Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2013.9.21.37 - Nicolas Coolman (21/09/2013)
~ Lanc� par leo (21/09/2013 18:54:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16635
MFIE: Mozilla Firefox 19.0.2 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : QJXVT
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du syst�me
McAfee Internet Security Suite v11.6.477
McAfee Security Scan Plus v3.0.318.3
Windows Defender W8
---\\ Logiciels d'optimisation du syst�me
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3889 MB (53% free)
System Restore: Activ� (Enable)
System drive C: has 623 GB (90%) free of 684 GB
---\\ Mode de connexion au syst�me
~ Computer Name: GIRARD
~ User Name: leo
~ All Users Names: UpdatusUser, leo, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\leo\AppData\Roaming\
~ %Desktop% : C:\Users\leo\Desktop\
~ %Favorites% : C:\Users\leo\Favorites\
~ %LocalAppData% : C:\Users\leo\AppData\Local\
~ %StartMenu% : C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 623 Go of 684 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1210
~ Mes musiques (My Musics) : 1/358
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/26
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lanc�s
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1176176] [PID.2700]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.6076]
[MD5.57CBFE71E03DDE8C1AD9A389F2E5126C] - (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe [666200] [PID.6048] =>Toolbar.BubbleDock
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.5744]
[MD5.704A01D402F0275877E7FA1BB151D997] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056] [PID.620]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.3392]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.6156]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6228]
[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544] [PID.6316]
[MD5.C849445FF9F85A2A58E38E105518B64A] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe [1074736] [PID.6360] =>Adware.IMBooster
[MD5.CC3FDEF742497F1F019B9B852980570D] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784] [PID.6380] =>Adware.IMBooster
[MD5.8D4AFD5F4955A52C39C8C424FE5516D9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.7040]
[MD5.7AE4D6C70C2D7912AB2B4651DF595575] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [990320] [PID.6656]
[MD5.205231FDC04D07D966B055342AF8D02C] - (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe [4663896] [PID.6048] =>Toolbar.BubbleDock
[MD5.EE5D9EB496A1561964D16FB00AEB21B0] - (.Pas de propri�taire - iuBrowserIEAgent.) -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [44176] [PID.7220]
[MD5.6F47E26D714A8B9B6703991AE40B3A1A] - (.Pas de propri�taire - iuEmailOutlookAgent.) -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [25232] [PID.7244]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - H�te Microsoft WWA.) -- C:\Windows\syswow64\wwahost.exe [333824] [PID.5272]
[MD5.94A0298B5A333CA4CF2F3C9DF9AE16AC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7989760] [PID.6540]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\prefs.js
M3 - MFPP: Plugins - [leo] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\StartWeb.xml
M0 - MFSP: prefs.js [leo - wzaag6t1.default] http://start.iminent.com =>Adware.IMBooster
M2 - MFEP: prefs.js [leo - wzaag6t1.default\crossriderapp12765@crossrider.com] [] Savings Wave v (..) =>PUP.CrossRider
M2 - MFEP: prefs.js [leo - wzaag6t1.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v5.30.4 (..) =>Adware.IMBooster
M2 - MFEP: prefs.js [leo - wzaag6t1.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}] [] DealPly v2.0 (..) =>PUP.DealPly
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com =>Adware.IMBooster
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: TBSB01620 [64Bits] - {58124A0B-DC32-4180-9BFF-E0E21AE34026} . (.Pas de propri�taire - IE Toolbar Engine.) -- C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster
O2 - BHO: IMinent WebBooster [64Bits] - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.Iminent - Iminent BHO.) -- C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll =>Adware.IMBooster
O2 - BHO: DealPly [64Bits] - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} . (.DealPly Technologies Ltd - DealPly for Internet Explorer.) -- C:\Program Files (x86)\DealPly\DealPlyIE.dll =>PUP.DealPly
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acer Backup Manager.lnk . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: DJUCED 18.lnk . (.Guillemot Corporation - DJUCED18.) -- C:\Program Files (x86)\DJUCED 18\DJUCED18.exe
O4 - GS\Desktop [Public]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Cl� orpheline
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe
O4 - GS\Program [Public]: Desktop.lnk - Cl� orpheline
