cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.6.16.21 par Nicolas Coolman, Update du 16/06/2013
Run by Florence at 17/06/2013 15:03:04
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v27.0.1453.110 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v4.02 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader X

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans �chec avec prise en charge du r�seau (Fail-safe with network boot)
Total RAM: 3326 MB (86% free)
System Restore: Activ� (Enable)
System drive C: has 81 GB (53%) free of 154 GB

---\\ Logged in mode
~ Computer Name: PC-DE-FLORENCE
~ User Name: Florence
~ All Users Names: Florence, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Florence\AppData\Roaming\
~ %Desktop% : C:\Users\Florence\Desktop\
~ %Favorites% : C:\Users\Florence\Favorites\
~ %LocalAppData% : C:\Users\Florence\AppData\Local\
~ %StartMenu% : C:\Users\Florence\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 81 Go of 154 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 271 Go of 303 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
~ Security Center: 30 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.2C96B3921B4CDE10DBAED5AAD760DB67] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/04/2013 - 23:02:17.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parall�le.) (.19/01/2008 - 06:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 5/684
~ Mes musiques (My Musics) : 3/10
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/71
~ Mes Documents (My Documents) : 13/1708
~ Mon Bureau (My Desktop) : 1/2
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lanc�s
[MD5.731DC94E205541B848B92A098E3AFB06] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7510016] [PID.1552]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Florence\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.holasearch.com =>Hijacker.HolaSearch
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.babylon.com =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [fagpjgjmoaccgkkpjeoinehnoaimnbla] hola Toolbar v.1.1 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (D�sactiv�) =>Adware.AddLyrics
~ Google Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\prefs.js
C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\user.js
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\holasearch.xml =>Hijacker.HolaSearch
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\kiwee-toolbar.xml
M3 - MFPP: Plugins - [Florence] -- C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\YouGoo.xml
M3 - MFPP: Plugins - [Florence] -- C:\Program Files\Mozilla FireFox\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [Florence - jhlu4c2e.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Florence - jhlu4c2e.default\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com] [] Plus-HD-2.3 v (..) =>Adware.PlusHD
M2 - MFEP: prefs.js [Florence - jhlu4c2e.default\ffxtlbr@holasearch.com] [] HolaSearch v1.6.0 (..) =>Hijacker.HolaSearch
M2 - MFEP: prefs.js [Florence - jhlu4c2e.default\toolbar@yougoo.fr] [] Toolbar YouGoo v1.04.5 (..)
M2 - MFEP: prefs.js [Florence - jhlu4c2e.default\{3248f342-70c6-418d-a300-b8e925e95556}] [] Jeux- Community Toolbar v3.10.0.1 (..)
M2 - MFEP: prefs.js [Florence - jhlu4c2e.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.1.1.20091029021655 (..)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@www.dlmanager.net/omaha/tools//Software Update;version=8] - (.Boxore OU. - Software Update.) -- C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll =>Adware.Boxore
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com =>PUP.SweetIM
~ IE Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0033426 - {11111111-1111-1111-1111-110311341126} . (.Plus HD - Plus-HD-2.3 BHO.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll =>PUP.CrossRider
