cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.3.10.11 - Nicolas Coolman (10/03/2014)
~ Lancé par alexandre (24/04/2014 09:40:06)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.15 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 21

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3839 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 244 GB (53%) free of 455 GB

---\\ Mode de connexion au système
~ Computer Name: CALCIFER
~ User Name: alexandre
~ All Users Names: UpdatusUser, HomeGroupUser$, alexandre, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\alexandre\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\alexandre\AppData\Roaming\
~ %Desktop% : C:\Users\alexandre\Desktop\
~ %Favorites% : C:\Users\alexandre\Favorites\
~ %LocalAppData% : C:\Users\alexandre\AppData\Local\
~ %StartMenu% : C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 244 Go of 455 Go)
D: Hard drive, Flash drive, Thumb drive (Free 47 Go of 455 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
N: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4922
~ Mes musiques (My Musics) : 2/3
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 1/49
~ Mon Bureau (My Desktop) : 2/2302
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.30A1D1933C5B603FA3DFCB79C5D0A492] - (...) -- C:\Users\alexandre\AppData\Local\stv_fr_4\upstv_fr_4.exe [3267536] [PID.2060]
[MD5.F6041A72058ADD22166C31B5FD5E919C] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\alexandre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000] [PID.4196]
[MD5.AD16557CECFB17CF7393D28DC40F6D09] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [563744] [PID.4260]
[MD5.658856637843B195406122D9E63C4FDB] - (.Pas de propriétaire - Hercules WiFi Station N Utility.) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe [124200] [PID.4352]
[MD5.BF0EE37A14144C88A9F6FDA7B44981BB] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328] [PID.4376]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4400]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4476]
[MD5.67034C4E8331385BEEE31A64098C545A] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888] [PID.4548]
[MD5.A2CB714DCF8F0E134F2429AF673C7C08] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [506744] [PID.4976]
[MD5.258A35DDA86873A152879CFCBA40BB60] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8352256] [PID.3808]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1368]
[MD5.34400005DE52842C4D6D4EE978B4D7CE] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 8.0 (component).) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312] [PID.1716]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2008]
[MD5.B4FC11A45987925C70DFF8111C59996E] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808] [PID.2184]
[MD5.53602748123D14A91DAFAF853B2D8F5B] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736] [PID.2468] =>Adware.IncrediBar
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496] [PID.2724]
[MD5.2F337D9ADE7B9F2C954C6E799D82D619] - (.Guillemot Corporation - Hercules WiFi Station Support Service.) -- C:\Windows\SysWOW64\HerculesWiFiService.exe [53544] [PID.2760]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232] [PID.2468]
[MD5.973CCA9BD91885568FD1AE3E14A99B4A] - (.BlueStack Systems, Inc. - BlueStacks Service.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192] [PID.3128]
[MD5.9C888E2EE1D3A41052F41EB84FD126A3] - (.BlueStack Systems - BlueStacks Network Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe [378640] [PID.3252]
[MD5.69B7D4EE2E91D89294BF27B4E1FF6A5C] - (.BlueStack Systems - BlueStacks Block Device Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe [261392] [PID.3332]
[MD5.60F103BA98E5DF6D07056EADC42B91A6] - (.BlueStack Systems - BlueStacks Shared Folder Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe [367376] [PID.3460]
[MD5.A3A25E0509F67473B960DAF214828BE3] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259296] [PID.3832]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\alexandre\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.google.com
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [bjcjaemihddenoopkkhaamlcoliiiain] Ancient Map v.1.4 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [clbfjfbnelcflpgpklppgplejolacbej] Browser Companion Helper v.1.0.5 (Désactivé)
G2 - GCE: Preference [User Data\Default] [dednnpigldgdbpgcdpfppmlcnnbjciel] General Crawler v.2.5 (Désactivé) =>PUP.MediaFinder
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MediaPlayerplus v.1.26.21, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé)
~ Google Browser: 23 Legitimates Filtered in 00mn 27s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\prefs.js
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\user.js
M3 - MFPP: Plugins - [alexandre] -- C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [alexandre] -- C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\searchplugins\iminent.xml =>Adware.IMBooster
M3 - MFPP: Plugins - [alexandre] -- C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [alexandre] -- C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\searchplugins\sweetim.xml =>PUP.SweetIM
M3 - MFPP: Plugins - [alexandre] -- C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\searchplugins\YouGoo.xml =>Hijacker.YouGoo
M0 - MFSP: prefs.js [alexandre - htjnj5rd.default] http://start.qone8.com =>Hijacker.Qone8
M2 - MFEP: prefs.js [alexandre - htjnj5rd.default\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com] [] MediaPlayerplus v (..)