O4 - GS\TaskBar [leo]: AcerCloud Docs.lnk . (...) -- C:\Program Files (x86)\Acer\AcerCloud Docs\AcerCloud Docs.exe
O4 - GS\Desktop [leo]: Bubble Dock.lnk . (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock
~ Global Startup: 53 Legitimates Filtered in 00mn 02s
---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - GS\Startup [leo]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BtPreLoad] . (...) -- C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [BakupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] Cl� orpheline
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Iminent] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster
O4 - HKLM\..\Wow6432Node\Run: [IminentMessenger] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-2936411324-573588799-1250644683-1002\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock
~ Application: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D242BDF-320A-4CDD-91E2-43DC4FD787D4}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D242BDF-320A-4CDD-91E2-43DC4FD787D4}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: 28 Legitimates Filtered in 00mn 06s
---\\ T�ches planifi�es en automatique (O39)
[MD5.88C511BE2C6649DAA9DABA888BBDA77E] [APT] [DealPly] (...) -- C:\Users\leo\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe [91704] =>PUP.DealPly
[MD5.4EE862402A5ECEE9A6F291E08B79F2C7] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [78024] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Updater12765.exe] (...) -- C:\Users\leo\AppData\Local\Updater12765\Updater12765.exe (.not file.) [0] =>PUP.CrossRider
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s
---\\ Logiciels install�s (O42)
O42 - Logiciel: DJUCED 18� - (.Guillemot.) [HKLM][64Bits] -- {34F730A3-77BA-4741-A02A-D40762FEF274}
O42 - Logiciel: DealPly - (.DealPly Technologies Ltd.) [HKLM][64Bits] -- DealPly =>PUP.DealPly
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00} =>Adware.IMBooster
~ Logic: 131 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\DealPly] =>PUP.DealPly
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Umbrella]
~ Key Software: 185 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2013 - 19:55:31 - [0,749] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 26/01/2013 - 21:29:36 - [31,022] ----D C:\Program Files (x86)\DJUCED 18
O43 - CFD: 10/04/2013 - 19:52:03 - [17,292] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 10/04/2013 - 19:51:42 - [3,373] ----D C:\Program Files (x86)\IMinent Toolbar =>Adware.IMBooster
O43 - CFD: 10/04/2013 - 19:55:10 - [5,759] ----D C:\Program Files (x86)\Savings Wave =>PUP.CrossRider
O43 - CFD: 21/09/2013 - 16:29:00 - [2,732] ----D C:\Program Files (x86)\Common Files\Umbrella
O43 - CFD: 05/09/2012 - 22:21:28 - [0,041] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 10/04/2013 - 19:51:44 - [0,030] ----D C:\ProgramData\Iminent =>Adware.IMBooster
O43 - CFD: 10/04/2013 - 19:55:28 - [0,087] ----D C:\Users\leo\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 10/04/2013 - 19:51:56 - [0,016] ----D C:\Users\leo\AppData\Roaming\Iminent =>Adware.IMBooster
O43 - CFD: 24/12/2012 - 21:11:46 - [0,084] ----D C:\Users\leo\AppData\Roaming\lm
O43 - CFD: 25/12/2012 - 09:50:37 - [0] ----D C:\Users\leo\AppData\Local\MusicPlayer
O43 - CFD: 10/04/2013 - 19:55:10 - [0,010] ----D C:\Users\leo\AppData\Local\Savings Wave =>PUP.CrossRider
O43 - CFD: 10/04/2013 - 19:55:31 - [0,004] ----D C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
~ Program Folder: 158 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.5BA4AD184D1B0830CFA267E9D48F617A] - 21/09/2013 - 17:21:20 ---A- . (...) -- C:\Windows\SysNative\wpbbin.exe [53284]
O44 - LFC:[MD5.5BA4AD184D1B0830CFA267E9D48F617A] - 21/09/2013 - 17:21:20 RSHAD . (...) -- C:\Windows\System32\wpbbin.exe [53284]
~ Files: 20 Legitimates Filtered in 01mn 07s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.0EBAF0E92F5016B98DD5DBBAC887154A] - 21/09/2013 - 17:09:29 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.E12DC193357204BE1D419B5D92318143] - 21/09/2013 - 17:44:45 ---A- - C:\Windows\Prefetch\LMUTILPS32.EXE-9827F12C.pf
O45 - LFCP:[MD5.039AD50AD4E9D34603885D5DF2B94626] - 21/09/2013 - 17:45:33 ---A- - C:\Windows\Prefetch\IMINENT.EXE-DDB5429B.pf =>Adware.IMBooster
O45 - LFCP:[MD5.B5A877968F8DBCB545D79C51D33DA558] - 21/09/2013 - 17:51:57 ---A- - C:\Windows\Prefetch\BYTECODEGENERATOR.EXE-9C808144.pf
~ Prefetcher: 116 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.2D055FAB756A79F5221ADF56EAE4CB3B] - 11/08/2012 - 01:39:56 . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [315280]
~ Drivers: 18 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 21/09/2013 - 17:45:43 ---A- . (...) -- C:\Users\leo\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat [6144] =>Adware.IMBooster
