cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par zaki (20/02/2014 11:13:04)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox 24.0
GCIE: Google Chrome v32.0.1700.107

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
Kaspersky Internet Security 2013 v13.0.1.4190
McAfee Security Scan Plus v3.8.130.10

---\\ Logiciels d'optimisation du système
CCleaner v4.01 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.0 - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (68% free)
System Restore: Activé (Enable)
System drive D: has 41 GB (29%) free of 142 GB

---\\ Mode de connexion au système
~ Computer Name: ZAKI-698FF0CC6F
~ User Name: zaki
~ All Users Names: zaki, SUPPORT_388945a0, HelpAssistant, forever, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : D:\
~ %AppZHP% : D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\ZHP\
~ %AppData% : D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\
~ %Desktop% : D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\
~ %Favorites% : D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Favoris\
~ %LocalAppData% : D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\
~ %StartMenu% : D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\
~ %Windir% : D:\WINDOWS\
~ %System% : D:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 156 Go)
D: Hard drive, Flash drive, Thumb drive (Free 41 Go of 142 Go)
E: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Free 0 Go of 0 Go)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.4C33E5B9A6197B6ED215F6CFBA0A2DAA] - (.Microsoft Corporation - Explorateur Windows.) (.04/08/2004 - 05:54:50.) -- D:\WINDOWS\Explorer.exe [1036288]
[MD5.58FE94EF42E074F4CAD8BF02E70E6478] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/08/2004 - 05:54:46.) -- D:\WINDOWS\system32\wininet.dll [660480]
[MD5.D2DE785AEAB0BB8CA4C14A8A199DBE4E] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.04/08/2004 - 05:55:02.) -- D:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/08/2004 - 04:14:16.) -- D:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04/08/2004 - 03:59:44.) -- D:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.04/08/2004 - 04:14:12.) -- D:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.04/08/2004 - 03:59:54.) -- D:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.07/09/2002 - 01:00:00.) -- D:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.3FCC124B6E08EE0E9351F717DD136939] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.07/01/2005 - 17:07:18.) -- D:\WINDOWS\system32\Drivers\HDAudBus.sys [138752]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.04/08/2004 - 00:41:24.) -- D:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.04/08/2004 - 04:00:16.) -- D:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.04/08/2004 - 04:04:52.) -- D:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.04/08/2004 - 04:14:30.) -- D:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/08/2004 - 04:15:18.) -- D:\WINDOWS\system32\Drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.04/08/2004 - 04:14:38.) -- D:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.04/08/2004 - 04:15:10.) -- D:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.04/08/2004 - 06:05:42.) -- D:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.04/08/2004 - 04:14:24.) -- D:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 23:01:16.) -- D:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.04/08/2004 - 01:39:44.) -- D:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04/08/2004 - 05:44:16.) -- D:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/49
~ Mes musiques (My Musics) : 1/116
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 2/327
~ Mes Documents (My Documents) : 1/315
~ Mon Bureau (My Desktop) : 3/7889
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.7C43EE429B6F503EB6ADAFFF3C20A305] - (.IDT, Inc. - IDT PC Audio.) -- d:\program files\idt\wdm\STacSV.exe [254042] [PID.352]
[MD5.1EEA95A7483A678551108B6DCF308CC1] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456] [PID.236]
[MD5.A64B2C3C698F2362FAD8D9357C9AAE83] - (.Andrea Electronics Corporation - AEFltrs MFC Application.) -- D:\WINDOWS\system32\AESTFltr.exe [737280] [PID.248]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040] [PID.268]
[MD5.059630AEA8419531FB52834CBB3CAE3E] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe [99840] [PID.356]
[MD5.D3AC38E80E928CC61A22650E04423BB8] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- D:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328] [PID.384]
[MD5.5676E75F98FF8E0F81DFF604A09288BB] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [198160] [PID.548]
[MD5.5F86CE3AA87A55A2A52A8BD32B5D7EC0] - (.ZSMCSNAP - ZSMCSNAP.) -- D:\WINDOWS\ZSSnp211.exe [49152] [PID.584]
[MD5.F9CAAC9D8C767E51AFFD396EDFD20C96] - (...) -- D:\WINDOWS\Domino.exe [49152] [PID.592]
[MD5.98F101E69EA59EFAE909EEDD16E434B5] - (.Gsi Technologies - Pas de description.) -- D:\Program Files\Golden Filter Premium\GFPro.exe [1650688] [PID.596]
[MD5.651335DF54C9D07DAEE5D34A976EB401] - (.Intel Corporation - hkcmd Module.) -- D:\WINDOWS\system32\hkcmd.exe [166912] [PID.616]
[MD5.1FC71A719B45A6A90BAFE2387EA07984] - (.Pas de propriétaire - HSDPALauncher MFC Application.) -- D:\Program Files\HSPA USB Modem\HSPALauncher.exe [233472] [PID.0]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.728]
[MD5.63E9C23A386FFFA84B5E03BFF9B628F0] - (.Brother Industries, Ltd. - Status Monitor Application.) -- D:\Program Files\Browny02\Brother\BrStMonW.exe [3076096] [PID.844]
[MD5.175596062987D2AD073C0C30C2CC37AB] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- D:\Program Files\ControlCenter4\BrCtrlCntr.exe [393216] [PID.948]