O2 - BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} . (.XingHao Software - LyricsPal.) -- C:\Program Files\XingHaoLyrics\lrcspal.dll =>Adware.AddLyrics
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-2449292426-1132904705-550536293-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Florence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Florence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url
O4 - Global Startup: C:\Users\Florence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\D�couvrez Hotmail.url . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Florence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\D�couvrez Hotmail.url
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKLM\...\Domains] http.im-history.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C96D5C17-DD56-43A9-91D4-957FFE9A41A6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C96D5C17-DD56-43A9-91D4-957FFE9A41A6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Florence\AppData\Local\Microsoft\BingDesktop\themes\2013-06-08.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Florence\AppData\Local\Microsoft\BingDesktop\themes\2013-06-08.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Dealply.job [302] =>PUP.DealPly
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\LyricsPal Update.job [382] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job [1886] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job [1192] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-enabler.job [1092] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job [1812] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-updater.job [1188] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1074]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1078]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Plus-HD-2.3 - (.Plus HD.) [HKLM] -- Plus-HD-2.3 =>Adware.PlusHD
~ Logic: 36 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5ded68de76aba43]
[HKCU\Software\AGI]
[HKCU\Software\Alexa Internet]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\Plus-HD-2.3] =>Adware.PlusHD
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BrowserCompanion] =>PUP.Blabbers
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\Hoolapp]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\PerformerSoft]
[HKCU\Software\PlayfulAge]
[HKCU\Software\Pogo]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\eojet] =>PUP.Eorezo
[HKCU\Software\holasearch] =>Hijacker.HolaSearch
[HKCU\Software\sol]
[HKLM\Software\AGI]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Bandoo] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\SearchquSRTB] =>PUP.Datamngr
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\WiseConvert_1.5] =>Toolbar.Conduit
~ Key Software: 191 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/01/2013 - 12:19:49 - [2,746] ----D C:\Program Files\Bandoo =>Adware.Bandoo
O43 - CFD: 16/06/2013 - 17:05:54 - [0,851] ----D C:\Program Files\DealPly =>PUP.DealPly
O43 - CFD: 16/06/2013 - 17:06:15 - [0] ----D C:\Program Files\DealPlyLive =>PUP.DealPly
O43 - CFD: 18/03/2013 - 09:47:24 - [1,096] ----D C:\Program Files\Iminent =>Adware.IMBooster
O43 - CFD: 16/06/2013 - 17:01:54 - [7,241] ----D C:\Program Files\Plus-HD-2.3 =>Adware.PlusHD
O43 - CFD: 16/01/2013 - 17:36:37 - [0] ----D C:\Program Files\WiseConvert_1.5 =>Toolbar.Conduit
O43 - CFD: 26/02/2013 - 20:26:56 - [0,141] ----D C:\Program Files\Yontoo =>Adware.Yontoo
O43 - CFD: 07/08/2012 - 22:13:32 - [0,002] ----D C:\ProgramData\AGI
O43 - CFD: 15/06/2013 - 20:15:22 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 21/12/2012 - 16:31:42 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 16/06/2013 - 17:00:44 - [0,050] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly
