Rapport de ZHPDiag v2013.4.27.159 par Nicolas Coolman, Update du 27/04/2013 Run by Utilisateur at 28/04/2013 17:14:14 State : WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 20.0.1 (Defaut) GCIE: Google Chrome v26.0.1410.64 ---\\ Windows Product Information ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Avira Free Antivirus v13.0.0.2678 Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus v3.0.318.3 ---\\ System Optimizer CCleaner v3.14 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 16 Model 6 Stepping 3, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047 MB (52% free) System Restore: Activé (Enable) System drive C: has 76 GB (78%) free of 98 GB ---\\ Logged in mode ~ Computer Name: UTILISAT-8629DA ~ User Name: Utilisateur ~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Utilisateur\Application Data\ ~ %Desktop% : C:\Documents and Settings\Utilisateur\Bureau\ ~ %Favorites% : C:\Documents and Settings\Utilisateur\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Utilisateur\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 76 Go of 98 Go) D:\ CD-ROM drive (Not Inserted) E:\ Hard drive, Flash drive, Thumb drive (Free 80 Go of 135 Go) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/208 ~ Mes musiques (My Musics) : 1/25 ~ Mes Videos (My Videos) : 2/54 ~ Mes Favoris (My Favorites) : 1/14 ~ Mes Documents (My Documents) : 1/2178 ~ Mon Bureau (My Desktop) : 0/652 ~ Menu demarrer (Programs) : 1/54 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.C434B72352FADD9249D5541274021570] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.844] [MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\rundll32.exe [0] [PID.1564] [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1640] [MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576] [PID.116] [MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.152] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.160] [MD5.7F2691FD961C9A704DA221745CCE6295] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe [295512] [PID.180] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.192] [MD5.12133C6195D0A801F57E27CCFC79D20F] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768] [PID.200] [MD5.4BE294C6D202A4495A48ABA8F5F11599] - (.Innovative Apps - Supreme Savings exe.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Updater19962\Updater19962.exe [210312] [PID.220] =>PUP.RewardsArcade [MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.244] [MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.384] [MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.432] [MD5.74EF310FAC89341CE2897B7F2C4A7B0F] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.872] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1968] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2024] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2108] [MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.2248] [MD5.C12476DE1AFFB1BBA1A48A459CEB3D39] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [53248] [PID.2312] [MD5.89525CC2DBAD44F7199B9CC188B3F9C5] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2680] [MD5.0407143F2BBC1A5DD5B518AC0704FCBF] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.2908] [MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3148] [MD5.E46B17060D3962A384AE484094614788] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3512] [MD5.4DB8C3E9A5D6EB99F21B199C28EDE8D1] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [173696] [PID.820] [MD5.469533CC7F16566BE9D3436860E12013] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [563840] [PID.1404] [MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [366720] [PID.1676] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.3796] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.560] [MD5.FE144DB29FE08220948EE92EEA56B43C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7046656] [PID.2504] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\prefs.js C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\user.js M3 - MFPP: Plugins - [Utilisateur] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\searchplugins\delta.xml M3 - MFPP: Plugins - [Utilisateur] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M2 - MFEP: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421\crossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade P2 - FPN: [HKLM] [ZEON/PDF,version=2.0] - (.Zeon Corporation - Zeon PDF Plugin For Mozilla.) -- C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll ~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com =>Toolbar.DeltaSearch R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Zeon Corporation - Zeon PDF Plugin For Mozilla.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} . (.Innovative Apps - Supreme Savings BHO.) -- C:\Program Files\Supreme Savings\Supreme Savings.dll =>PUP.RewardsArcade ~ BHO: 22 Legitimates Filtered in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Updater19962.exe] . (.Innovative Apps - Supreme Savings exe.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Updater19962\Updater19962.exe =>PUP.RewardsArcade O4 - HKCU\..