[MD5.4C9793CCB8D6734667A6F1AC050E8C1F] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [604776] [PID.980]
[MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- D:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [273296] [PID.992]
[MD5.B6F7C29ACBD3660A6E61180B2D062DE1] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- D:\Program Files\ControlCenter4\BrCcUxSys.exe [1327104] [PID.1136]
[MD5.1CB6792CB29B59A2218F3367623F2C79] - (.CANON INC. - Driver Information Assist Core Module.) -- D:\Program Files\Canon\DIAS\CnxDIAS.exe [1738288] [PID.1568]
[MD5.001C8273B6A21A4B8DA10CDCE833EC4A] - (.Gsi Technologies - Pas de description.) -- D:\WINDOWS\system32\mssvr32.exe [77824] [PID.1728]
[MD5.59C3BF4E879D4ACA8268F9CE9926E6EC] - (.Broadcom Corporation. - Bluetooth Support Server.) -- D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [346720] [PID.2428]
[MD5.DB109DA005B6FE2A350C5DD7CA768DFD] - (.Brother Industries, Ltd. - BrYNCSvc.) -- D:\Program Files\Browny02\BrYNSvc.exe [266240] [PID.2468]
[MD5.F8968C9778F25A90A35755C3C97C7F62] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [144688] [PID.2596]
[MD5.135D1BE0C0887CFEC58683F552D7D892] - (.AVM Software Inc. - Paltalk Messenger.) -- D:\Program Files\Paltalk Messenger\paltalk.exe [9267808] [PID.736]
[MD5.5D7FCC1B6751DBB4119B8AD019BE1428] - (...) -- D:\Program Files\HSPA USB Modem\HSPA USB Modem.exe [1492480] [PID.2652]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- D:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.804]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
D:\Documents and Settings\zaki\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\prefs.js
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\user.js
M3 - MFPP: Plugins - [zaki] -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [zaki] -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [zaki] -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [zaki] -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\searchplugins\search.xml
M3 - MFPP: Plugins - [zaki] -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\searchplugins\VenteeRo.xml
M3 - MFPP: Plugins - [zaki] -- D:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon
M0 - MFSP: prefs.js [zaki - aizuxbxz.default] http://www.arabyonline.com
M2 - MFEP: prefs.js [zaki - aizuxbxz.default\addon@Vonteera.com] [] Vonteera Safe ads v (..) =>Trojan.Vonteera
M2 - MFEP: prefs.js [zaki - aizuxbxz.default\{0b1be383-efa8-44d5-a7c2-9a39594575a1}(2)] [] cleanlab Community Toolbar v3.20.0.4 (..)
M2 - MFEP: prefs.js [zaki - aizuxbxz.default\{62d40876-df18-411f-9d34-a9dd7a197bc5}(2)] [] BrotherSoft Extreme3 Community Toolbar v3.20.0.4 (..) =>PUP.BrotherSoftExtreme
M2 - MFEP: prefs.js [zaki - aizuxbxz.default\{75656794-AB59-4712-BFBC-5D816D56F3BC}] [] USB Disk Security DB Toolbar Toolbar v1.1.8 (..)
M2 - MFEP: prefs.js [zaki - aizuxbxz.default\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(2)] [] DVDVideoSoftTB v10.20.0.513 (..)
P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.Pas de propriétaire - Photodex Presenter Plugin 5,00,0,3310.) -- D:\Program Files\Photodex Presenter\npPxPlay.dll
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=D:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=D:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 10



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A057A204-BACC-4D26-9E83-2DB586E27190} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- D:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: TheWorld.lnk . (.Phoenix Studio - TheWorld Browser.) -- D:\Program Files\TheWorld 2.0\TheWorld.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [zaki]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [zaki]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- D:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- D:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 14 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: BTTray.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - GS\Program [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- D:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [AESTFltr] . (.Andrea Electronics Corporation - AEFltrs MFC Application.) -- D:\WINDOWS\system32\AESTFltr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- D:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- D:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- D:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- D:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] . (...) -- D:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [GoldenFilterPro] . (.Gsi Technologies - Pas de description.) -- D:\Program Files\Golden Filter Premium\GFPro.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [mobilegeni daemon] D:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Run: [HSPALauncher] . (.Pas de propriétaire - HSDPALauncher MFC Application.) -- D:\Program Files\HSPA USB Modem\HSPALauncher.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKLM\..\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- D:\Program Files\ControlCenter4\BrCcBoot.exe
O4 - HKLM\..\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- D:\Program Files\Browny02\Brother\BrStMonW.exe
O4 - HKCU\..\Run: [BeyluxeMessenger] . (...) -- D:\Program Files\Beyluxe Messengerh\Beyluxe Messenger.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1606980848-1580436667-839522115-1003\..\Run: [BeyluxeMessenger] . (...) -- D:\Program Files\Beyluxe Messengerh\Beyluxe Messenger.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- D:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- D:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{641E35A7-50D2-4777-A69F-EB19841033ED}: NameServer = 172.25.1.60 192.168.27.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{641E35A7-50D2-4777-A69F-EB19841033ED}: NameServer = 172.25.1.60 192.168.27.6
