBADC3CD2DCC5] [SPRF][15/10/2011] (.International GeoGebra Institute - GeoGebra Installer.) -- C:\Users\Portable\Desktop\geogebra-windows-installer-3.2.46.0-en.exe   [4740496]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{9240E55D-CAF8-460E-919F-27C17F22AF38}" |In - None - P17 - TRUE | .(...) -- E:\setup\hpznui40.exe (.not file.)
O87 - FAEL: "TCP Query User{CEC26C59-5786-40D0-B42E-9562A03BAD16}F:\istudio.exe" |In - Public - P6 - TRUE | .(...) -- F:\istudio.exe (.not file.)
O87 - FAEL: "UDP Query User{E6298A68-1966-4C64-A25A-E3A74A18F13E}F:\istudio.exe" |In - Public - P17 - TRUE | .(...) -- F:\istudio.exe (.not file.)
O87 - FAEL: "{830BB437-93A7-4A9C-8E64-D7D234C34C2E}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Invité\Downloads\SweetImSetup.exe (.not file.)  =>PUP.SweetIM
O87 - FAEL: "{488F2A64-87EC-4C4D-97DB-F24134C56EE4}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Invité\Downloads\SweetImSetup.exe (.not file.)  =>PUP.SweetIM
~ Firewall: 238 Legitimates Filtered in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.11707 - (24/04/2013)
Clés trouvées (Keys found) : 291
Valeurs trouvées (Values found) : 4
Dossiers trouvés  (Folders found) : 33
Fichiers trouvés  (Files found) : 7

[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]   =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]   =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}]   =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]   =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]   =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}]   =>Adware.PredictAd
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA}]   =>PUP.Eorezo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}]   =>PUP.Eorezo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}]   =>PUP.Eorezo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}]   =>PUP.Eorezo
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]   =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}]   =>Adware.PredictAd
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]   =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}]   =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{759F1421-4D31-4C1F-8C51-E4956A037676}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{759F1421-4D31-4C1F-8C51-E4956A037676}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676}]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676}]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]   =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}]   =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]   =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}]   =>Adware.AskSBAR
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]   =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}]   =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}]   =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}]   =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB1227AC-7A0D-4076-8C1A-51A1348F6FA8}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB66DE22-B660-4059-8C9E-D218433490DB}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]   =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}]   =>Parasite.Pugi
[HKLM\Software\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}]   =>Parasite.Pugi
[HKLM\Software\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Classes\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e}]   =>Adware.PredictAd
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]   =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]   =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]   =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78}]   =>PUP.Eorezo
[HKLM\Software\Wow6432Node\Classes\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78}]   =>PUP.Eorezo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]   =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]   =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\Complitly.DLL]   =>Adware.PredictAd
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL]   =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\PCTutoBHO.DLL]   =>Spyware.AgenceExclusive
[HKLM\Software\Classes\AppID\ScriptHelper.EXE]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk]   =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe]   =>PUP.SweetIM
[HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.PugiObj]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.PugiObj.1]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\bho_project.bho_object]   =>PUP.FCTPlugin
[HKLM\Software\Classes\bho_project.bho_object.1]   =>PUP.FCTPlugin
[HKLM\Software\Classes\esrv.funmoodsESrvc]   =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1]   =>PUP.Funmoods
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd]   =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1]   =>Adware.AskSBAR
[HKLM\Software\Classes\PCTutoBHO.PCTBHO]   =>Spyware.AgenceExclusive
[HKLM\Software\Classes\PCTutoBHO.PCTBHO.1]   =>Spyware.AgenceExclusive
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi]   =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1]   =>Toolbar.Agent