M2 - MFEP: prefs.js [alexandre - htjnj5rd.default\ffxtlbr@iminent.com] [] Iminent Toolbar v1.6.0 (..) =>Adware.IMBooster
M2 - MFEP: prefs.js [alexandre - htjnj5rd.default\quick_start@gmail.com] [] Quick Start v1.6.0 (..)
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms
O4 - GS\Desktop [Public]: Epson Easy Photo Print.lnk . (.SEIKO EPSON CORPORATION - Pas de description.) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Desktop [Public]: PB Boutique Accessoire.lnk . (...) -- C:\Program Files (x86)\PB Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
O4 - GS\Desktop [Public]: User's Guide (Packard Bell InfoCentre).lnk . (.Acer Incorporated - InfoCentre Web Browser.) -- C:\Program Files (x86)\Packard Bell\InfoCentre\InfoCtr.exe
O4 - GS\Desktop [Public]: WiFi Station N.lnk . (...) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [alexandre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [alexandre]: Guitar Pro 6.lnk . (...) -- C:\Program Files\Guitar Pro 6\GuitarPro.exe (.not file.)
O4 - GS\QuickLaunch [alexandre]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [alexandre]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\TaskBar [alexandre]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Program [alexandre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\SystemTools [alexandre]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Desktop [alexandre]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Desktop [alexandre]: Mes téléchargements - Raccourci.lnk . (...) -- C:\Users\alexandre\Documents\Mes téléchargements
O4 - GS\Desktop [alexandre]: videos.lnk . (...) -- D:\videos
~ Global Startup: 86 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WiFi Station N.lnk . (...) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IntelliType Pro] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft Device Center\itype.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft Device Center\ipoint.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Media Finder] C:\Program Files (x86)\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O4 - HKCU\..\Run: [ABBYY Screenshot Reader Bonus] C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe (.not file.)
O4 - HKCU\..\Run: [SSync] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\alexandre\AppData\Roaming\SSync\SSync.exe
O4 - HKCU\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\alexandre\AppData\Roaming\DataMgr\DataMgr.exe
O4 - HKCU\..\Run: [Intermediate] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\alexandre\AppData\Roaming\Intermediate\Intermediate.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\alexandre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Wow6432Node\Run: [stv_fr_4] C:\Program Files (x86)\stv_fr_4\stv_fr_4.exe (.not file.)
O4 - HKLM\..\Wow6432Node\RunOnce: [upstv_fr_4.exe] . (...) -- C:\Users\alexandre\AppData\Local\stv_fr_4\upstv_fr_4.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [Media Finder] C:\Program Files (x86)\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [ABBYY Screenshot Reader Bonus] C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe (.not file.)
