Pc s eteint seul ecran ,noir
kellykelly
Messages postés
22
Statut
Membre
-
kellykelly Messages postés 22 Statut Membre -
kellykelly Messages postés 22 Statut Membre -
Bonjour a tous
depuis une visite sur chat-land mon page d'accueil Firefox est devenu jerecherche.com
mon écran est devenu tout noir et mon pc s éteint tout seul
merci de bien vouloir m aider
depuis une visite sur chat-land mon page d'accueil Firefox est devenu jerecherche.com
mon écran est devenu tout noir et mon pc s éteint tout seul
merci de bien vouloir m aider
A voir également:
- Pc s eteint seul ecran ,noir
- Double ecran pc - Guide
- Retourner ecran pc - Guide
- Ecran noir pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
3 réponses
bonjour, pourrais tu faire se qui suit , merci
1) passes adwcleaner mode SUPPRESSION
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
si problème avec la sécurité de internet explorer regarde se lien : http://general-changelog-team.fr/fr/accueil/58-multilangue/securite/214-fausse-alerte-du-filtre-smartscreen-sur-le-telechargement-d-adwcleaner
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
2) postes un zhpdiag
Ouvre ce lien et télécharge ZHPDiag :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Enregistres le sur ton Bureau.
Une fois le téléchargement achevé
pour XP, double-clique sur ZHPDiag
pour Vista,et seven ou wind 8 tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.
N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
/|\ l'outil a créé 3 icônes ZHPDiag et ZHPFix et MBRCheck,
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse. "" celle avec le - complètement sur gauche""
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur "choisissez un fichier " et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "créer le lien cjoint".
Un lien de cette forme :
http://cjoint.com/data/0KAoeRbq7Szgg.htm
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://pjjoint.malekal.com/
1) passes adwcleaner mode SUPPRESSION
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
si problème avec la sécurité de internet explorer regarde se lien : http://general-changelog-team.fr/fr/accueil/58-multilangue/securite/214-fausse-alerte-du-filtre-smartscreen-sur-le-telechargement-d-adwcleaner
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
2) postes un zhpdiag
Ouvre ce lien et télécharge ZHPDiag :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Enregistres le sur ton Bureau.
Une fois le téléchargement achevé
pour XP, double-clique sur ZHPDiag
pour Vista,et seven ou wind 8 tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.
N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
/|\ l'outil a créé 3 icônes ZHPDiag et ZHPFix et MBRCheck,
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse. "" celle avec le - complètement sur gauche""
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur "choisissez un fichier " et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "créer le lien cjoint".
Un lien de cette forme :
http://cjoint.com/data/0KAoeRbq7Szgg.htm
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://pjjoint.malekal.com/
coucou
1)
# AdwCleaner v2.303 - Rapport créé le 13/06/2013 à 18:38:09
# Mis à jour le 08/06/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : user - PC-DE-USER
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\user\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Program Files\Delta
Dossier Supprimé : C:\Program Files\Giant Savings Extension
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\BrowserProtect
Dossier Supprimé : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe
Supprimé au redémarrage : C:\ProgramData\AVG Security Toolbar
Supprimé au redémarrage : C:\Windows\system32\prncnfgd
***** [Registre] *****
Clé Supprimée : HKCU\Software\582dd8ab63cb941
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Giant Savings Extension
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\Delta
Clé Supprimée : HKCU\Software\delta LTD
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKLM\SOFTWARE\582dd8ab63cb941
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaappCore
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Delta
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings Extension
Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Appinfo]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.7600.16385
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://jerecherche.org/?v=d --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=343C1C1D67A5117B --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (fr)
-\\ Google Chrome v27.0.1453.110
*************************
AdwCleaner[S3].txt - [376 octets] - [13/06/2013 17:57:31]
AdwCleaner[S4].txt - [9338 octets] - [13/06/2013 18:38:09]
########## EOF - C:\AdwCleaner[S4].txt - [9398 octets] ##########
merci
1)
# AdwCleaner v2.303 - Rapport créé le 13/06/2013 à 18:38:09
# Mis à jour le 08/06/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : user - PC-DE-USER
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\user\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Program Files\Delta