[HKLM\Software\Classes\sim-packages]   =>Toolbar.Agent
[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho]   =>Adware.PredictAd
[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1]   =>Adware.PredictAd
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE]   =>Toolbar.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]   =>Adware.PredictAd
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]   =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]   =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]   =>Adware.PredictAd
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]   =>PUP.Funmoods
[HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]   =>Adware.SearchYa
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]   =>Adware.SearchYa
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl]   =>PUP.FCTPlugin
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]   =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]   =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\AedgePerformanceBCN]   =>Adware.SPointer
[HKCU\Software\APN]   =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN]   =>Toolbar.Ask
[HKCU\Software\Ask.com]   =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar]   =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar]   =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]   =>Toolbar.Conduit
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr]   =>Adware.Bandoo
[HKCU\Software\funmoods]   =>PUP.Funmoods
[HKCU\Software\PCTuto]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\PCTuto]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\SearchquMediabarTb]   =>Adware.Bandoo
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKCU\Software\SweetIM]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM]   =>PUP.SweetIM
[HKCU\Software\AppDataLow\Toolbar]   =>Toolbar.Conduit
[HKCU\Software\Tutorials]   =>Spyware.AgenceExclusive
[HKCU\Software\Complitly]   =>Adware.PredictAd
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]   =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search]   =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]   =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facetheme]   =>PUP.FCTPlugin
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1]   =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_FR Toolbar]   =>Toolbar.Agent
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current]   =>PUP.MediaFinder
[HKLM\Software\Classes\DTToolbar.ToolBandObj]   =>Toolbar.ToolBand
[HKLM\Software\Classes\DTToolbar.ToolBandObj.1]   =>Toolbar.ToolBand
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0]   =>PUP.SweetIM
[HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}]   =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils]   =>PUP.SweetIM
[HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1]   =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator]   =>PUP.SweetIM
[HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420]   =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\2BC4C58B253B8DB418C8CB3E35951970]   =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\2BC4C58B253B8DB418C8CB3E35951970]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970]   =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\FA20CB7A821113A4CB8FA1E38E303D3B]   =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\FA20CB7A821113A4CB8FA1E38E303D3B]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\FA20CB7A821113A4CB8FA1E38E303D3B]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\FA20CB7A821113A4CB8FA1E38E303D3B]   =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}]   =>PUP.FCTPlugin
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}]   =>PUP.FCTPlugin
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}]   =>PUP.FCTPlugin
[HKLM\Software\Classes\SWEETIE.IEToolbar]   =>PUP.SweetIM
[HKLM\Software\Classes\SWEETIE.IEToolbar.1]   =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]   =>PUP.SweetIM
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]   =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE]   =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar3.SWEETIE.1]   =>PUP.SweetIM
[HKLM\Software\Classes\Toolbar.CT3148726]   =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\escort.DLL]   =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe]   =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc.1]   =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar.1]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE.1]   =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3148726]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL]   =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}]   =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}]   =>PUP.SweetIM^
[HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156]   =>PUP.SweetIM^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}   =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17}   =>Toolbar.DaemonTools
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17}   =>Toolbar.DaemonTools