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [SSync] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\alexandre\AppData\Roaming\SSync\SSync.exe
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\alexandre\AppData\Roaming\DataMgr\DataMgr.exe
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [Intermediate] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\alexandre\AppData\Roaming\Intermediate\Intermediate.exe
O4 - HKUS\S-1-5-21-2730353230-1756322391-1749759407-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\alexandre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CED23A3-B3D5-4CD3-A88B-22F5E4E09E6E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CED23A3-B3D5-4CD3-A88B-22F5E4E09E6E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7CED23A3-B3D5-4CD3-A88B-22F5E4E09E6E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3.job [3128]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4.job [2212]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5.job [1528]
[MD5.00000000000000000000000000000000] [APT] [3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3] (...) -- C:\Program Files (x86)\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4] (...) -- C:\Program Files (x86)\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5] (...) -- C:\Program Files (x86)\MediaPlayerplus\3d6799c0-7f57-4f60-ab8f-1e65a97fb73f-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.D43998B57F3839C1053C759F7AF2439E] [APT] [Fifth] (...) -- C:\Users\alexandre\AppData\Roaming\Fifth\Fifth.exe [603568]
[MD5.00000000000000000000000000000000] [APT] [OMESupervisor] (...) -- C:\Users\alexandre\AppData\Local\omesuperv.exe (.not file.) [0] =>PUP.OfferMosquito
[MD5.00000000000000000000000000000000] [APT] [{3B85FCCF-F9BF-4260-A60E-A6542F448D9B}] (...) -- C:\Users\alexandre\Downloads\IDoserSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{80EA853C-AC39-4CC5-969C-655BD1C8F134}] (...) -- C:\ProgramData\Ableton\Live 8\Program\Ableton Live 8.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9F0565FB-A342-48E5-A221-BD481D545130}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DB28C03C-DF5F-4F94-A86E-2E9DDD88DA1F}] (...) -- C:\Program Files (x86)\IDoser v4\Uninstal.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E341A61E-9606-4D13-8DB1-EC825FB9CDE8}] (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EBC64D09-689D-4FD8-8CE7-E711EB340089}] (...) -- C:\ProgramData\0C1D1734F604D964157500F1F875F002\0C1D1734F604D964157500F1F875F002.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EC72C1C3-E057-4B14-B45B-C8F69A9D0F08}] (...) -- C:\Program Files (x86)\MediaPlayerplus\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 46 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: ScanTack - (.ScanTack.) [HKLM][64Bits] -- ScanTack
O42 - Logiciel: qone8 uninstaller - (.qone8.) [HKLM][64Bits] -- qone8 uninstaller =>Hijacker.Qone8
O42 - Logiciel: stv_fr_4 - (.AGENCE-EXCLUSIVE.) [HKLM][64Bits] -- stv_fr_4_is1 =>PUP.AgenceExcusive
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Blabbers ] =>PUP.Blabbers
[HKCU\Software\Blabbers] =>PUP.Blabbers
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Vittalia] =>Adware.Vittalia
[HKCU\Software\YourFileDownloader] =>PUP.YourFileDownloader
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\tuto4pc] =>PUP.AgenceExclusive
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\AGENCE-EXCLUSIVE] =>PUP.AgenceExcusive
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Taronja]
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\YourFileDownloader] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\free_soft_today]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 298 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2014 - 09:11:17 - [0] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 10/03/2014 - 12:51:27 - [0] ----D C:\Program Files (x86)\Common Files\Umbrella
O43 - CFD: 16/09/2010 - 17:37:19 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 24/04/2014 - 09:30:49 - [0,004] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 13/04/2012 - 07:23:15 - [0,034] ----D C:\Users\alexandre\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 11/10/2012 - 19:28:30 - [-1510,467] ----D C:\Users\alexandre\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 09/03/2014 - 12:43:51 - [0,161] ----D C:\Users\alexandre\AppData\Roaming\DataMgr
O43 - CFD: 25/11/2012 - 15:59:06 - [0,039] ----D C:\Users\alexandre\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 07/04/2014 - 14:23:08 - [0,590] ----D C:\Users\alexandre\AppData\Roaming\Fifth
O43 - CFD: 21/05/2012 - 16:57:29 - [0,018] ----D C:\Users\alexandre\AppData\Roaming\Media Finder =>PUP.MediaFinder
O43 - CFD: 21/05/2012 - 16:57:53 - [0] ----D C:\Users\alexandre\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 09/07/2012 - 16:09:05 - [0] ----D C:\Users\alexandre\AppData\Roaming\Pauf
O43 - CFD: 21/04/2014 - 23:43:27 - [1,685] ----D C:\Users\alexandre\AppData\Roaming\qone8 =>Hijacker.Qone8
O43 - CFD: 09/07/2012 - 16:08:54 - [0] ----D C:\Users\alexandre\AppData\Roaming\Soigok
O43 - CFD: 24/04/2014 - 09:16:03 - [0] ----D C:\Users\alexandre\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 21/05/2012 - 16:18:13 - [0] ----D C:\Users\alexandre\AppData\Roaming\YourFileDownloader =>PUP.YourFileDownloader
O43 - CFD: 17/05/2012 - 16:30:02 - [0] ----D C:\Users\alexandre\AppData\Local\Conduit
O43 - CFD: 19/04/2014 - 09:10:26 - [0] ----D C:\Users\alexandre\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 24/04/2014 - 09:34:53 - [9,196] ----D C:\Users\alexandre\AppData\Local\stv_fr_4
~ 470 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 666 Legitimates Filtered in 00mn 29s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/04/2014 - 00:29:11 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.0B35F4AEE839B55A730A8059B4E37090] - 22/04/2014 - 06:44:30 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112]
O44 - LFC:[MD5.B973A5D425BA7E9E8E8E26597C9FAFF7] - 24/04/2014 - 08:29:55 ---A- . (...) -- C:\Windows\win.ini [580]
~ Files: 51 Legitimates Filtered in 00mn 08s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{7d5ed4df-9fb2-11e3-a950-00262d3ab384}\AutoRun\command. (...) -- J:\WD SmartWare.exe (.not file.)