Dossier Supprimé : C:\Program Files\Giant Savings Extension
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\BrowserProtect
Dossier Supprimé : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe
Supprimé au redémarrage : C:\ProgramData\AVG Security Toolbar
Supprimé au redémarrage : C:\Windows\system32\prncnfgd
***** [Registre] *****
Clé Supprimée : HKCU\Software\582dd8ab63cb941
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Giant Savings Extension
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\Delta
Clé Supprimée : HKCU\Software\delta LTD
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKLM\SOFTWARE\582dd8ab63cb941
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaappCore
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Delta
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181110}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings Extension
Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Appinfo]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.7600.16385
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://jerecherche.org/?v=d --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=343C1C1D67A5117B --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (fr)
-\\ Google Chrome v27.0.1453.110
*************************
AdwCleaner[S3].txt - [376 octets] - [13/06/2013 17:57:31]
AdwCleaner[S4].txt - [9338 octets] - [13/06/2013 18:38:09]
########## EOF - C:\AdwCleaner[S4].txt - [9398 octets] ##########
merci
bonjour
je ne le retrouve pas
zhpdiag
Rapport de ZHPDiag v2013.6.10.15 par Nicolas Coolman, Update du 10/06/2013
Run by user at 13/06/2013 18:53:52
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.110
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
McAfee Security Scan Plus v3.0.318.3
Spyware Terminator 2012 v3.0.0.74
Windows Defender W7
---\\ System Optimizer
CCleaner v3.27 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (33%) free of 147 GB
---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 147 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 01:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 5/707
~ Mes musiques (My Musics) : 1/1523
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 12/15566
~ Mon Bureau (My Desktop) : 0/8267
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 02mn 08s
---\\ Processus lancés
[MD5.6BF6E5FAD331DF37728A234DAC17FE34] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587472] [PID.1964]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552] [PID.2784]
[MD5.54C5FCD5500F862B4572C4960265C9F1] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.2792]
[MD5.783F7F39A134AA5A9FE78A137980190B] - (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe [351000] [PID.2832]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.2844] =>Toolbar.Conduit
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.2872]
[MD5.407FA94676AA5EC31D2F561AEBAF0238] - (...) -- C:\Users\user\appinfo.exe [718848] [PID.2884]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\user\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.2896]
[MD5.E6A2593AD58D205535F5BA0AEB231DC1] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.3096]
[MD5.4AA7F70580AC5A7496A66A1A40884D1B] - (.HUAWEI - WiMAX Connection Manager.) -- C:\Program Files\WiMAX Connection Manager\WiMAX Connection Manager.exe [102400] [PID.3700]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4080]
[MD5.3A32FAFEEE290E6E6C058DE59EC4EC88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7478272] [PID.2164]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.3292]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.3692]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\avg_igeared.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [user - nwx53jol.default] http://www.delta-search.com =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [user - nwx53jol.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v1.2 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\extension21810@extension21810.com] [] Giant Savings Extension v1.2 (..) =>Adware.VidSaver
M2 - MFEP: prefs.js [user - nwx53jol.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.6.0.20130418072822 (..)
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\libdivx.dll
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\ssldivx.dll
~ Firefox Browser: 57 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} . (.www.flashget.com - Flashget GetFlash Module.) -- C:\Program Files\FlashGet\getflash.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} Clé orpheline
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\TaskBar: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: FlashGet.lnk . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\flashget.exe
O4 - GS\QuickLaunch: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (...) -- C:\Windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - GS\QuickLaunch: SUPER ©.lnk . (...) -- C:\Program Files\eRightSoft\SUPER\SUPER.exe