O43 - CFD: 14/03/2011 - 19:53:24 - [0] ----D C:\ProgramData\iWin
O43 - CFD: 26/08/2010 - 07:50:08 - [7,102] ----D C:\ProgramData\PlayfulAge
O43 - CFD: 26/02/2013 - 20:26:52 - [1,194] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 23/04/2011 - 23:44:29 - [0,321] ----D C:\ProgramData\Trymedia =>Adware.Trymedia
O43 - CFD: 15/06/2013 - 20:15:43 - [1,578] ----D C:\Users\Florence\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 15/06/2013 - 20:15:21 - [0,019] ----D C:\Users\Florence\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 21/12/2012 - 16:31:40 - [0] ----D C:\Users\Florence\AppData\Roaming\Bandoo =>Adware.Bandoo
O43 - CFD: 16/06/2013 - 17:00:29 - [0,000] ----D C:\Users\Florence\AppData\Roaming\Dealply =>PUP.DealPly
O43 - CFD: 15/06/2013 - 20:15:30 - [0,308] ----D C:\Users\Florence\AppData\Roaming\File Scout
O43 - CFD: 15/06/2013 - 20:15:39 - [0,259] ----D C:\Users\Florence\AppData\Roaming\holasearch =>Hijacker.HolaSearch
O43 - CFD: 28/08/2010 - 17:19:37 - [0,059] ----D C:\Users\Florence\AppData\Roaming\IBAGroup
O43 - CFD: 14/03/2011 - 19:53:24 - [0,009] ----D C:\Users\Florence\AppData\Roaming\iWin
O43 - CFD: 15/08/2010 - 17:11:42 - [0,011] ----D C:\Users\Florence\AppData\Roaming\Peace Craft
O43 - CFD: 15/06/2013 - 23:52:16 - [0] ----D C:\Users\Florence\AppData\Roaming\PerformerSoft
O43 - CFD: 06/09/2010 - 13:47:23 - [0,003] ----D C:\Users\Florence\AppData\Roaming\UNOUndercover
O43 - CFD: 11/05/2013 - 22:40:57 - [0,039] ----D C:\Users\Florence\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
O43 - CFD: 16/06/2013 - 17:00:44 - [0] ----D C:\Users\Florence\AppData\Local\DealPlyLive =>PUP.DealPly
O43 - CFD: 13/05/2013 - 20:52:49 - [0,001] ----D C:\Users\Florence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Hijacker.Eazel
~ 631 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1016 Legitimates Filtered in 01mn 05s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.6FFF3C49E00E49542D25C219BEA83644] - 17/06/2013 - 14:01:00 ---A- . (...) -- C:\Windows\ntbtlog.txt [304414]
O44 - LFC:[MD5.155377F2005373A0D5418511881A20A5] - 17/06/2013 - 13:58:56 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [4048]
O44 - LFC:[MD5.155377F2005373A0D5418511881A20A5] - 17/06/2013 - 13:58:56 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [4048]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/06/2013 - 19:22:57 ---A- . (...) -- C:\asc_rdflag [0]
O44 - LFC:[MD5.D5C5CB22F12AE1622D2552AEB349BB01] - 04/06/2013 - 17:42:41 ---A- . (...) -- C:\Windows\win.ini [207]
O44 - LFC:[MD5.3D6C79A2099B7E8CEE90EF3031BF3DCD] - 04/06/2013 - 17:42:13 ---A- . (...) -- C:\Windows\ODBC.INI [28]
O44 - LFC:[MD5.BEC15BA3684167571740A9E699D8AEFB] - 04/06/2013 - 17:42:13 ---A- . (...) -- C:\Windows\ODBCINST.INI [209]
O44 - LFC:[MD5.6C0106F9158208D8AD5D419A9A3F266A] - 04/06/2013 - 15:38:44 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [26676]
~ Files: 48 Legitimates Filtered in 00mn 28s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.AFACF0A83376C9C31DB4DCDBA269CC00] - 16/06/2013 - 21:15:17 ---A- - C:\Windows\Prefetch\PLUS-HD-2.3-BG.EXE-92372906.pf =>Adware.PlusHD
O45 - LFCP:[MD5.88DE40B6554F37F27083CF5546367BA9] - 17/06/2013 - 10:01:00 ---A- - C:\Windows\Prefetch\PLUS-HD-2.3-ENABLER.EXE-E2B816E6.pf =>Adware.PlusHD
O45 - LFCP:[MD5.763D739C930FE49F371F5002B1ABFF2D] - 17/06/2013 - 10:01:02 ---A- - C:\Windows\Prefetch\PLUS-HD-2.3-FIREFOXINSTALLER.-FD5107A6.pf =>Adware.PlusHD
O45 - LFCP:[MD5.1E377D9CB0CFC8DA49848789D5FDEB29] - 17/06/2013 - 10:01:34 ---A- - C:\Windows\Prefetch\PLUS-HD-2.3-CODEDOWNLOADER.EX-A9AF34EB.pf =>Adware.PlusHD
~ Prefetcher: 58 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{435afb74-e24d-11de-a4c4-0021850791f1}\AutoRun\command. (...) -- L:\LaunchU3.exe (.not file.)
O51 - MPSK:{b03ac3b7-2dba-11df-8a66-0021850791f1}\AutoRun\command. (...) -- M:\LaunchU3.exe (.not file.)