O51 - MPSK:{c4cd01f0-c247-11df-8142-00262d336003}\AutoRun\command. (...) -- O:\WD SmartWare.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ExpressFiles [Key] . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 28/06/2013 - 07:22:46 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 28/06/2013 - 07:22:46 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.9FE455C916C656144B004E3EB48507CE] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [204880]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 28/06/2013 - 07:22:46 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 20/08/2013 - 06:02:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 20/08/2013 - 06:02:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.0B35F4AEE839B55A730A8059B4E37090] - 22/04/2014 - 06:44:30 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112]
~ Drivers: 16 Legitimates Filtered in 00mn 07s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/04/2014 - C:\Windows\System32\drivers\wStLibG64.sys (wStLibG64) .(.StdLib - StdLib.) - LEGACY_WSTLIBG64
~ Legacy: 88 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639..clientLogIsEnabled", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.CTID", "CT2851639");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.CurrentServerDate", "2-3-2011");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.DownloadReferralCookieData", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.EMailNotifierPollDate", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedLastCount2548968607390276962", 346);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775081", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775087", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775093", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775099", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775105", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775111", "Wed Mar 02 2011 17:17:18 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775117", "Wed Mar 02 2011 16:17:19 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775123", "Wed Mar 02 2011 17:17:19 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775129", "Wed Mar 02 2011 17:17:19 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775135", "Wed Mar 02 2011 17:17:19 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedPollDate129351529712775141", "Wed Mar 02 2011 17:17:19 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedTTL129351529712775081", 10);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedTTL129351529712775105", 15);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedTTL129351529712775117", 5);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FeedTTL129351529712775129", 5);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FirstServerDate", "2-3-2011");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FirstTime", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FirstTimeFF3", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.FixPageNotFoundErrors", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.HasUserGlobalKeys", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.Initialize", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.InstallationType", "UnknownIntegration");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.InstalledDate", "Wed Mar 02 2011 07:33:12 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.IsGrouping", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.IsMulticommunity", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.IsOpenThankYouPage", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.IsOpenUninstallPage", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.LanguagePackLastCheckTime", "Wed Mar 02 2011 07:33:13 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.LastLogin_3.2.5.2", "Wed Mar 02 2011 15:33:15 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.LatestVersion", "3.2.5.2");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.Locale", "fr");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&q=");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchInNewTabLastCheckTime", "Wed Mar 02 2011 07:33:13 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_T[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.ServiceMapLastCheckTime", "Wed Mar 02 2011 07:33:12 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SettingsLastCheckTime", "Wed Mar 02 2011 16:10:53 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.SettingsLastUpdate", "1297860073");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.ThirdPartyComponentsLastCheck", "Wed Mar 02 2011 07:33:12 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.ThirdPartyComponentsLastUpdate", "1255348267");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.TrusteLinkUrl", "http://trust.conduit.com/EB_ORIGINAL_CTID");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.Uninstall", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.UserID", "UN70912255713153325");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.ValidationData_Toolbar", 1);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.WeatherNetwork", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.WeatherPollDate", "Wed Mar 02 2011 17:10:20 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.WeatherUnit", "C");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.alertChannelId", "1243674");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.backendstorage.enableinj", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.myStuffEnabled", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.testingCtid", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Wed Mar 02 2011 07:33:13 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.toolbarContextMenuLastCheckTime", "Wed Mar 02 2011 07:33:16 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CT2851639.usagesFlag", 2);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3176921&SearchSource=13");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ConduitSearchList", "express-files Customized Web Search"); =>Adware.ExpressFiles
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3176921/CT3176921", "\"4fefbd621148e797d97fa662[...]