~ 5 Fichiers temporaires (Temporary files)
~ Files: 53 Legitimates Filtered in 04mn 39s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossrider.bic", "13df51a607a334c3958be596142baf08"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationTime", 1365616493); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.backgroundver", 42); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.value", "1365616493"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.value", "1365616493"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.expiration", "Sat Sep 21 2013 18:50:16 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7Bif%28appAPI.installer%26[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.expiration", "Sat Sep 28 2013 16:29:35 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.value", "%22FR%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.value", "1379781910"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.value", "%221378247000%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_delay.value", "24"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_disclosure.value", "1369473339"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_list.expiration", "Sat Sep 21 2013 22:29:40 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22149460%22%2C%22sub_id[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.value", "%221364833271%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.value", "1365616829015"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.value", "%221291%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.value", "%22170209%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.value", "1365616814958"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.description", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%220F4ADA5BEF7245[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.value", "69"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.value", "0"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.expiration", "Sat Sep 21 2013 22:29:34 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+01[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.name", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.ver", 6); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.name", "CrossriderUtils"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.ver", 8); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.ver", 9); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/12765/plugins/091/ff/plugi[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.pluginsversion", 63); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.publisher", "Innovative Apps"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.ver", 69); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.adsOldValue", -1); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.apps", "12765"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.bic", "13df51a607a334c3958be596142baf08"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.cid", 12765); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.installationdate", 1365616779); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.lastcheck", 22996230); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.lastcheckitem", 22996366); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.statsDailyCounter", 7); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} [DefaultScope] - (StartWeb) - http://start.iminent.com =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.2F46A2E37FB05642A0E859545D6B09F7] [SPRF][10/04/2013] (.Iminent - Iminent Setup.) -- C:\Users\leo\AppData\Local\Temp\IminentSetup.exe [854848] =>Adware.IMBooster
[MD5.0DCB060AEA810DFC8A2DBFC84714F0BE] [SPRF][10/04/2013] (.Nosibay - Bubble Dock installer.) -- C:\Users\leo\AppData\Local\Temp\Install_BubbleDock.exe [365152] =>Toolbar.BubbleDock
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{B0601490-2E68-438A-A99A-FE46C4B76E61}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster
O87 - FAEL: "{9F30C9DE-24C6-4EDC-98F7-ED08583D1DD4}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster
~ Firewall: 264 Legitimates Filtered in 00mn 06s
---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "482AA67AD25E6E74E9F48BD5FBE8533C" . (.Iminent Toolbar For Internet Explorer.) -- C:\Documents and Settings\CATA\My Documents\My Received Files\icon.ico =>Adware.IMBooster
O90 - PUC: "ACFD5B980E184AE4A8A0F404781ADD00" . (.Iminent.) -- C:\Windows\Installer\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}\imbooster.ico =>Adware.IMBooster
~ Update Products: 50 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B9E06BB685AE21D88F0449A6269829F3] [WIS][17/05/2012] (.Dolby Laboratories Inc - Dolby Advanced Audio v2.) -- C:\Windows\Installer\18c67.msi [13357056]
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\28d3533.msi [50302976]