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17}   =>Toolbar.DaemonTools
C:\Program Files (x86)\Ask.com   =>Toolbar.AskBar
C:\Program Files (x86)\AVG Secure Search   =>Toolbar.AVGSearch
C:\Program Files (x86)\Conduit   =>Toolbar.Conduit
C:\Program Files (x86)\DAEMON Tools Toolbar   =>Toolbar.Agent
C:\Program Files (x86)\Funmoods   =>PUP.Funmoods
C:\Program Files (x86)\object   =>PUP.FCTPlugin
C:\Program Files (x86)\PCTuto   =>Spyware.AgenceExclusive
C:\Program Files (x86)\SweetIM   =>PUP.SweetIM
C:\Program Files (x86)\Windows Searchqu Toolbar   =>Adware.Bandoo
C:\Program Files (x86)\WinZipBar_FR   =>Toolbar.Agent
C:\Program Files (x86)\majpctuto   =>PUP.Eorezo
C:\Program Files (x86)\Common Files\AVG Secure Search   =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search   =>Toolbar.AVGSearch
C:\ProgramData\Babylon   =>Toolbar.Babylon
C:\ProgramData\SweetIM   =>PUP.SweetIM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto   =>Spyware.AgenceExclusive
C:\Users\Portable\AppData\Roaming\Babylon   =>Toolbar.Babylon
C:\Users\Portable\AppData\Roaming\DealPly   =>PUP.DealPly
C:\Users\Portable\AppData\Roaming\Funmoods   =>PUP.Funmoods
C:\Users\Portable\AppData\Roaming\PCTuto   =>Spyware.AgenceExclusive
C:\Users\Portable\AppData\Local\AVG Secure Search   =>Toolbar.AVGSearch
C:\Users\Portable\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\Portable\AppData\LocalLow\AskToolbar   =>Toolbar.AskTBar
C:\Users\Portable\AppData\LocalLow\AVG Secure Search   =>Toolbar.AVGSearch
C:\Users\Portable\AppData\LocalLow\BabylonToolbar   =>Toolbar.Babylon
C:\Users\Portable\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\Portable\AppData\LocalLow\searchqutoolbar   =>Adware.Bandoo
C:\Users\Portable\AppData\LocalLow\SweetIM   =>PUP.SweetIM
C:\Users\Portable\AppData\LocalLow\WinZipBar_FR   =>Toolbar.Agent
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\searchqutoolbar   =>Adware.Bandoo
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\SweetIMToolbarData   =>PUP.SweetIM
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\Extensions\toolbar@ask.com   =>Toolbar.AskTBar
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\Extensions\avg@toolbar   =>Toolbar.AVGSearch
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\SearchPlugins\conduit.xml   =>Toolbar.Conduit
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\SearchPlugins\SearchResults.xml   =>Toolbar.Agent
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\SearchPlugins\SweetIM Search.xml   =>PUP.SweetIM
C:\Users\Portable\AppData\Roaming\Mozilla\Firefox\Profiles\wea5g4iu.default\SearchPlugins\sweetim.xml   =>PUP.SweetIM
C:\Program Files (x86)\object\bho_project.dll   =>PUP.FCTPlugin
C:\Users\Portable\AppData\Local\BabylonToolbar.exe  =>PUP.SweetIM
~ Additionnel Scan: 258729 Items scanned in 00mn 59s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "45ADD8F9B89E76040A8DBF736098468D" . (.Dj Mixer Studio.) -- C:\Windows\Installer\{9F8DDA54-E98B-4067-A0D8-FB37068964D8}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.VirtualDJ Toolbar.) -- c:\program files (x86)\ask.com\cb_c4a1.ico
O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico
O90 - PUC: "FA20CB7A821113A4CB8FA1E38E303D3B" . (.SweetIM Toolbar for Internet Explorer 4.2.) -- C:\Windows\Installer\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}\ARPPRODUCTICON.exe  =>PUP.SweetIM
~ Update Products: 153 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 23/03/2013 253656 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/05/2011 37664 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 08/01/2007 718336 |  (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 30/10/2012 44808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 01/04/2011 183560 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SR - | Auto 06/04/2011 349472 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SS - | Auto 15/11/2011 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/11/2011 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 07/06/2011 934176 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto  0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Demand 09/06/2012 129976 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/03/2011 249648 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Auto 28/02/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto  31744 |  (SrvUpdater) . (...) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
SR - | Auto  3057016 |  (suppct_fr_6) . (...) - C:\Users\Portable\AppData\Local\pctuto_fr_6\suppct_fr_6.exe
SR - | Auto 20/10/2011 2072896 |  (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
SR - | Auto  722528 |  (vToolbarUpdater12.2.6) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe  =>Toolbar.AVGSearch
SR - | Auto  968880 |  (vToolbarUpdater14.2.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe  =>Toolbar.AVGSearch
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 03s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Portable at 25/04/2013 21:08:07

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 1545 Legitimates filtered by white list
End of the scan (1082 lines in 05mn 44s)(0)