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1243674/1239347/FR", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1584547/1578750/FR", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/FR", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", "\"1290679360\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3176921", "\"1329300499\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wNaokyQn90mMItP1sym[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "xYQbfiyILJlwdgfyUaY[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "rGzHjFU+YM5Lv74r5NOn[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "bM8wQLfFAEKgVLVF/G5[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "QmycQXJXVyFVAzIiNll[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "FvLcNm096R6J6zPIjtn70Q[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"")[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3176921", "\"d76323372b05c3748a3d6b1c93[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634339976460000000"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "6343399764600[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2851639/CT2851639", "\"1297860073\"");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"67e1ac93c8bab6bfc9801049c6b49194\[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"634322696881670000\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.EngineOwner", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.EngineOwnerGuid", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\alexandre\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\htjnj5rd[...]
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.MiniIPageGadgetSize.http://webapp.2bon.net/frame.php", "600x442");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.OriginalEngineOwner", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2851639"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2851639"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.ToolbarsList4", "");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 02 2011 11:27:32 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.locale", "en");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Mar 02 2011 07:33:12 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.showTrayIcon", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.alert.userId", "25445e6e-2e29-4e1c-96bc-162acaa69dbc");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Mar 02 2011 07:33:13 GMT+0100");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.globalUserId", "74b69d91-2159-4392-a767-5acf68587c0d");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3176921");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 16 2012 14:28:39 GMT+0200");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.alertEnabled", true);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 17 2012 15:35:33 GMT+0200");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.locale", "en");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 17 2012 15:35:25 GMT+0200");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.notifications.userId", "1ad712e6-e21d-491e-8abb-d3141f6a9be7");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.originalHomepage", "http://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=84582e7500000000000000[...] =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("CommunityToolbar.originalSearchEngine", "Google");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.CTID", "ConduitEngine"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.FirstServerDate", "03/02/2011 09"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.FirstTime", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.FirstTimeFF3", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.FixPageNotFoundErrors", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.HasUserGlobalKeys", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.Initialize", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.InitializeCommonPrefs", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.InstalledDate", "Wed Mar 02 2011 07:33:12 GMT+0100"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.IsMulticommunity", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.IsOpenThankYouPage", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.IsOpenUninstallPage", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 02 2011 07:33:13 GMT+0100"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Mar 02 2011 16:39:49 GMT+0100"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.PublisherContainerWidth", 0); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q="); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 02 2011 16:39:48 GMT+0100"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.Uninstall", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.UserID", "UN16307539105336728"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.engineLocale", "fr"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 02 2011 07:33:13 GMT+0100"); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("ConduitEngine.initDone", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search"); =>Adware.ExpressFiles
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=3&q={searchTerms}");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112553"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.hardId", "84582e750000000000000008d3822dc0"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.id", "84582e750000000000000008d3822dc0"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15481"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://isearch.claro-search.com/?affID=114170&tt=3412_2&babsrc=NT_iclro&mntrId[...] =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:18:21"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>PUP.Babylon