[MD5.8DD3503A28BD7EB7BEC3FDF67844CD63] [WIS][10/04/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\291eaacb.msi [10190848] =>Adware.IMBooster
[MD5.1D01F42B0B6FA032731FE6F1A363D528] [WIS][10/04/2013] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\291eaacf.msi [1110016] =>Adware.IMBooster
~ WIS: 50 Legitimates Filtered in 00mn 16s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 27/07/2012 2415760 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
SS - | Demand 08/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 30/07/2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Auto 22/08/2012 348784 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SS - | Demand 11/07/2012 174160 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SR - | Demand 31/07/2012 659600 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SS - | Demand 07/08/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 10/09/2013 335216 | (MfeASUM) . (.McAfee, Inc..) - C:\Program Files\McAfee\AppStats\MfeASUM.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe
SS - | Demand 23/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 11/07/2012 3939008 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
SR - | Auto 31/07/2012 259136 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 05/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 10/08/2013 2864448 | (SProtection) . (.Iminent.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/07/2012 81536 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 22s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by leo at 21/09/2013 19:03:25
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by leo at 21/09/2013 19:03:27
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12924 - (21/09/2013)
Cl�s trouv�es (Keys found) : 354
Valeurs trouv�es (Values found) : 4
Dossiers trouv�s (Folders found) : 17
Fichiers trouv�s (Files found) : 19
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly
[HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Software\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\iminent] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272265}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Bubble Dock =>Toolbar.BubbleDock^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Iminent =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\crossriderapp12765@crossrider.com =>PUP.CrossRider^
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\{C9B68337-E93A-44EA-94DC-CB300EC06444} =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} =>PUP.DealPly^
C:\Program Files (x86)\DealPly =>PUP.DealPly^
C:\Program Files (x86)\Iminent =>Adware.IMBooster^
C:\Program Files (x86)\IMinent Toolbar =>Adware.IMBooster^
C:\Program Files (x86)\Savings Wave =>PUP.CrossRider^
C:\ProgramData\Iminent =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\DealPly =>PUP.DealPly^
C:\Users\leo\AppData\Roaming\Iminent =>Adware.IMBooster^
C:\Users\leo\AppData\Local\Savings Wave =>PUP.CrossRider^
C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly^
C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent =>Adware.IMBooster
C:\Users\leo\AppData\Local\Software =>Adware.Boxore
C:\Users\leo\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\leo\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock^
C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster^
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe =>Toolbar.BubbleDock^
C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster^
C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll =>Adware.IMBooster^
C:\Program Files (x86)\DealPly\DealPlyIE.dll =>PUP.DealPly^
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe =>PUP.DealPly^
C:\Program Files (x86)\DealPly\DealPlyUpdate.exe =>PUP.DealPly^
C:\Windows\Prefetch\IMINENT.EXE-DDB5429B.pf =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat =>Adware.IMBooster^
C:\Users\leo\AppData\Local\Temp\IminentSetup.exe =>Adware.IMBooster^
C:\Users\leo\AppData\Local\Temp\Install_BubbleDock.exe =>Toolbar.BubbleDock^
C:\Documents and Settings\CATA\My Documents\My Received Files\icon.ico =>Adware.IMBooster^
C:\Windows\Installer\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}\imbooster.ico =>Adware.IMBooster^
C:\Windows\Installer\291eaacb.msi =>Adware.IMBooster^
C:\Windows\Installer\291eaacf.msi =>Adware.IMBooster^
~ Additionnel Scan: 262028 Items scanned in 00mn 39s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 13 link(s) detected in 00mn 39s
~ 1131 Legitimates filtered by white list
End of the scan (1047 lines in 10mn 06s)(0)
~ Lanc� par leo (21/09/2013 18:54:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16635
MFIE: Mozilla Firefox 19.0.2 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : QJXVT
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du syst�me