O51 - MPSK:{dba5b405-cfa5-11de-892f-806e6f6e6963}\AutoRun\command. (...) -- E:\autorun6e.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 15/06/2013 - 19:15:30 ---A- C:\Users\Florence\AppData\Roaming\File Scout\uninst.exe [62902]
O61 - LFC: 16/06/2013 - 16:00:30 ---A- C:\Users\Florence\AppData\Roaming\Dealply\UpdateProc\config.dat [170] =>PUP.DealPly
O61 - LFC: 16/06/2013 - 16:01:23 ---A- C:\Users\Florence\AppData\Roaming\Babylon\log_file.txt [20268] =>Toolbar.Babylon
O61 - LFC: 16/06/2013 - 16:37:43 ---A- C:\Users\Florence\AppData\Local\GDIPFONTCACHEV1.DAT [89848]
O61 - LFC: 16/06/2013 - 20:49:25 ---A- C:\Users\Florence\AppData\Local\Google\Chrome\User Data\Local State [34654]
O61 - LFC: 16/06/2013 - 20:49:26 ---A- C:\Users\Florence\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 16/06/2013 - 22:11:35 ---A- C:\Users\Florence\AppData\Roaming\BabSolution\Shared\chu.js [476] =>Hijacker.BabSolution
~ 39 Fichiers temporaires (Temporary files)
~ Files: 169 Legitimates Filtered in 00mn 14s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018..clientLogIsEnabled", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.AppTrackingLastCheckTime", "Wed Jun 22 2011 20:55:05 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.BrowserCompStateIsOpen_3092852707911121436", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.CTID", "ct2661018");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.CurrentServerDate", "25-12-2011");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.DialogsGetterLastCheckTime", "Mon Dec 19 2011 20:16:52 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.DownloadReferralCookieData", "");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ExternalComponentPollDate129284975640225334", "Tue Dec 20 2011 20:26:13 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ExternalComponentPollDate129284977326475162", "Tue Dec 20 2011 20:26:13 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.FirstServerDate", "22-6-2011");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.FirstTime", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.FirstTimeFF3", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.HasUserGlobalKeys", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.HomePageProtectorEnabled", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.Initialize", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.InstallationAndCookieDataSentCount", 3);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.InstallationType", "ConduitIntegration");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.InstalledDate", "Wed Jun 22 2011 20:54:54 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsAlertDBUpdated", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsGrouping", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsInitSetupIni", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsMulticommunity", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsOpenThankYouPage", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsOpenUninstallPage", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.IsProtectorsInit", true); =>PUP.Mocaflix
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.LanguagePackLastCheckTime", "Wed Jun 22 2011 20:54:58 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.LastLogin_3.5.0.12", "Tue Nov 01 2011 18:16:56 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.LastLogin_3.8.0.8", "Sun Dec 25 2011 18:51:07 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.LatestVersion", "3.8.1.0");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.Locale", "fr");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.MCDetectTooltipShow", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.MyStuffEnabledAtInstallation", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.OriginalFirstVersion", "3.5.0.12");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioIsPodcast", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioMediaID", "9962");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioMediaType", "Media Player");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioMenuSelectedID", "EBRadioMenu_CT26610189962");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioShrinkedFromSetup", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioStationName", "California%20Rock");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.RadioStationURL", "http://feedlive.net/california.asx");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SavedHomepage", "http://www.yougoo.fr/meteo");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchEngineBeforeUnload", "Jeux- Customized Web Search");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2661018&SearchSource=2&q=");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchInNewTabLastCheckTime", "Wed Jun 22 2011 20:54:57 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchProtectorEnabled", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SearchProtectorToolbarDisabled", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ServiceMapLastCheckTime", "Sun Dec 25 2011 10:21:18 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SettingsLastCheckTime", "Wed Jun 22 2011 20:54:53 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.SettingsLastUpdate", "1306530423");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ThirdPartyComponentsLastCheck", "Wed Jun 22 2011 20:54:53 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ThirdPartyComponentsLastUpdate", "1255344667");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ToolbarShrinkedFromSetup", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.TrusteLinkUrl", "http://trust.conduit.com/CT2661018");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.UserID", "UN40286826022384378");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ValidationData_Toolbar", 2);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.WeatherNetwork", "");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.WeatherPollDate", "Tue Dec 20 2011 20:26:17 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.WeatherUnit", "C");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.alertChannelId", "1053568");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.approveUntrustedApps", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.backendstorage.grooveshark_firstlaunch", "74727565");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.backendstorage.grooveshark_gadget_height", "333837");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.backendstorage.gs_dailyactivity", "31333139343833303436393433");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.backendstorage.gs_lifetimesent", "54525545");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.AppTrackingLastCheckTime", "Tue