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.admin", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.aflt", "babsst");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.dfltLng", "en");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.excTlbr", false);
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.id", "84582e750000000000000008d3822dc0");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.instlDay", "15576");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.instlRef", "sst");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.prdct", "claro");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.prtnrId", "claro");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.tlbrId", "iclaro"); =>PUP.IClaro
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.vrsn", "1.6.4.1");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro.vrsni", "1.6.4.1");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro_i.smplGrp", "none");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.claro_i.vrsnTs", "1.6.4.112:48:12");
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.crossrider.bic", "14578ad25ecd335934d758e963bd6d37"); =>PUP.CrossRider
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods._xpiupdate", true); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.aflt", "_#wbst"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.first_time", false); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.id", "_#0575ade5531b44d983130556b74de9c7"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.instlDay", "_#15299"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.prtnrId", "_#facemoods.com"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.sid", "_#0575ade5531b44d983130556b74de9c7"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.update", "_#v1.4.0"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.facemoods.vrsn", "_#1.4.17.5"); =>Adware.Facemoods
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.AL", 2); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.aflt", "aw0202ff"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0A0BtAzzyEtB0EyByDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCy[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.cr", "1036883229"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=aw0202ff&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0A0Bt[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.id", "00262D3AB3842E75"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.instlDay", "16127"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=aw0202ff&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0A0[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=aw0202ff&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtA0[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial_i.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [alexandre - htjnj5rd.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:55:59"); =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (StartWeb) - http://start.iminent.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {460C3D19-B3D4-4964-A550-77D263B0CCCB} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {5184eda1-c729-4ff2-9d3e-3e5de84fb60b} - (YouGoo) - http://www.yougoo.fr =>Hijacker.YouGoo
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Claro Search) - http://isearch.claro-search.com =>PUP.ClaroSearch
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (express-files Customized Web Search) - http://search.conduit.com =>Adware.ExpressFiles
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.601896A28195B8C6C2D93E03144B070C] [SPRF][21/10/2013] (...) -- C:\Users\alexandre\AppData\Roaming\wklnhst.dat [946]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{12AC9F54-3811-44E2-990D-BDB63CDDA65F}C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{C7650A31-6AFC-4F7D-80F5-956E54249036}C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "TCP Query User{2B107369-94B1-4661-8218-BC659E99FA98}C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{3D3E4B6B-9D75-498A-B61D-F93BB99F22EE}C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "{9B311A7F-85A0-4C9D-A3D8-FC9BA8469D2B}" |In - Private - P6 - TRUE | .(...) -- C:\Users\alexandre\Downloads\Awolnation_-_Back_From_Earth_EP_2010_Megalithic_Symphony_-_2011.rar_downloader_224b.exe (.not file.)
O87 - FAEL: "{64D4CDB2-36DB-46EC-BDAC-636FFEA7BFA6}" |In - Private - P17 - TRUE | .(...) -- C:\Users\alexandre\Downloads\Awolnation_-_Back_From_Earth_EP_2010_Megalithic_Symphony_-_2011.rar_downloader_224b.exe (.not file.)
O87 - FAEL: "TCP Query User{3C765555-001F-4D45-AC52-CA55903954A0}C:\program files (x86)\expressfiles\expressdl.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\expressfiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "UDP Query User{257B2FD0-0F75-4581-944F-5A2BE28BD2E3}C:\program files (x86)\expressfiles\expressdl.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\expressfiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{084EFB7B-8899-477B-888A-53C4A0405EFA}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\Downloader.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{E213C877-BEDF-4D40-96D6-4D427A4125D3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\Downloader.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{A5FD4CC9-D85D-4C1A-B282-E7B12971AF81}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\YourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{29F984A9-9D6C-45CB-8D34-818FC7D21A41}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\YourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "TCP Query User{71700548-FCA5-4723-9C91-348D3EEE6F25}C:\users\alexandre\appdata\roaming\pauf\ywady.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\pauf\ywady.exe (.not file.)
O87 - FAEL: "UDP Query User{607DD800-BFB1-4868-9246-74A31D80CD93}C:\users\alexandre\appdata\roaming\pauf\ywady.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\pauf\ywady.exe (.not file.)