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- D:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- D:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- D:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- D:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- D:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- D:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- D:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - D:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - D:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - D:\WINDOWS\Tasks\ReclaimerUpdateFiles_Administrateur.job [442]
O39 - APT:Automatic Planified Task - D:\WINDOWS\Tasks\ReclaimerUpdateXML_Administrateur.job [438]
O39 - APT:Automatic Planified Task - D:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Administrateur.job [448]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Installed Component - S-1-5-21-1606980848-1580436667-839522115-1003 - {AF4NXE64-5Y0G-B375-H7VS-XJ43S6LSBR01} -- Not Hexadécimal CLSID
~ Active Setup: 21 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: AHMAD HAMMAMI v 0.5.2.0 - (...) [HKLM] -- ICOM Edit HD 9200_is1
O42 - Logiciel: Ace Translator 9.6.4 - (.AceTools.biz.) [HKLM] -- Ace Translator_is1
O42 - Logiciel: Acoo Browser (remove only) - (...) [HKLM] -- Acoo Browser
O42 - Logiciel: Akamai NetSession Interface - (...) [HKCU] -- Akamai
O42 - Logiciel: Allok Video Converter 4.6.0511 - (.Allok Soft Inc..) [HKLM] -- Allok Video Converter_is1
O42 - Logiciel: Aplus Media to MP3 - (.Aplus Software Inc.) [HKLM] -- Aplus Media to MP3_is1
O42 - Logiciel: CLVD Pack - 08.04.2010 - (...) [HKLM] -- CLVD Pack
O42 - Logiciel: Express English - (.ONH1986.) [HKLM] -- Express English3.9.1
O42 - Logiciel: Fantastique calculatrice 1.1 - (...) [HKLM] -- Fantastique calculatrice
O42 - Logiciel: File Type Advisor 1.0 - (.filetypeadvisor.com.) [HKLM] -- File Type Advisor_is1
O42 - Logiciel: Maxiboot Installer V1.5 - (.© 2011 Black_64.) [HKLM] -- Maxiboot Installer_is1
O42 - Logiciel: PFPortChecker 1.0.39 - (.Portforward.com.) [HKLM] -- PFPortChecker
O42 - Logiciel: Pismo File Mount Audit Package - (...) [HKLM] -- PismoFileMountAuditPackage
O42 - Logiciel: Quran in Ms Word 1.3 - (.Taufiq Product, Inc..) [HKLM] -- Quran in Ms Word_is1
O42 - Logiciel: S-Spline 2 - (.Shortcut.) [HKLM] -- S-SPLINE 2
O42 - Logiciel: TIFF to PDF v3.2 - (.adultpdf.com Inc.) [HKLM] -- TIFF to PDF_is1
O42 - Logiciel: Tina Pro for Windows - (...) [HKLM] -- Tina Pro for Windows
O42 - Logiciel: Wahran_Shar version 1.0.0 - (.Wahran_Shar.) [HKLM] -- {4AADC36B-9331-4855-ACE8-F38BA2A44FBA}_is1
O42 - Logiciel: Wonderland Adventures - (...) [HKLM] -- Wonderland Adventures_is1
O42 - Logiciel: mikroC PRO for PIC (remove only) - (.mikroElektronika.) [HKLM] -- mikroC PRO for PIC
O42 - Logiciel: mikroProg Suite For PIC (remove only) - (.mikroElektronika.) [HKLM] -- mikroProg Suite For PIC
O42 - Logiciel: مشغل الفلاش العربي - (...) [HKLM] -- مشغل الفلاش العربي
~ Logic: 63 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\---N---]
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\3LV Games]
[HKCU\Software\522d6d8e735e441] =>Hijacker.Eazel
[HKCU\Software\APN PIP]
[HKCU\Software\AcooBrowser]
[HKCU\Software\Aplus All Media to MP3]
[HKCU\Software\Beyluxe Messenger]
[HKCU\Software\Cinefoot_Server]
[HKCU\Software\CleanLabApp]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\CreateMini]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\FileAdvisor]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\MediaProLab]
[HKCU\Software\Polarstern]
[HKCU\Software\Progency]
[HKCU\Software\Project07]
[HKCU\Software\SMTTB2009]
[HKCU\Software\Shortcut]
[HKCU\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto Toolbar] =>Adware.MegaSearch
[HKCU\Software\Wedding Album Maker Gold]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\crocodile-clips]
[HKCU\Software\iCarePro]
[HKLM\Software\AskTBar]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DHL]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\English Computerized Learning]
[HKLM\Software\ONH1986]
[HKLM\Software\PCTools]
[HKLM\Software\PIP]
[HKLM\Software\Shortcut]
[HKLM\Software\ain]
~ Key Software: 527 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2013 - 10:49:29 - [5,496] ----D D:\Program Files\Ace Translator2
O43 - CFD: 24/12/2012 - 20:03:12 - [2,357] ----D D:\Program Files\Acoo Browser
O43 - CFD: 27/09/2013 - 20:07:52 - [25,783] ----D D:\Program Files\Allok Video Converter
O43 - CFD: 25/07/2013 - 17:31:20 - [3,411] ----D D:\Program Files\Aplus Media to MP3
O43 - CFD: 24/05/2013 - 18:25:17 - [15,588] ----D D:\Program Files\Beyluxe Messengerh
O43 - CFD: 26/01/2014 - 04:39:29 - [1,076] ----D D:\Program Files\conan2
O43 - CFD: 26/07/2012 - 20:15:20 - [143,538] ----D D:\Program Files\Crazy Taxi 1
O43 - CFD: 17/07/2012 - 15:26:51 - [20,697] ----D D:\Program Files\data
O43 - CFD: 05/09/2013 - 09:36:04 - [100,915] ----D D:\Program Files\DHL
O43 - CFD: 26/07/2012 - 20:09:08 - [190,994] ----D D:\Program Files\Driver 1
O43 - CFD: 22/07/2013 - 17:44:56 - [6,295] ----D D:\Program Files\File Type Advisor
O43 - CFD: 14/02/2014 - 16:13:04 - [2,137] RSHAD D:\Program Files\Golden Filter Premium
O43 - CFD: 24/12/2012 - 11:48:47 - [0,006] ----D D:\Program Files\hffgE
O43 - CFD: 22/10/2013 - 18:34:58 - [1,584] ----D D:\Program Files\lakhrissi
O43 - CFD: 01/11/2011 - 16:53:44 - [2,208] ----D D:\Program Files\Maxiboot Installer
O43 - CFD: 27/01/2012 - 15:04:19 - [0,832] ----D D:\Program Files\Navigator Kids Calculator v1.0
O43 - CFD: 23/11/2012 - 18:21:12 - [20,233] ----D D:\Program Files\ONH1986