Dec 20 2011 20:26:24 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.InvalidateCache", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.LanguagePackLastCheckTime", "Sun Dec 25 2011 14:04:52 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.Locale", "fr");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.RadioLastCheckTime", "Tue Dec 20 2011 20:26:14 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.RadioLastUpdateIPServer", "3");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.RadioLastUpdateServer", "3");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.SearchInNewTabLastCheckTime", "Tue Dec 20 2011 20:26:14 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.SettingsLastCheckTime", "Sun Dec 25 2011 20:11:42 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.SettingsLastUpdate", "1321973069");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.ThirdPartyComponentsLastCheck", "Sun Dec 04 2011 20:31:01 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.ThirdPartyComponentsLastUpdate", "1255344667");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.globalFirstTimeInfoLastCheckTime", "Tue Dec 20 2011 20:26:17 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.toolbarAppMetaDataLastCheckTime", "Tue Dec 20 2011 20:26:17 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.ct2661018.toolbarContextMenuLastCheckTime", "Mon Dec 19 2011 20:16:51 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.globalFirstTimeInfoLastCheckTime", "Wed Jun 22 2011 20:54:54 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.homepageProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.initDone", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.isAppTrackingManagerOn", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.isFirstRadioInstallation", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.myStuffEnabled", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.myStuffServiceIntervalMM", 1440);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.oldAppsList", "129204565986975691,129204565987288193,111,129430229944344723,129204565988069463,12928497564022[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.revertSettingsEnabled", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.searchProtectorDialogDelayInSec", 10); =>Toolbar.Conduit
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.searchProtectorEnableByLogin", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.testingCtid", "");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.toolbarAppMetaDataLastCheckTime", "Wed Jun 22 2011 20:54:54 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.toolbarContextMenuLastCheckTime", "Wed Jun 22 2011 20:54:58 GMT+0200");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CT2661018.usagesFlag", 2);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2661018&SearchSource=13");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ConduitSearchList", "Jeux- Customized Web Search");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/ct2661018/CT2661018", "\"1321973070\"");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2661018", "\"1300282935\"");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "kLE3EoupXhh+3ayzzXG[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "TA2mKqdBHssHhc1ui1OG[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "ev2KSD8BFMMs2dxsoAq[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "hOlcV9OHcX1OR8Faic1Xmg[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"6a637346d78ccc1:0\""[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"")[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2661018", "\"54b-81b-4ad9ca6df5440\"");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2661018", "\"3e5a4f275840b518b14c5ff3d7[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=ct2661018&octid=CT2661018", "\"1319635961\"");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2661018/CT2661018", "\"1306530423\"");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=False", "\"981-81b-4ad9ca6d[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=True", "\"1628-a46-4a7f5d22[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"4b121196b3398318f01c08fb8a[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"864b96cefc08a4496f11285e75305e25\[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Florence\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jhlu4c2e.[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKIW[...]
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ToolbarsList", "CT2661018");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2661018");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2661018");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.globalUserId", "05763a74-874b-4e83-9efe-5a4fb7608369");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2661018");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 20 2011 19:36:18 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.locale", "en");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Dec 25 2011 10:21:22 GMT+0100");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("CommunityToolbar.notifications.userId", "fef45f60-c5fe-4cc9-a06e-af4779cced43");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("browser.search.defaultthis.engineName", "Jeux- Customized Web Search");
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.mode.debug", "false"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2661018&SearchSo[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://y.lo.st"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.search.external", "PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.search.history.capacity", "10"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.searchguard.enable", "true"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.simapp_id", "{FE68221F-6E8A-11E1-ADE2-0021850791F1}"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com"); =>PUP.SweetIM
O69 - SBI: prefs.js [Florence - jhlu4c2e.default] user_pref("sweetim.toolbar.version", "1.4.0.0"); =>PUP.SweetIM
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\MicroGaming\Casino\JackpotCity\local\fr\menudescriptions\txt_desc_crackerjack1.dat
C:\MicroGaming\Casino\JackpotCity\local\fr\menudescriptions\txt_desc_crackerjack1.dat