O87 - FAEL: "{9058C829-A48A-4AB4-A41A-A2E5B0C0D169}" |In - Private - P6 - TRUE | .(...) -- C:\Users\alexandre\AppData\Local\Temp\toolbar_vit_sweetim.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{2B06A2C2-1AD5-412A-937C-0395FB32DC85}" |In - Private - P17 - TRUE | .(...) -- C:\Users\alexandre\AppData\Local\Temp\toolbar_vit_sweetim.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{17D620C0-DB20-4866-BE16-6F98D223AB79}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{7169DEEF-7B66-4F36-8056-64A1C59D54F4}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{C52940E2-4B89-4E82-AAB2-7C3FC23547EC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressDL.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{EF10FB10-771F-47C1-9019-29B2F0FA1E75}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressDL.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{270FDA6D-029A-4675-8EC5-566739265F00}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{0CAAD864-7B77-4034-A251-ECC39E2923F6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
~ Firewall: 259 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/02/2014 402192 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe
SS - | Auto 18/02/2014 385808 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
SS - | Demand 27/05/2010 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 11/10/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/10/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/07/1658 0 | (PCDSRVC{A368CD8C-0BD7C08A-06020101}_0) . (...) - c:\users\alexan~1\appdata\local\temp\2.cgwv_qyc3j\pcdrdiag\bin\pcdsrvc_x64.pkms

SR - | Auto 09/10/2009 169312 | (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/02/2014 766736 | (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
SR - | Auto 14/09/2009 166400 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe
SR - | Auto 14/09/2009 128512 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
SR - | Auto 07/05/2009 53544 | (HerculesWiFi) . (.Guillemot Corporation.) - C:\Windows\SysWOW64\HerculesWiFiService.exe
SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 37s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (10/03/2014)
Clés trouvées (Keys found) : 102
Valeurs trouvées (Values found) : 11
Dossiers trouvés (Folders found) : 21
Fichiers trouvés (Files found) : 17

[HKLM\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel] =>PUP.MediaFinder^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\qone8 uninstaller] =>Hijacker.Qone8^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\stv_fr_4_is1] =>PUP.AgenceExcusive^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}] =>PUP.Blabbers
[HKLM\Software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}] =>PUP.Blabbers
[HKLM\Software\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Classes\AppID\tdataprotocol.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\updatebho.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\wit4ie.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Agence-Exclusive] =>Spyware.AgenceExclusive
[HKCU\Software\Blabbers] =>PUP.Blabbers
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Classes\MF] =>PUP.MediaFinder
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej] =>PUP.Blabbers
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\SpeedUpMyPC] =>Rogue.SpeedUpMyPC
[HKLM\Software\Classes\mysearchdial.mysearchdialappCore] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialappCore.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3176921] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore.1] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3176921] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Media Finder =>PUP.MediaFinder^
C:\Users\alexandre\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder^
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\extensions\ffxtlbr@iminent.com =>Adware.IMBooster^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\alexandre\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\alexandre\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\alexandre\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^
C:\Users\alexandre\AppData\Roaming\Media Finder =>PUP.MediaFinder^
C:\Users\alexandre\AppData\Roaming\OfferBox =>PUP.OfferBox^
C:\Users\alexandre\AppData\Roaming\qone8 =>Hijacker.Qone8^
C:\Users\alexandre\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\alexandre\AppData\Roaming\YourFileDownloader =>PUP.YourFileDownloader^
C:\Users\alexandre\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\alexandre\AppData\Roaming\DataMgr =>PUP.Datamngr
C:\Users\alexandre\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder
C:\Users\alexandre\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\alexandre\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\Conduit =>Toolbar.Conduit
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\ConduitEngine =>Toolbar.Conduit
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\SearchPlugins\conduit.xml =>Toolbar.Conduit
C:\Users\alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\htjnj5rd.default\SearchPlugins\sweetim.xml =>PUP.SweetIM
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe =>Adware.IncrediBar^
[HKCU\Software\Blabbers ] =>PUP.Blabbers^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive^
[HKCU\Software\Vittalia] =>Adware.Vittalia^
[HKCU\Software\YourFileDownloader] =>PUP.YourFileDownloader^
[HKCU\Software\tuto4pc] =>PUP.AgenceExclusive^
[HKLM\Software\Wow6432Node\AGENCE-EXCLUSIVE] =>PUP.AgenceExcusive^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\YourFileDownloader] =>PUP.YourFileDownloader^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 295317 Items scanned in 00mn 31s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder =>PUP.MediaFinder
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/28911851-hijacker-yougoo =>Hijacker.YouGoo
~ http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8 =>Hijacker.Qone8
~ http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles
~ http://nicolascoolman.webs.com/apps/blog/show/35338970-pup-offermosquito =>PUP.OfferMosquito
~ http://nicolascoolman.webs.com/apps/blog/show/27280149-pup-blabbers =>PUP.Blabbers
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive
~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26764465-adware-facemoods =>Adware.Facemoods
~ http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/33047509-rogue-speedupmypc =>Rogue.SpeedUpMyPC
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ MSI: 33 link(s) detected in 00mn 31s



~ 1754 Legitimates filtered by white list
End of the scan (988 lines in 03mn 00s)(0)

Publicité


Signaler le contenu de ce document

Publicité