McAfee Internet Security Suite v11.6.477
McAfee Security Scan Plus v3.0.318.3
Windows Defender W8
---\\ Logiciels d'optimisation du syst�me
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3889 MB (53% free)
System Restore: Activ� (Enable)
System drive C: has 623 GB (90%) free of 684 GB
---\\ Mode de connexion au syst�me
~ Computer Name: GIRARD
~ User Name: leo
~ All Users Names: UpdatusUser, leo, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\leo\AppData\Roaming\
~ %Desktop% : C:\Users\leo\Desktop\
~ %Favorites% : C:\Users\leo\Favorites\
~ %LocalAppData% : C:\Users\leo\AppData\Local\
~ %StartMenu% : C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 623 Go of 684 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1210
~ Mes musiques (My Musics) : 1/358
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/26
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lanc�s
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1176176] [PID.2700]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.6076]
[MD5.57CBFE71E03DDE8C1AD9A389F2E5126C] - (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe [666200] [PID.6048] =>Toolbar.BubbleDock
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.5744]
[MD5.704A01D402F0275877E7FA1BB151D997] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056] [PID.620]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.3392]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.6156]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6228]
[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544] [PID.6316]
[MD5.C849445FF9F85A2A58E38E105518B64A] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe [1074736] [PID.6360] =>Adware.IMBooster
[MD5.CC3FDEF742497F1F019B9B852980570D] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784] [PID.6380] =>Adware.IMBooster
[MD5.8D4AFD5F4955A52C39C8C424FE5516D9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.7040]
[MD5.7AE4D6C70C2D7912AB2B4651DF595575] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [990320] [PID.6656]
[MD5.205231FDC04D07D966B055342AF8D02C] - (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe [4663896] [PID.6048] =>Toolbar.BubbleDock
[MD5.EE5D9EB496A1561964D16FB00AEB21B0] - (.Pas de propri�taire - iuBrowserIEAgent.) -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [44176] [PID.7220]
[MD5.6F47E26D714A8B9B6703991AE40B3A1A] - (.Pas de propri�taire - iuEmailOutlookAgent.) -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [25232] [PID.7244]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - H�te Microsoft WWA.) -- C:\Windows\syswow64\wwahost.exe [333824] [PID.5272]
[MD5.94A0298B5A333CA4CF2F3C9DF9AE16AC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7989760] [PID.6540]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\prefs.js
M3 - MFPP: Plugins - [leo] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\StartWeb.xml
M0 - MFSP: prefs.js [leo - wzaag6t1.default] http://start.iminent.com =>Adware.IMBooster
M2 - MFEP: prefs.js [leo - wzaag6t1.default\crossriderapp12765@crossrider.com] [] Savings Wave v (..) =>PUP.CrossRider
M2 - MFEP: prefs.js [leo - wzaag6t1.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v5.30.4 (..) =>Adware.IMBooster
M2 - MFEP: prefs.js [leo - wzaag6t1.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}] [] DealPly v2.0 (..) =>PUP.DealPly
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com =>Adware.IMBooster
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: TBSB01620 [64Bits] - {58124A0B-DC32-4180-9BFF-E0E21AE34026} . (.Pas de propri�taire - IE Toolbar Engine.) -- C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster
O2 - BHO: IMinent WebBooster [64Bits] - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.Iminent - Iminent BHO.) -- C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll =>Adware.IMBooster
O2 - BHO: DealPly [64Bits] - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} . (.DealPly Technologies Ltd - DealPly for Internet Explorer.) -- C:\Program Files (x86)\DealPly\DealPlyIE.dll =>PUP.DealPly
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acer Backup Manager.lnk . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: DJUCED 18.lnk . (.Guillemot Corporation - DJUCED18.) -- C:\Program Files (x86)\DJUCED 18\DJUCED18.exe
O4 - GS\Desktop [Public]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Cl� orpheline
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\mcuicnt.exe
O4 - GS\Program [Public]: Desktop.lnk - Cl� orpheline
O4 - GS\TaskBar [leo]: AcerCloud Docs.lnk . (...) -- C:\Program Files (x86)\Acer\AcerCloud Docs\AcerCloud Docs.exe
O4 - GS\Desktop [leo]: Bubble Dock.lnk . (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock
~ Global Startup: 53 Legitimates Filtered in 00mn 02s