\Run: [Bubble Dock] C:\Documents and Settings\Utilisateur\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-329068152-1085031214-682003330-1004\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKUS\S-1-5-21-329068152-1085031214-682003330-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-329068152-1085031214-682003330-1004\..\Run: [Updater19962.exe] . (.Innovative Apps - Supreme Savings exe.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Updater19962\Updater19962.exe =>PUP.RewardsArcade O4 - HKUS\S-1-5-21-329068152-1085031214-682003330-1004\..\Run: [Bubble Dock] C:\Documents and Settings\Utilisateur\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) -- C:\Program Files\Audacity\audacity.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: Mozilla Thunderbird.lnk . (.Mozilla Messaging - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332526344018 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{653ABBF0-39E9-4D40-850C-D2A26017DD4E}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{653ABBF0-39E9-4D40-850C-D2A26017DD4E}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{653ABBF0-39E9-4D40-850C-D2A26017DD4E}: NameServer = 208.67.222.222,208.67.220.220 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Lkecpshtf.job [312] ~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: ATI Parental Control & Encoder - (.Nom de votre société.) [HKLM] -- {36CDA33B-909B-4719-97D1-C4B99309BDC7} O42 - Logiciel: Supreme Savings - (.Innovative Apps.) [HKLM] -- Supreme Savings =>PUP.RewardsArcade ~ Logic: 94 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Cr_Installer] [HKCU\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\DM] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Ifhyflhuri] [HKCU\Software\InstalledBrowserExtensions] [HKCU\Software\SearchProtect] =>Toolbar.Conduit [HKCU\Software\Supreme Savings] =>PUP.RewardsArcade [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\DomaIQ] [HKLM\Software\Ifhyflhuri] [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\SearchProtect] =>Toolbar.Conduit [HKLM\Software\d55888db16def42] ~ Key Software: 188 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/04/2013 - 18:27:45 - [5,769] ----D C:\Program Files\Supreme Savings =>PUP.RewardsArcade O43 - CFD: 26/04/2013 - 18:27:15 - [0,006] ----D C:\Documents and Settings\Utilisateur\Application Data\Babylon =>Toolbar.Babylon O43 - CFD: 26/04/2013 - 18:27:36 - [0,201] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Updater19962 O43 - CFD: 20/01/2013 - 15:27:04 - [0] -SH-D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\{b8b2757c-2f33-df40-3788-e10b50b88e78} ~ Program Folder: 147 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.80D0CAAB34942126381D409BA1F274EC] - 28/04/2013 - 12:44:21 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.56CA3B588118CF6F4B31FBDB31E96B18] - 28/04/2013 - 12:44:12 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 26/04/2013 - 18:38:08 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.88DECE9D12FA9D140103378653C9CC5C] - 26/04/2013 - 16:33:52 ---A- . (...) -- C:\WINDOWS\wmsetup.log [2835] O44 - LFC:[MD5.9021940D0876E10AAE8D8234391467BE] - 23/04/2013 - 20:23:53 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_21-b11.log [3974] O44 - LFC:[MD5.57159B5E89F2DEBA768C4A1DF6387AEE] - 17/04/2013 - 20:16:32 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver Resource DLL.) -- C:\WINDOWS\system32\usbaaplrc.dll [6112864] O44 - LFC:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 17/04/2013 - 20:16:32 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\Drivers\usbaapl.sys [45056] ~ Files: 28 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.205B1D2B4620D48778911735CA55CB5D] - 28/04/2013 - 09:48:44 ---A- - C:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf ~ Prefetcher: 50 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] - 18/11/2009 - 00:16:00 ---A- . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\system32\Drivers\Ambfilt.sys [1691480] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 25/04/2013 - 00:05:11 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\bookmarkbackups\bookmarks-2013-04-25.json [105491] O61 - LFC: 25/04/2013 - 01:03:22 ---A- C:\Documents and Settings\Utilisateur\Recent\All She Wants- Version Officiel (Laza Morgan feat Nancy Logan).lnk [549] O61 - LFC: 25/04/2013 - 01:03:22 ---A- C:\Documents and Settings\Utilisateur\Recent\Mix.lnk [230] O61 - LFC: 25/04/2013 - 08:42:39 ---A- C:\Documents and Settings\Utilisateur\Mes documents\cv soum.docx [18609] O61 - LFC: 25/04/2013 - 13:09:34 ---A- C:\Documents and Settings\Utilisateur\Recent\SansTitre.lnk [521] O61 - LFC: 25/04/2013 - 23:55:29 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\bookmarkbackups\bookmarks-2013-04-26.json [95469] O61 - LFC: 26/04/2013 - 09:08:23 ---A- C:\Documents and Settings\Utilisateur\Mes documents\LMsoumia elhamdioui51100doc.docx [12993] O61 - LFC: 26/04/2013 - 09:11:17 ---A- C:\Documents and Settings\Utilisateur\Recent\cv soum.lnk [577] O61 - LFC: 26/04/2013 - 09:11:32 ---A- C:\Documents and Settings\Utilisateur\Recent\LMsoumia elhamdioui51100doc.lnk [677] O61 - LFC: 26/04/2013 - 09:43:01 ---A- C:\Documents and Settings\Utilisateur\Recent\NEW 2012 2Pac - My Victory DJ Mo G Remix (Emotional Inspiring Song).lnk [806] O61 - LFC: 26/04/2013 - 09:44:21 ---A- C:\Documents and Settings\Utilisateur\Recent\Birdy - Skinny Love [Official Music Video].lnk [676] O61 - LFC: 26/04/2013 - 13:56:29 ---A- C:\Documents and Settings\Utilisateur\Bureau\dossier clean\18.wmv [621325] O61 - LFC: 26/04/2013 - 13:56:29 ---A- C:\Documents and Settings\Utilisateur\Mes documents\FFOutput\18.avi [313678] O61 - LFC: 26/04/2013 - 13:56:29 ---A- C:\Documents and Settings\Utilisateur\Mes documents\FFOutput\18.wmv [621325] O61 - LFC: 26/04/2013 - 15:50:59 ---A- C:\Documents and Settings\Utilisateur\Bureau\BRAMS FREE KICK.MSWMM [369152] O61 - LFC: 26/04/2013 - 16:33:23 ---A- C:\Documents and Settings\Utilisateur\Mes documents\Téléchargements\Windows_Movie_Maker_2.0.exe [8597840] O61 - LFC: 26/04/2013 - 17:09:17 ---A- C:\Documents and Settings\Utilisateur\Bureau\double.MSWMM [272896] O61 - LFC: 26/04/2013 - 17:15:17 ---A- C:\Documents and Settings\Utilisateur\Recent\double.lnk [506] O61 - LFC: 26/04/2013 - 17:25:37 ---A- C:\Documents and Settings\Utilisateur\Mes documents\Téléchargements\windows-movie-maker.exe [575752] O61 - LFC: 26/04/2013 - 17:27:07 -SHA- C:\Documents and Settings\Utilisateur\PrivacIE\index.dat [245760] O61 - LFC: 26/04/2013 - 17:27:08 ---A- C:\Documents and Settings\Utilisateur\Application Data\HPAppData\hpswpip.dat [1024] O61 - LFC: 26/04/2013 - 17:27:17 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [10240] O61 - LFC: 26/04/2013 - 17:27:30 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168] O61 - LFC: 26/04/2013 - 17:27:34 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\searchplugins\delta.xml [1294] O61 - LFC: 26/04/2013 - 17:27:34 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\user.js [1026] O61 - LFC: 26/04/2013 - 17:27:35 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.47_0\crossriderManifest.json [513] =>PUP.CrossRider O61 - LFC: 26/04/2013 - 17:27:35 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_ihkeoookbpemkdccdccdmacnidhooohk_0\3 [7168] O61 - LFC: 26/04/2013 - 17:27:36 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nohfdhapjjlndfgjnmdlcabloeembdkj_0.localstorage [98304] O61 - LFC: 26/04/2013 - 17:27:36 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Updater19962\Updater19962.exe [210312] O61 - LFC: 26/04/2013 - 17:27:44 ---A- C:\Documents and Settings\Utilisateur\Application Data\Babylon\log_file.txt [6551] =>Toolbar.Babylon O61 - LFC: 26/04/2013 - 17:27:52 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [75776] O61 - LFC: 26/04/2013 - 17:28:37 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [14021] O61 - LFC: 26/04/2013 - 17:38:07 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\Invalidprefs.js [331344] O61 - LFC: 26/04/2013 - 17:38:41 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\extensions.sqlite [458752] O61 - LFC: 26/04/2013 - 17:56:05 ---A- C:\Documents and Settings\Utilisateur\Bureau\movie_0001.avi [0] O61 - LFC: 26/04/2013 - 18:03:58 ---A- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Accessoires\Invite de commandes.lnk [1565] O61 - LFC: 26/04/2013 - 18:06:52 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\WMTools Downloaded Files\{5E903D72-3ED7-416C-BAD1-86B55DC1E583}.AutoSave [407040] O61 - LFC: 26/04/2013 - 18:23:10 ---A- C:\Documents and Settings\Utilisateur\Recent\BRAMS FREE KICK.lnk [551] O61 - LFC: 26/04/2013 - 18:33:05 ---A- C:\Documents and Settings\Utilisateur\Bureau\movie_0002.wmv [18374435] O61 - LFC: 26/04/2013 - 18:35:50 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Movie Maker\MEDIATAB0.DAT [134656] O61 - LFC: 26/04/2013 - 18:36:04 ---A- C:\Documents and Settings\Utilisateur\Recent\movie.lnk [499] O61 - LFC: 26/04/2013 - 18:38:27 ---A- C:\Documents and Settings\Utilisateur\Recent\movie_0002.lnk [516] O61 - LFC: 26/04/2013 - 19:44:34 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb [2052096] O61 - LFC: 27/04/2013 - 08:14:41 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\bookmarkbackups\bookmarks-2013-04-27.json [95892] O61 - LFC: 27/04/2013 - 23:49:45 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\bookmarkbackups\bookmarks-2013-04-28.json [95892] O61 - LFC: 28/04/2013 - 02:41:48 ---A- C:\Documents and Settings\Utilisateur\Recent\IMG_0329.lnk [941] O61 - LFC: 28/04/2013 - 02:41:48 ---A- C:\Documents and Settings\Utilisateur\Recent\Photo Maroc Avril 2012.lnk [654] O61 - LFC: 28/04/2013 - 09:40:58 ---A- C:\Documents and Settings\Utilisateur\Recent\Photo 008.lnk [739] O61 - LFC: 28/04/2013 - 09:51:54 ---A- C:\Documents and Settings\Utilisateur\Recent\Photo 005.lnk [739] O61 - LFC: 28/04/2013 - 09:52:32 ---A- C:\Documents and Settings\Utilisateur\Recent\Mes images.lnk [493] O61 - LFC: 28/04/2013 - 09:52:32 ---A- C:\Documents and Settings\Utilisateur\Recent\Photo 001.lnk [739] O61 - LFC: 28/04/2013 - 10:15:56 -SHA- C:\Documents