O43 - CFD: 03/11/2011 - 14:24:19 - [0,149] ----D D:\Program Files\PFPortChecker
O43 - CFD: 16/05/2013 - 17:57:46 - [1,125] ----D D:\Program Files\Pismo File Mount Audit Package
O43 - CFD: 05/12/2012 - 01:16:34 - [2,879] ----D D:\Program Files\Quran_in_Word
O43 - CFD: 28/11/2013 - 17:24:48 - [2,652] ----D D:\Program Files\Shortcut
O43 - CFD: 17/07/2012 - 15:26:48 - [0] ----D D:\Program Files\test
O43 - CFD: 20/02/2014 - 11:12:35 - [103,193] ----D D:\Program Files\TheWorld 2.0
O43 - CFD: 08/01/2014 - 21:50:40 - [0,209] ----D D:\Program Files\VMNetSrv
O43 - CFD: 23/03/2012 - 21:19:20 - [2,221] ----D D:\Program Files\Wahran_Shar
O43 - CFD: 21/11/2013 - 18:31:10 - [60,238] ----D D:\Program Files\Wedding Album Maker Gold
O43 - CFD: 13/04/2012 - 20:31:10 - [3,132] ----D D:\Program Files\Wonderland Adventures
O43 - CFD: 14/04/2012 - 10:47:08 - [0] ----D D:\Documents and Settings\All Users.WINDOWS\Application Data\3DWA_L
O43 - CFD: 06/05/2013 - 17:23:21 - [0] ----D D:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
O43 - CFD: 22/01/2013 - 23:03:28 - [0] ----D D:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 28/12/2013 - 19:39:35 - [0] ----D D:\Documents and Settings\All Users.WINDOWS\Application Data\gateProtect
O43 - CFD: 22/04/2013 - 09:56:40 - [0,005] ----D D:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
O43 - CFD: 30/10/2011 - 23:41:31 - [0,227] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Acoo Browser
O43 - CFD: 22/01/2013 - 23:03:27 - [0,013] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 24/05/2013 - 18:47:58 - [0,001] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Beyluxe
O43 - CFD: 29/01/2014 - 22:29:10 - [0] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\FileAdvisor
O43 - CFD: 28/12/2013 - 19:39:18 - [0] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\gateProtect
O43 - CFD: 26/01/2014 - 18:17:13 - [0,004] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\newnext.me =>PUP.NextLive
O43 - CFD: 03/05/2013 - 12:15:05 - [14,998] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\OpenCandy =>Adware.OpenCandy
O43 - CFD: 21/11/2013 - 18:41:41 - [1,135] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Wedding Album Maker
O43 - CFD: 06/05/2013 - 17:29:09 - [0,169] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\APN
O43 - CFD: 07/07/2012 - 18:59:52 - [5,745] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\cleanlab
O43 - CFD: 23/11/2012 - 22:11:07 - [0,188] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\Conduit
O43 - CFD: 26/01/2014 - 21:20:47 - [0] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\genienext
O43 - CFD: 31/07/2012 - 00:35:12 - [0,001] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\ShamurShamur
O43 - CFD: 01/11/2011 - 15:24:58 - [0,006] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\Unattneded
O43 - CFD: 24/05/2013 - 18:25:18 - [0,003] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\Programmes\Beyluxe Messenger
O43 - CFD: 30/03/2012 - 15:59:57 - [0,001] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\Programmes\Dark Horizons LORE demo
O43 - CFD: 22/10/2013 - 18:34:58 - [0,001] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\Programmes\lakhrissi
O43 - CFD: 23/11/2012 - 18:21:16 - [0,004] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\Programmes\ONH1986
O43 - CFD: 21/11/2013 - 18:30:27 - [0,003] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\Programmes\Wedding Album Maker Gold
O43 - CFD: 05/11/2011 - 17:41:34 - [0,001] ----D D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Menu Démarrer\Programmes\مشغل الفلاش العربي
~ Program Folder: 350 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.119990BC81F7BCD1539825A811D6D597] - 07/02/2014 - 16:40:28 ---A- . (...) -- D:\WINDOWS\FaxSetup.log [15224]
O44 - LFC:[MD5.006A53B169D33A2C99F43D2FC5E69D13] - 14/02/2014 - 23:04:44 ---A- . (...) -- D:\WINDOWS\matlab.ini [154]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 17/02/2014 - 23:09:44 ---A- . (...) -- D:\WINDOWS\NeroDigital.ini [116]
O44 - LFC:[MD5.0E0E10A68D02166CBAA8DEC067CAF79E] - 18/02/2014 - 22:23:55 ---A- . (...) -- D:\WINDOWS\wmsetup.log [2900]
O44 - LFC:[MD5.BFE251C8ABD55C83699D688C2EA31811] - 20/02/2014 - 11:00:15 ---A- . (...) -- D:\WINDOWS\ModemLog_Mobile Connector.txt [7310]
O44 - LFC:[MD5.C8CB90E735C0541D7BF2ABCA6076D752] - 20/02/2014 - 11:13:06 ---A- . (...) -- D:\Documents [120]
O44 - LFC:[MD5.CBDFEDE76CE0C479C59BC9079339FACE] - 21/02/2014 - 10:45:13 ---A- . (...) -- D:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.03F5D0CABBCE30CD58D5D333288D7AD5] - 21/02/2014 - 10:45:14 ---A- . (...) -- D:\WINDOWS\wiadebug.log [159]
~ Files: 15 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "D:\Program Files\Paltalk Messenger\paltalk.exe" [Enabled] .(.AVM Software Inc..) -- D:\Program Files\Paltalk Messenger\paltalk.exe
~ Keys Export: 6 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.ffds"="ffdshow.ax" . (.Pas de propriétaire - DirectShow and VFW video and audio decoding/encoding/processing filter.) -- D:\WINDOWS\system32\ffdshow.ax
~ TDSD: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- D:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.BDDE322DD3E6ABBC589C5DC8A948A661] - 29/08/2008 - 17:54:40 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- D:\WINDOWS\system32\Drivers\cmusbser.sys [103552]
O58 - SDL:[MD5.18DA737DD5122A475DA4948ED4643675] - 12/10/2012 - 19:42:31 ---A- . (...) -- D:\WINDOWS\system32\Drivers\fsbts.sys [44240]
O58 - SDL:[MD5.3FCC124B6E08EE0E9351F717DD136939] - 07/01/2005 - 17:07:18 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- D:\WINDOWS\system32\Drivers\Hdaudbus.sys [138752]