---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - GS\Startup [leo]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BtPreLoad] . (...) -- C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [BakupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Dolby PCEE4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] Cl� orpheline
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Iminent] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster
O4 - HKLM\..\Wow6432Node\Run: [IminentMessenger] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-2936411324-573588799-1250644683-1002\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock
~ Application: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D242BDF-320A-4CDD-91E2-43DC4FD787D4}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D242BDF-320A-4CDD-91E2-43DC4FD787D4}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C3FA6D09-1C7A-452C-9AC8-FCCCDA5130F1}: DhcpNameServer = 192.11.128.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: 28 Legitimates Filtered in 00mn 06s
---\\ T�ches planifi�es en automatique (O39)
[MD5.88C511BE2C6649DAA9DABA888BBDA77E] [APT] [DealPly] (...) -- C:\Users\leo\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe [91704] =>PUP.DealPly
[MD5.4EE862402A5ECEE9A6F291E08B79F2C7] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [78024] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Updater12765.exe] (...) -- C:\Users\leo\AppData\Local\Updater12765\Updater12765.exe (.not file.) [0] =>PUP.CrossRider
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s
---\\ Logiciels install�s (O42)
O42 - Logiciel: DJUCED 18� - (.Guillemot.) [HKLM][64Bits] -- {34F730A3-77BA-4741-A02A-D40762FEF274}
O42 - Logiciel: DealPly - (.DealPly Technologies Ltd.) [HKLM][64Bits] -- DealPly =>PUP.DealPly
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00} =>Adware.IMBooster
~ Logic: 131 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\DealPly] =>PUP.DealPly
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Umbrella]
~ Key Software: 185 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2013 - 19:55:31 - [0,749] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 26/01/2013 - 21:29:36 - [31,022] ----D C:\Program Files (x86)\DJUCED 18
O43 - CFD: 10/04/2013 - 19:52:03 - [17,292] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 10/04/2013 - 19:51:42 - [3,373] ----D C:\Program Files (x86)\IMinent Toolbar =>Adware.IMBooster
O43 - CFD: 10/04/2013 - 19:55:10 - [5,759] ----D C:\Program Files (x86)\Savings Wave =>PUP.CrossRider
O43 - CFD: 21/09/2013 - 16:29:00 - [2,732] ----D C:\Program Files (x86)\Common Files\Umbrella
O43 - CFD: 05/09/2012 - 22:21:28 - [0,041] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 10/04/2013 - 19:51:44 - [0,030] ----D C:\ProgramData\Iminent =>Adware.IMBooster
O43 - CFD: 10/04/2013 - 19:55:28 - [0,087] ----D C:\Users\leo\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 10/04/2013 - 19:51:56 - [0,016] ----D C:\Users\leo\AppData\Roaming\Iminent =>Adware.IMBooster
O43 - CFD: 24/12/2012 - 21:11:46 - [0,084] ----D C:\Users\leo\AppData\Roaming\lm
O43 - CFD: 25/12/2012 - 09:50:37 - [0] ----D C:\Users\leo\AppData\Local\MusicPlayer
O43 - CFD: 10/04/2013 - 19:55:10 - [0,010] ----D C:\Users\leo\AppData\Local\Savings Wave =>PUP.CrossRider
O43 - CFD: 10/04/2013 - 19:55:31 - [0,004] ----D C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
~ Program Folder: 158 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.5BA4AD184D1B0830CFA267E9D48F617A] - 21/09/2013 - 17:21:20 ---A- . (...) -- C:\Windows\SysNative\wpbbin.exe [53284]
O44 - LFC:[MD5.5BA4AD184D1B0830CFA267E9D48F617A] - 21/09/2013 - 17:21:20 RSHAD . (...) -- C:\Windows\System32\wpbbin.exe [53284]
~ Files: 20 Legitimates Filtered in 01mn 07s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.0EBAF0E92F5016B98DD5DBBAC887154A] - 21/09/2013 - 17:09:29 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.E12DC193357204BE1D419B5D92318143] - 21/09/2013 - 17:44:45 ---A- - C:\Windows\Prefetch\LMUTILPS32.EXE-9827F12C.pf
O45 - LFCP:[MD5.039AD50AD4E9D34603885D5DF2B94626] - 21/09/2013 - 17:45:33 ---A- - C:\Windows\Prefetch\IMINENT.EXE-DDB5429B.pf =>Adware.IMBooster
O45 - LFCP:[MD5.B5A877968F8DBCB545D79C51D33DA558] - 21/09/2013 - 17:51:57 ---A- - C:\Windows\Prefetch\BYTECODEGENERATOR.EXE-9C808144.pf
~ Prefetcher: 116 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.2D055FAB756A79F5221ADF56EAE4CB3B] - 11/08/2012 - 01:39:56 . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [315280]
~ Drivers: 18 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 21/09/2013 - 17:45:43 ---A- . (...) -- C:\Users\leo\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat [6144] =>Adware.IMBooster
~ 5 Fichiers temporaires (Temporary files)