~ Files: Scanned in 00mn 25s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.E2DDF0C517A4547D39D25CE4EC8C5536] [SPRF][09/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Florence\AppData\Local\Temp\uninst1.exe [395848] =>Toolbar.Babylon
[MD5.C08B1A1EB8CCCF0B188B51845646C83D] [SPRF][28/05/2007] (...) -- C:\Users\Florence\AppData\Roaming\nvModes.dat [40200]
[MD5.77D31FB654A53DBFB151C7A8E11E3A02] [SPRF][17/07/2009] (.Adobe Systems Incorporated - Adobe� Flash� Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1962160]
~ Files: Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.12486 - (16/06/2013)
Cl�s trouv�es (Keys found) : 110
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 28
Fichiers trouv�s (Files found) : 5

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee
[HKLM\Software\Classes\CLSID\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee
[HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}] =>Toolbar.Kiwee
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}] =>Toolbar.Kiwee
[HKLM\Software\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}] =>Adware.BHO
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{a5461fca-320c-4d6f-a150-a53823ce8142}] =>Toolbar.Kiwee
[HKLM\Software\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}] =>PUP.Eorezo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}] =>Toolbar.Amazon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\bandoocore.exe] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\contenthandler.dll] =>Toolbar.Kiwee
[HKLM\Software\Classes\AppID\eoenginebho.dll] =>PUP.Eorezo
[HKLM\Software\Classes\AppID\tdataprotocol.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\updatebho.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\wit4ie.DLL] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EoRezo_is1] =>PUP.Eorezo
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA] =>Adware.ClickPotato
[HKLM\Software\Classes\agihelper.agutils] =>Adware.BHO
[HKLM\Software\Classes\Software.OneClickCtrl.8] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLM\Software\Bandoo] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\WiseConvert_1.5] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}] =>Adware.ShopperReports
[HKCU\Software\holasearch] =>Hijacker.HolaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net] =>Adware.AddLyrics
[HKLM\Software\SoftwareUpdater] =>Hijacker.Eazel
[HKLM\Software\Google\Chrome\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla] =>Hijacker.HolaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3] =>Adware.PlusHD
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLM\Software\Classes\agcore.Config.AGConfig] =>Adware.BHO
[HKLM\Software\Classes\agcore.Search.Search] =>Adware.BHO
[HKLM\Software\Classes\CrossriderApp0033426.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033426.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033426.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033426.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311341126}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\BandooCore.EXE] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\EoEngineBHO.DLL] =>PUP.Eorezo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\EoRezo_is1] =>PUP.Eorezo
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\ShopperReportsSA] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Program Files\yontoo =>Adware.Yontoo
C:\Program Files\Bandoo =>Adware.Bandoo
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\DealPly =>PUP.DealPly
C:\Program Files\Iminent =>Adware.IMBooster
C:\Program Files\Software =>Adware.Boxore
C:\Program Files\XingHaoLyrics =>Adware.ShopperReports
C:\Program Files\Plus-HD-2.3 =>Adware.PlusHD
C:\ProgramData\AGI =>Toolbar.Kiwee
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\iWin =>Adware.BHO
C:\ProgramData\Trymedia =>Adware.Trymedia
C:\Users\Florence\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Florence\AppData\Roaming\Bandoo =>Adware.Bandoo
C:\Users\Florence\AppData\Roaming\DealPly =>PUP.DealPly
C:\Users\Florence\AppData\Roaming\iWin =>Adware.BHO
C:\Users\Florence\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
C:\Users\Florence\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Florence\AppData\Roaming\holasearch =>Hijacker.HolaSearch
C:\Users\Florence\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Florence\AppData\Local\Software =>Adware.Boxore
C:\Users\Florence\AppData\LocalLow\AGI =>Toolbar.Kiwee
C:\Users\Florence\AppData\LocalLow\Bandoo =>Adware.Bandoo
C:\Users\Florence\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Florence\AppData\LocalLow\Kiwee Toolbar =>Toolbar.Kiwee
C:\Users\Florence\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
C:\Users\Florence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla =>Hijacker.HolaSearch
C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\SweetIMToolbarData =>PUP.SweetIM
C:\Users\Florence\AppData\Roaming\Mozilla\Firefox\Profiles\jhlu4c2e.default\SearchPlugins\conduit.xml =>Toolbar.Conduit
C:\Users\Florence\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Windows\Tasks\LyricsPal Update.job =>Adware.ShopperReports
C:\Users\Florence\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
~ Additionnel Scan: 149450 Items scanned in 00mn 11s



---\\ Random Export Key (O91)
[HKCU\Software\5ded68de76aba43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5ded68de76aba43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132"
[HKCU\Software\5ded68de76aba43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5ded68de76aba43\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144"
[HKCU\Software\5ded68de76aba43] =>Toolbar.Babylon^
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 16/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/02/2010 172032 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 04/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 07/06/2013 4150112 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 19/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Florence at 17/06/2013 15:05:51

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 nt!IofCallDriver[0x83C4E15F] >> \Device\Harddisk0\DR0[0x86F5D030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Florence at 17/06/2013 15:05:53

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 2103 Legitimates filtered by white list
End of the scan (852 lines in 02mn 49s)(2)

Publicité


Signaler le contenu de ce document

Publicité