O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 07/01/2005 - 17:07:16 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- D:\WINDOWS\system32\Drivers\Hdaudio.sys [145920]
O58 - SDL:[MD5.951865E7AFBA9B06E77C521DF2FD5434] - 07/07/2010 - 18:58:31 ---A- . (.Pismo Technic Inc. - System Extension.) -- D:\WINDOWS\system32\Drivers\pfmfs_463.sys [191848]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 07/09/2002 - 01:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- D:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.F441BA47BD8610CB9536965BD7D1F943] - 15/03/2009 - 11:25:46 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- D:\WINDOWS\system32\Drivers\scdemu.sys [56268]
O58 - SDL:[MD5.D26E26EA516450AF9D072635C60387F4] - 17/07/2004 - 16:36:38 ---A- . (...) -- D:\WINDOWS\system32\Drivers\secdrv.sys [27440]
O58 - SDL:[MD5.DC3489F1EF71AD75B34740D0E6979187] - 30/03/2009 - 12:47:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- D:\WINDOWS\system32\Drivers\sthda.sys [1550891]
O58 - SDL:[MD5.432D9D823C4C26B6070C41BAD4404CE4] - 22/08/2013 - 14:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- D:\WINDOWS\system32\Drivers\tap0901.sys [35288]
O58 - SDL:[MD5.C7066A58C5B256C4D34078CEFC3B377D] - 10/08/1998 - 11:18:26 ----- . (...) -- D:\WINDOWS\system32\Drivers\TINAKEY.SYS [9600]
O58 - SDL:[MD5.EAFE1E00739AFE6C51487A050E772E17] - 25/04/2012 - 11:11:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- D:\WINDOWS\system32\Drivers\usbaapl.sys [43520]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- D:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C21DBD71AA028B3D213460F88D43BBFD] - 07/01/2011 - 12:47:44 ---A- . (...) -- D:\WINDOWS\system32\Drivers\vuhub.sys [66432]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 04/08/2004 - 03:46:56 ---A- . (...) -- D:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 07/09/2002 - 01:00:00 ---A- . (...) -- D:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 04/08/2004 - 03:45:26 ---A- . (...) -- D:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 04/08/2004 - 03:45:16 ---A- . (...) -- D:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 04/08/2004 - 03:45:12 ---A- . (...) -- D:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 04/08/2004 - 03:45:16 ---A- . (...) -- D:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 04/08/2004 - 03:45:14 ---A- . (...) -- D:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.363438FBFD6DBF489C2D65AB25C2C5B4] - 13/11/2001 - 09:47:26 ---A- . (...) -- D:\WINDOWS\system32\winio.sys [41324]
~ Drivers: 5 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By TeamXscript - (.TeamXscript.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- D:\Program Files\Acoo Browser\AcooBrowser.exe (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- D:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- D:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- D:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- D:\Program Files\Maxthon3\Bin\Maxthon.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Maxthon International Ltd. - Maxthon Web Browser.) -- D:\Program Files\Maxthon\Maxthon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- D:\Program Files\Opera\Opera.exe (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- D:\Program Files\Opera\Opera.exe (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Phoenix Studio - TheWorld Browser.) -- D:\Program Files\TheWorld 2.0\TheWorld.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000082.isPlayDisplay", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"http[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_TMP_city", "ALGIERS");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_TMP_country", "DZ");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_country", "ALGERIA");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_locId", "AGXX0001");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_location", "Algiers, Algeria");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_region", "OT");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_temp_dis", "c");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.TWC_wind_dis", "kmh");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"28°C\",\"temperatureClear\":\"28°C\",\"highTe[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.Facebook_Mode.enc", "Mg==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.FirstTime", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.FirstTimeFF3", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTcwNDM3MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3Njc2NDUwNw==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mw==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3Njc2NTk5Mg==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3NjI1OTUxNg==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.PG_ENABLE", "dHJ1ZQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.PG_ENABLE.enc", "dHJ1ZQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.SF_JUST_INSTALLED.enc", "RkFMU0U=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.SF_STATUS.enc", "RU5BQkxFRA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.SearchAppState.enc", "Mg==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.UserID", "UN77615786896973274");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.acp_personal.appstate.enc", "ZW5hYmxl");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.cb_experience_000.enc", "MTI=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.cb_firstuse0100.