and Settings\Utilisateur\IECompatCache\index.dat [65536] O61 - LFC: 28/04/2013 - 10:34:58 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\addons.sqlite [524288] O61 - LFC: 28/04/2013 - 10:43:30 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\blocklist.xml [62756] O61 - LFC: 28/04/2013 - 11:47:02 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\cert8.db [212992] O61 - LFC: 28/04/2013 - 11:47:02 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\key3.db [16384] O61 - LFC: 28/04/2013 - 11:47:02 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\permissions.sqlite [65536] O61 - LFC: 28/04/2013 - 11:47:02 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\sessionstore.bak [5681] O61 - LFC: 28/04/2013 - 11:47:02 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\webappsstore.sqlite [1835008] O61 - LFC: 28/04/2013 - 11:47:02 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\OfflineCache\index.sqlite [262144] O61 - LFC: 28/04/2013 - 11:47:03 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\content-prefs.sqlite [229376] O61 - LFC: 28/04/2013 - 12:44:10 -SHA- C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Internet Explorer\Desktop.htt [2708] O61 - LFC: 28/04/2013 - 12:45:19 -SHA- C:\Documents and Settings\Utilisateur\IETldCache\index.dat [262144] O61 - LFC: 28/04/2013 - 12:45:22 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\cookies.sqlite-shm [32768] O61 - LFC: 28/04/2013 - 12:45:22 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\places.sqlite-shm [32768] O61 - LFC: 28/04/2013 - 12:45:22 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\webapps\webapps.json [2] O61 - LFC: 28/04/2013 - 12:45:23 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\search.json [17223] O61 - LFC: 28/04/2013 - 12:45:24 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\webappsstore.sqlite-shm [32768] O61 - LFC: 28/04/2013 - 12:45:25 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\urlclassifierkey3.txt [154] O61 - LFC: 28/04/2013 - 12:45:26 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\test-malware-simple.cache [44] O61 - LFC: 28/04/2013 - 12:45:26 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\test-malware-simple.pset [16] O61 - LFC: 28/04/2013 - 12:45:26 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\test-malware-simple.sbstore [232] O61 - LFC: 28/04/2013 - 12:45:26 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\test-phish-simple.cache [44] O61 - LFC: 28/04/2013 - 12:45:26 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\test-phish-simple.pset [16] O61 - LFC: 28/04/2013 - 12:45:26 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\test-phish-simple.sbstore [232] O61 - LFC: 28/04/2013 - 15:18:40 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\cookies.sqlite-wal [721456] O61 - LFC: 28/04/2013 - 15:26:27 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\prefs.js [332160] O61 - LFC: 28/04/2013 - 15:51:06 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\goog-malware-shavar.sbstore [1634908] O61 - LFC: 28/04/2013 - 15:51:07 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\goog-malware-shavar.cache [12] O61 - LFC: 28/04/2013 - 15:51:07 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\goog-malware-shavar.pset [797438] O61 - LFC: 28/04/2013 - 16:03:47 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\webappsstore.sqlite-wal [19773608] O61 - LFC: 28/04/2013 - 16:04:02 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\goog-phish-shavar.cache [108] O61 - LFC: 28/04/2013 - 16:04:02 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\goog-phish-shavar.pset [681002] O61 - LFC: 28/04/2013 - 16:04:02 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\safebrowsing\goog-phish-shavar.sbstore [580683] O61 - LFC: 28/04/2013 - 16:04:27 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\formhistory.sqlite [196608] O61 - LFC: 28/04/2013 - 16:06:15 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\downloads.sqlite [196608] O61 - LFC: 28/04/2013 - 16:06:19 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\localstore.rdf [5566] O61 - LFC: 28/04/2013 - 16:07:25 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\startupCache\startupCache.4.little [102021] O61 - LFC: 28/04/2013 - 16:12:58 ---A- C:\Documents and Settings\Utilisateur\Recent\ZHPDiag.lnk [499] O61 - LFC: 28/04/2013 - 16:14:01 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\places.sqlite [10485760] O61 - LFC: 28/04/2013 - 16:14:01 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\places.sqlite-wal [557496] O61 - LFC: 28/04/2013 - 16:14:04 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\cookies.sqlite [1048576] O61 - LFC: 28/04/2013 - 16:14:09 ---A- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\_CACHE_CLEAN_ [1] O61 - LFC: 28/04/2013 - 16:14:18 ---A- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\3mz1m4vr.default-1357395158421\sessionstore.js [178743] ~ 56 Fichiers temporaires (Temporary files) ~ 39 Fichiers cookies (Cookies files) ~ Files: 1062 Legitimates Filtered in 00mn 32s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: ZHPFix 1.3 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 05/02/2013 - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McComponentHostService) .