~ Files: 53 Legitimates Filtered in 04mn 39s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossrider.bic", "13df51a607a334c3958be596142baf08"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationTime", 1365616493); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.backgroundver", 42); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.value", "1365616493"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.value", "1365616493"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.expiration", "Sat Sep 21 2013 18:50:16 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7Bif%28appAPI.installer%26[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.expiration", "Sat Sep 28 2013 16:29:35 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.value", "%22FR%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.value", "1379781910"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.value", "%221378247000%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_delay.value", "24"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_disclosure.value", "1369473339"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_list.expiration", "Sat Sep 21 2013 22:29:40 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22149460%22%2C%22sub_id[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.value", "%221364833271%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.value", "1365616829015"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.value", "%221291%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.value", "%22170209%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.value", "1365616814958"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.description", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%220F4ADA5BEF7245[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.value", "69"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.value", "0"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.expiration", "Sat Sep 21 2013 22:29:34 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+01[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.name", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.ver", 6); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.name", "CrossriderUtils"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.ver", 8); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.ver", 9); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/12765/plugins/091/ff/plugi[...] =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.pluginsversion", 63); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.publisher", "Innovative Apps"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.12765.ver", 69); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.adsOldValue", -1); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.apps", "12765"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.bic", "13df51a607a334c3958be596142baf08"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.cid", 12765); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.installationdate", 1365616779); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.lastcheck", 22996230); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.lastcheckitem", 22996366); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [leo - wzaag6t1.default] user_pref("extensions.crossriderapp12765.statsDailyCounter", 7); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} [DefaultScope] - (StartWeb) - http://start.iminent.com =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.2F46A2E37FB05642A0E859545D6B09F7] [SPRF][10/04/2013] (.Iminent - Iminent Setup.) -- C:\Users\leo\AppData\Local\Temp\IminentSetup.exe [854848] =>Adware.IMBooster
[MD5.0DCB060AEA810DFC8A2DBFC84714F0BE] [SPRF][10/04/2013] (.Nosibay - Bubble Dock installer.) -- C:\Users\leo\AppData\Local\Temp\Install_BubbleDock.exe [365152] =>Toolbar.BubbleDock
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{B0601490-2E68-438A-A99A-FE46C4B76E61}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster
O87 - FAEL: "{9F30C9DE-24C6-4EDC-98F7-ED08583D1DD4}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster
~ Firewall: 264 Legitimates Filtered in 00mn 06s
---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "482AA67AD25E6E74E9F48BD5FBE8533C" . (.Iminent Toolbar For Internet Explorer.) -- C:\Documents and Settings\CATA\My Documents\My Received Files\icon.ico =>Adware.IMBooster
O90 - PUC: "ACFD5B980E184AE4A8A0F404781ADD00" . (.Iminent.) -- C:\Windows\Installer\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}\imbooster.ico =>Adware.IMBooster
~ Update Products: 50 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B9E06BB685AE21D88F0449A6269829F3] [WIS][17/05/2012] (.Dolby Laboratories Inc - Dolby Advanced Audio v2.) -- C:\Windows\Installer\18c67.msi [13357056]
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\28d3533.msi [50302976]