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.cb_user_id_000.enc", "Q0IzOTYzMTMwODQ0MjZfMTM2Nzg2NzQyMzEyNl9GaXJlZm94");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.cbfirsttime.enc", "TW9uIE1heSAwNiAyMDEzIDIxOjEwOjIzIEdNVCswMjAw");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.countryCode", "DZ");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc2ODUxMDk2NTk3LDE0NDAwMDAwXX0=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.discover-user-id.enc", "IjRhOThhNzc3LTUxZDMtNDliZS1iMGQ4LWQxY2UyYjYxMzE2OSI=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.enableAlerts", "always");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.enableFix404ByUser", "TRUE");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.fixUrls", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.fullUserID", "UN77615786896973274.UP.20130706213930");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.ground-country-code.enc", "IkRaIg==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.homepageuserchanged", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.hover_counter.enc", "Nw==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.http___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "Rj[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.impression_counter.enc", "MTg=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.impression_session_counter.enc", "Ng==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.impression_session_id.enc", "ImQ3MmUzZTZkLWNiYzQtNDJlZi04YjA3LWNhNGY3YjU2YjAzYSI=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.impression_session_last_active.enc", "MTM3Njc2NTgwODIyMw==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.installType", "Unknown");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2269050&octid=CT[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.lastVersion", "10.20.0.513");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appStateReportTime.enc", "MTM3OTk0NjY5MjQ1Mg==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appState_CouponBuddy.enc", "b24=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appState_Easytobook.enc", "b24=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appState_Easytobook_targeted.enc", "b24=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appState_PriceGong.enc", "b24="); =>Adware.PriceGong
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY2[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_calledSetupService.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7I[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_currentBadgeValue.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_first_time.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_installer_preapproved.enc", "RkFMU0U=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_lastLoginTime.enc", "MTM3OTk0NjY4ODY5OA==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcm[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_mamEnabled.enc", "ZmFsc2U=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_newApps.enc", "W10=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMC[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMC[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTE[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzAzXzA[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCI[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCI[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_userId.enc", "NzkyNzNlNTYtOWNiZS00ZjQ1LTgzNGMtZGQ2MzMyMzViNjNk");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_user_approval_interacted.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.mam_gk_welcomeDialogMode.enc", "MQ==");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.startimes.com%2Ff.[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.price-gong.isManagedApp", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.revertSettingsEnabled", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.search.searchAppId", "128834881989343895");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.search.searchCount", "0");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.searchInNewTabEnabledByUser", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.searchSuggestEnabledByUser", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.searchUserMode", "1");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://DVDVideo[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB [...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1377709696207");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377710401566");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1368293290654");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1377709695451");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377431439008");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_location_lastUpdate", "1373132204241");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367792951938");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_login_10.16.1.521_lastUpdate", "1368479366061");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373132202175");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373645729932");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377431443874");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_login_10.19.2.505_lastUpdate", "1377709694849");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377431440051");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1377709695087");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1377709695061");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377431440751");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1377716902471");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1377709696147");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.serviceLayer_services_userApps_lastUpdate", "1366624990691");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.settingsINI", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.showToolbarPermission", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.smartbar.CTID", "CT2269050"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.toolbarBornServerTime", "6-4-2013");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.toolbarCurrentServerTime", "27-8-2013");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.toolbarLoginClientTime", "Mon Apr 08 2013 22:00:14 GMT+0200");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050.url_history0001.enc", "aHR0cDovL2toYXltYS5jb20vdGFqd2VlZC9zb3VuZHMvU2hhdGViaWFfdGFibGF3eS5tcDM6OjpjbGlja2hhbm[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379946659033,\"isWithState\"[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.CT3106250.