(.McAfee, Inc. - Component Host Service.) - LEGACY_MCCOMPONENTHOSTSERVICE ~ Legacy: 136 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossrider.bic", "13e472bd87a22a093fab98902046e370"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.InstallationThankYouPage", true); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1366993640); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setSearch", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.active", true); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.addressbar", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.addressbarenhanced", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.backgroundjs", "\n\n//\n"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.backgroundver", 34); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.can_run_bg_code", true); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.certdomaininstaller", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.changeprevious", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1366993640"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.value", "1366993640"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.expiration", "Sun Apr 28 2013 16:24:47 GMT+0200"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.value", "%22%21appAPI.db.get%28%5C%22_GPL_ib_disclosure%[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_blocklist.expiration", "Sun Apr 28 2013 16:24:47 GMT+0200"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration", "Fri May 03 2013 18:28:06 GMT+0200"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.value", "%22FR%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.value", "1367157399"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value", "%221366222555%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22163377%22%2C%22sub_id[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.value", "%221366222655%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value", "%22163377%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value", "1366994098572"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.value", "%221488%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[forgeofempires.com].expiration", "Fri May 03 2013 23:01:14 GMT+0200"[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[forgeofempires.com].value", "1367010074"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[kko-appli.com].expiration", "Sat May 04 2013 12:09:02 GMT+0200"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[kko-appli.com].value", "1367057342"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[prizee.com].expiration", "Mon Apr 29 2013 12:01:47 GMT+0200"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[prizee.com].value", "1367143307"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value", "%22177744%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.value", "1366993686249"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.description", "Supreme Savings"); =>PUP.RewardsArcade O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.domain", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.enablesearch", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.homepage", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.iframe", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2271B9B7C9A39647[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value", "47"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value", "1"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration", "Sun Apr 28 2013 16:34:59 GMT+0200"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+01[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.manifesturl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.name", "Supreme Savings"); =>PUP.RewardsArcade O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.newtab", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.opensearch", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.ver", 4); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver", 15); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver", 35); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.ver", 5); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.name", "debug"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.ver", 1); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.ver", 1); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.pluginsurl", "http://app-static.crossrider.com/plugin/apps/19962/plugins/091/ff/plu[...] =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.pluginsversion", 43); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.publisher", "215 Apps"); =>PUP.SpecialSavings O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.searchstatus", 0); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.setnewtab", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.thankyou", "http://crossrider.com/thank_you/19962"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.updateinterval", 360); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.19962.ver", 47); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.adsOldValue", -1); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.apps", "19962"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.bic", "13e472bd87a22a093fab98902046e370"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.cid", 19962); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.firstrun", false); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.hadappinstalled", true); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.installationdate", 1366993656); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.lastcheck", 22785635); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.lastcheckitem", 22785983); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.modetype", "production"); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.reportInstall", true); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.crossriderapp19962.statsDailyCounter", 7); =>PUP.CrossRider O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.dfltLng", "en"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.ffxUnstlRst", true); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.id", "fcfd5a33000000000000bc5ff41b2c09"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.instlDay", "15821"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.vrsn", "1.8.16.16"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.vrsnTs", "1.8.16.1618:27:31"); O69 - SBI: prefs.js [Utilisateur - 3mz1m4vr.default-1357395158421] user_pref("extensions.delta.vrsni", "1.8.16.16"); O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www2.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {54266313-E833-4AB8-B721-ECD7BCD30ADB} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) E:\Documents\Downloads\Pro.Evolution.Soccer.2008[PCDVD][Spanish-EN-FR-GE-IT-POR] + CRACK + KEYGEN (Gusnor)\CRACK\PES2008.exe E:\Documents\Downloads\Pro.Evolution.Soccer.2008[PCDVD][Spanish-EN-FR-GE-IT-POR] + CRACK + KEYGEN (Gusnor)\PES2008.exe E:\Documents\Downloads\Pro.Evolution.Soccer.2008[PCDVD][Spanish-EN-FR-GE-IT-POR] + CRACK + KEYGEN (Gusnor)\CRACK\PES2008.exe E:\Documents\Downloads\Pro.Evolution.Soccer.2008[PCDVD][Spanish-EN-FR-GE-IT-POR] + CRACK + KEYGEN (Gusnor)\PES2008.exe ~ Files: Scanned in 00mn 43s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.80F4A456633F78A26A3C6B16E64EFEC5] [SPRF][28/09/2007] (.Microsoft - Uno Messenger.) -- C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll [381960] [MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [SPRF][22/02/2007] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll [304544] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11735 - (27/04/2013) Clés trouvées (Keys found) : 28 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Cr_Installer] =>Adware.VidSaver [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\DM] =>PUP.BearShare [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\priam_bho.DLL] =>Toolbar.Wajam [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKCU\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0019962.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0019962.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0019962.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0019962.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220122992262}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Bubble Dock =>Adware.SPointer C:\Program Files\Supreme Savings =>PUP.RewardsArcade C:\Documents and Settings\Utilisateur\Application Data\Babylon =>Toolbar.Babylon C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Updater19962 =>PUP.CrossRider^ ~ Additionnel Scan: 218734 Items scanned in 00mn 08s ---\\ Product Upgrade Codes (O90) O90 - PUC: "B33ADC63B9099174791D4C9B3990DB7C" . (.ATI Parental Control & Encoder.) -- C:\WINDOWS\Installer\{36CDA33B-909B-4719-97D1-C4B99309BDC7}\ARPPRODUCTICON.exe ~ Update Products: 132 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKLM\Software\d55888db16def42] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 29/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 29/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 15/02/2012 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 03/01/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 03/01/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Demand 14/04/2008 14336 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe SR - | Auto 14/04/2008 14336 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe SR - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 04/04/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 22/09/2005 53248 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe SR - | Auto 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 28/08/2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Services: Scanned in 00mn 00s ~ 2075 Legitimates filtered by white list End of the scan (776 lines in 01mn 38s)(4)