[MD5.8DD3503A28BD7EB7BEC3FDF67844CD63] [WIS][10/04/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\291eaacb.msi [10190848] =>Adware.IMBooster
[MD5.1D01F42B0B6FA032731FE6F1A363D528] [WIS][10/04/2013] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\291eaacf.msi [1110016] =>Adware.IMBooster
~ WIS: 50 Legitimates Filtered in 00mn 16s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 31/07/2012 207488 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 27/07/2012 2415760 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
SS - | Demand 08/08/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 30/07/2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Auto 22/08/2012 348784 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SS - | Demand 11/07/2012 174160 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SR - | Demand 31/07/2012 659600 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SS - | Demand 07/08/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 10/09/2013 335216 | (MfeASUM) . (.McAfee, Inc..) - C:\Program Files\McAfee\AppStats\MfeASUM.exe
SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe
SS - | Demand 23/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 11/07/2012 3939008 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
SR - | Auto 31/07/2012 259136 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 01/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 05/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 10/08/2013 2864448 | (SProtection) . (.Iminent.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/07/2012 81536 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 22s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by leo at 21/09/2013 19:03:25
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by leo at 21/09/2013 19:03:27
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12924 - (21/09/2013)
Cl�s trouv�es (Keys found) : 354
Valeurs trouv�es (Values found) : 4
Dossiers trouv�s (Folders found) : 17
Fichiers trouv�s (Files found) : 19
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly
[HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Software\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\iminent] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0012765.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272265}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Bubble Dock =>Toolbar.BubbleDock^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Iminent =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\crossriderapp12765@crossrider.com =>PUP.CrossRider^
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\{C9B68337-E93A-44EA-94DC-CB300EC06444} =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\wzaag6t1.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} =>PUP.DealPly^
C:\Program Files (x86)\DealPly =>PUP.DealPly^
C:\Program Files (x86)\Iminent =>Adware.IMBooster^
C:\Program Files (x86)\IMinent Toolbar =>Adware.IMBooster^
C:\Program Files (x86)\Savings Wave =>PUP.CrossRider^
C:\ProgramData\Iminent =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\DealPly =>PUP.DealPly^
C:\Users\leo\AppData\Roaming\Iminent =>Adware.IMBooster^
C:\Users\leo\AppData\Local\Savings Wave =>PUP.CrossRider^
C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly^
C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent =>Adware.IMBooster
C:\Users\leo\AppData\Local\Software =>Adware.Boxore
C:\Users\leo\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\leo\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>Toolbar.BubbleDock^
C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster^
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe =>Toolbar.BubbleDock^
C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster^
C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll =>Adware.IMBooster^
C:\Program Files (x86)\DealPly\DealPlyIE.dll =>PUP.DealPly^
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe =>PUP.DealPly^
C:\Program Files (x86)\DealPly\DealPlyUpdate.exe =>PUP.DealPly^
C:\Windows\Prefetch\IMINENT.EXE-DDB5429B.pf =>Adware.IMBooster^
C:\Users\leo\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat =>Adware.IMBooster^
C:\Users\leo\AppData\Local\Temp\IminentSetup.exe =>Adware.IMBooster^
C:\Users\leo\AppData\Local\Temp\Install_BubbleDock.exe =>Toolbar.BubbleDock^
C:\Documents and Settings\CATA\My Documents\My Received Files\icon.ico =>Adware.IMBooster^
C:\Windows\Installer\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}\imbooster.ico =>Adware.IMBooster^
C:\Windows\Installer\291eaacb.msi =>Adware.IMBooster^
C:\Windows\Installer\291eaacf.msi =>Adware.IMBooster^
~ Additionnel Scan: 262028 Items scanned in 00mn 39s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 13 link(s) detected in 00mn 39s
~ 1131 Legitimates filtered by white list
End of the scan (1047 lines in 10mn 06s)(0)