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3106250[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT3205709&SearchSource=13");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.SearchCaption", "cleanlab Customized Web Search");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.SearchEngineBeforeUnload", "BrotherSoft Extreme3 Customized Web Search"); =>PUP.BrotherSoftExtreme
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106250&SearchSource=2&CUI=SB_CUI[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT3106250&octid=CT3106250&SearchSource=15&C[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.TBHomePageUrl", "http://search.conduit.com/?ctid=CT3106250&SearchSource=13");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.TrusteLinkUrl", "http://trust.conduit.com/CT3106250");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.backendstorage.http://facebook_conduitapps_com/v3_16.facebook_last_visit_tab", "");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.backendstorage.http://facebook_conduitapps_com/v3_16.facebooklanguagebyuser", "");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3106250.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.CT3205709.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3205709[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT3205709&SearchSource=13");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.SavedHomepage", "http://search.conduit.com/?ctid=CT3106250&SearchSource=13");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.SearchCaption", "BrotherSoft Extreme3 Customized Web Search"); =>PUP.BrotherSoftExtreme
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=2&CUI=SB_CUI[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT3205709&octid=CT3205709&SearchSource=15&C[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.TBHomePageUrl", "http://search.conduit.com/?ctid=CT3205709&SearchSource=13");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.TrusteLinkUrl", "http://trust.conduit.com/CT3205709");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CT3205709.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2233703&SearchSource=13,http://search.condui[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ConduitSearchList", "4shared.com Customized Web Search,cleanlab Customized Web Search,BrotherSoft Extr[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3106250/CT3106250", "\"cc51ff84bd443b6b0ba1a34f[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3205709/CT3205709", "\"80742dcf537b73d49c11845c[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1341653/1337321/DZ", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1500121/1495605/DZ", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1627186/1620349/DZ", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/631527/627389/DZ", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/797467/793286/DZ", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106250", "\"1357553701\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3205709", "\"1367226716\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "G9mW7heT/8xI[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcdu[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3106250", "b5I8[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3205709", "b5I8[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "2E1/v7EfCEDbv[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQME[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3106250", "9uXRY[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3205709", "9uXRY[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "k9un27OkAvkw[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ru[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3106250", "I1tf[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3205709", "I1tf[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "4BgM4MhF/sOgPsD[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3106250", "ZI41WLb[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3205709", "ZI41WLb[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"ea2cd4d5b586ce1:0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"")[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"2a1a0d7b586ce1:0\"")[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106250", "\"9971ee9815a5fc569766cf6ddc[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3205709", "\"9971ee9815a5fc569766cf6ddc[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"761a1065c089bba4e6032a22fdf81948\[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///D:\\Documents and Settings\\zaki.ZAKI-698FF0CC6F\\Application Data\\Mozilla\[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.MiniIPageGadgetSize.http://adlandoz.com/search/ebay_searchbox234x60.htm", "300x87"); =>Toolbar.eBay
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://www.bigseekpro.com/search/toolbar/bigseekpro/{3AA3763B-08D3-660[...]
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ToolbarsList", "CT3106250,CT3205709");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ToolbarsList2", "CT3106250,CT3205709");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.ToolbarsList4", "CT3106250,CT3205709");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.globalUserId", "2a86dbc1-f138-4bb0-96c5-a35a953e42a6");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3205709");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 21 2013 20:40:07 GMT+0200");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.alertEnabled", true);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Sep 23 2013 11:23:24 GMT+0200");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.locale", "en");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Sep 23 2013 11:23:16 GMT+0200");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.notifications.userId", "11da075c-74fd-4bcd-9829-688960c037c0");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.originalHomepage", "http://www.delta-search.com/?affID=120660&babsrc=HP_ss&mntrId=948100247E85488D"); =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("CommunityToolbar.originalSearchEngine", "Delta Search");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=120660&babsrc=HP_ss&mntrId=948100247E85488D"); =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme3 Customized Web Search"); =>PUP.BrotherSoftExtreme
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=3&q={searchTerms}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.admin", false); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.id", "ace2428c00000000000000247e85488d"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.instlDay", "15727"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=ace2428c00000000000000247e8548[...] =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar_i.excTlbr", false); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.223:17:05"); =>PUP.Babylon
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.id", "ace2428c00000000000000247e85488d");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.instlDay", "15803");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.vrsnTs", "1.8.10.021:48:51");
O69 - SBI: prefs.js [zaki - aizuxbxz.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} [DefaultScope] - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 01s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DEE8169DEF01AAA1BE0FECC94DA187B8] [SPRF][03/09/2009] (.Windows (R) Codename Longhorn DDK provider - Windows Setup API.) -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\DeviceSetup32.exe [10752]
[MD5.53A6F6DE0B3876CC750FCFC2064658D9] [SPRF][12/11/2013] (.Softonic - Softonic Downloader.) -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\SoftonicDownloader_for_moyea-flv-player.exe [401744] =>Toolbar.Conduit
[MD5.14406E596A3A7CEDADC8AA62F496BF45] [SPRF][17/02/2008] (...) -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\SRip32.exe [519168]
[MD5.29E59E131A64455163A490CD57DD2B35] [SPRF][17/09/2012] (...) -- D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\YouTubeDownloaderHD.exe [5105664] =>PUP.SoftwareEngine
~ Files: 10 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "4B7F2C8F6F4B0024CB90A89D40A7E394" . (.VSM Studio 1.0.) -- D:\WINDOWS\Installer\{F8C2F7B4-B4F6-4200-BC09-8AD9047A3E49}\VSMStudio.exe
~ Update Products: 55 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\522d6d8e735e441\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\522d6d8e735e441\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\522d6d8e735e441] =>PUP.Babylon^
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9E6E08952F10D1020CDAE9C775188456] [WIS][24/12/2013] (.Broadcom Corp. - WIDCOMM Bluetooth Profile Pack.) -- D:\Windows\Installer\67bb6.msi [2653696]
~ WIS: 57 Legitimates Filtered in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - D:\WINDOWS\system32\dmadmin.exe
SS - | Auto 30/10/2011 136176 | (gupdate) . (.Google Inc..) - D:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2011 136176 | (gupdatem) . (.Google Inc..) - D:\Program Files\Google\Update\GoogleUpdate.exe

SR - | Auto 26/01/2014 356128 | (AVP) . (.Kaspersky Lab ZAO.) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - D:\Program Files\Browny02\BrYNSvc.exe
SR - | Auto 11/12/2008 346720 | (btwdins) . (.Broadcom Corporation..) - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 17/05/2007 1738288 | (Canon Driver Information Assist Service) . (.CANON INC..) - D:\Program Files\Canon\DIAS\CnxDIAS.exe
SR - | Demand 05/12/2007 144688 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 30/03/2009 254042 | (STacSV) . (.IDT, Inc..) - d:\program files\idt\wdm\STacSV.exe

~ Services: Scanned in 00mn 11s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 36
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 8

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fe063dbb-4ec0-403e-8dd8-394c54984b2c}] =>Toolbar.AskTBar
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FilesFrog Update Checker] =>Adware.Agent
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto Toolbar] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok] =>Hijacker.FreehdsportTV
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\extensions\addon@Vonteera.com =>Trojan.Vonteera^
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}(2) =>PUP.BrotherSoftExtreme^
D:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon =>PUP.Babylon^
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Babylon =>PUP.Babylon^
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\newnext.me =>PUP.NextLive^
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\OpenCandy =>Adware.OpenCandy^
D:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate =>PUP.Tarma
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\AVG Secure Search =>Toolbar.AVGSearch
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\Conduit =>Toolbar.Conduit
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\DVDVideoSoftTB =>Toolbar.DVDVideoSoft
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Local Settings\Application Data\cleanlab =>Toolbar.CleanLab
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\Smartbar =>Hijacker.SmartBar
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Application Data\Mozilla\Firefox\Profiles\aizuxbxz.default\SearchPlugins\conduit.xml =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\SmartBar] =>Hijacker.SmartBar^
[HKLM\Software\Babylon] =>PUP.Babylon^
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\SoftonicDownloader_for_moyea-flv-player.exe =>Toolbar.Conduit^
D:\Documents and Settings\zaki.ZAKI-698FF0CC6F\Bureau\YouTubeDownloaderHD.exe =>PUP.SoftwareEngine^
[HKCU\Software\522d6d8e735e441\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\522d6d8e735e441] =>PUP.Babylon^^
~ Additionnel Scan: 416721 Items scanned in 00mn 25s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera =>Trojan.Vonteera
~ http://nicolascoolman.webs.com/apps/blog/show/35521775-pup-brothersoftextreme =>PUP.BrotherSoftExtreme
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine =>PUP.SoftwareEngine
~ http://nicolascoolman.webs.com/apps/blog/show/27350807-adware-recordnrip =>Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/30583270-hijacker-freehdsporttv =>Hijacker.FreeHDSportTV
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 25 link(s) detected in 00mn 25s



~ 1281 Legitimates filtered by white list
End of the scan (981 lines in 01mn 08s)(0)

Publicité


Signaler le contenu de ce document

Publicité