O4 - GS\QuickLaunch: Yahoo! Messenger (3).lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\user\Documents
O4 - GS\Desktop: Internet ADSL.lnk - Clé orpheline
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Microsoft Office Access 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
O4 - GS\Desktop: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\Desktop: Microsoft Office Publisher 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -- Clé orpheline
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_3.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.109.2 41.206.65.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Tes (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software - TuneUp Program Statistics Service.) - C:\Windows\System32\TUProgSt.exe
~ Services: 6 Legitimates Filtered in 00mn 35s
---\\ Tâches planifiées en automatique (O39)
[MD5.99EA72BAF1BFCA1FBC372D2307B9C168] [APT] [Updater21810.exe] (.215 Apps.) -- C:\users\user\AppData\Local\Updater21810\Updater21810.exe [206336] =>PUP.SpecialSavings
[MD5.00000000000000000000000000000000] [APT] [{5E7C1D13-5EC5-4E9C-80F5-71FCFF9C0CA0}] (...) -- C:\users\user\Desktop\ST330_VistaSetup_v0.3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7BEC0F68-312E-4C29-BE96-3CA64B6A294B}] (...) -- C:\users\user\Desktop\newyears1_9061.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DB583F8-A7AE-4A59-8EBB-D420598F04B6}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D66B1B84-9938-4553-BE79-CCA4B0534976}] (...) -- F:\PT11G\InstallerFiles\instmsia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ED3A1331-45BA-4B78-9AD4-0EE7CFF67354}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 22s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 66 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: C.I.L. version 2.1 - (...) [HKLM] -- Convertisseur d'Images par Lots_is1
O42 - Logiciel: MSRuntime Libraries - (.Thomson.) [HKLM] -- {ECA2B21B-A180-4775-B93F-6E404E36A8CC}
O42 - Logiciel: My Kingdom for the Princess - (.Nevosoft.) [HKLM] -- My Kingdom for the Princess1.0
~ Logic: 90 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AlexSoft]
[HKCU\Software\Apcr]
[HKCU\Software\DevelopEx]
[HKCU\Software\IncrediMail]
[HKCU\Software\KontextViewer]
[HKCU\Software\SpeedTouch]
[HKLM\Software\Giganology]
[HKLM\Software\Seekeen]
[HKLM\Software\SpeedTouch]
[HKLM\Software\TopLang]
~ Key Software: 206 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/07/2010 - 09:45:12 - [1,088] ----D C:\Program Files\AlexSoft
O43 - CFD: 30/03/2009 - 18:23:12 - [0,004] ----D C:\Program Files\Giganology
O43 - CFD: 09/10/2010 - 11:10:31 - [2,905] ----D C:\Program Files\KontextViewer
O43 - CFD: 30/03/2009 - 18:23:39 - [0] ----D C:\Program Files\made by albarg
O43 - CFD: 30/03/2009 - 18:23:40 - [6,712] ----D C:\Program Files\MakeUp Pilot
O43 - CFD: 30/03/2009 - 18:24:37 - [96,431] ----D C:\Program Files\My Kingdom for the Princess
O43 - CFD: 27/03/2010 - 21:33:24 - [0] ----D C:\Program Files\Seekeen
O43 - CFD: 30/03/2009 - 18:26:04 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/03/2009 - 18:26:04 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 16/10/2012 - 21:29:26 - [0] ----D C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
O43 - CFD: 21/03/2013 - 19:06:03 - [1,943] ----D C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 21/03/2013 - 19:05:16 - [0,009] ----D C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 21/03/2013 - 19:05:54 - [0,259] ----D C:\Users\user\AppData\Roaming\Delta
O43 - CFD: 30/03/2009 - 18:40:19 - [0,001] ----D C:\Users\user\AppData\Roaming\MakeUpPilot
O43 - CFD: 30/03/2009 - 18:40:38 - [0,011] ----D C:\Users\user\AppData\Roaming\Peace Craft
O43 - CFD: 21/03/2013 - 19:06:14 - [0,014] ----D C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
O43 - CFD: 30/03/2009 - 18:38:24 - [9,938] ----D C:\Users\user\AppData\Local\IM
O43 - CFD: 21/03/2013 - 19:05:53 - [0,197] ----D C:\Users\user\AppData\Local\Updater21810 =>PUP.CrossRider
O43 - CFD: 30/03/2009 - 18:40:33 - [0,004] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Kingdom for the Princess
~ 241 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 501 Legitimates Filtered in 01mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.534D78034B774B6266F2189576F8C6E3] - 13/06/2013 - 18:39:07 ---A- . (...) -- C:\Windows\System32\FileLock.TLU [92]
O44 - LFC:[MD5.4D51B93531413652F2678EBBEF2E5753] - 13/06/2013 - 18:39:07 ---A- . (.TopLang Software - File Lock Kernel.) -- C:\Windows\System32\Drivers\FLockXP.sys [25930]
O44 - LFC:[MD5.3355E6A7B2498E14E86BBC4D88E0A753] - 13/06/2013 - 18:38:29 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [441]
~ Files: 15 Legitimates Filtered in 00mn 12s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{b07bbc1c-00d3-11e1-be60-c8564195f3dc}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Flashget [Key] . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.B021D0AE4605CE5DF67F06E741278CDF] - 18/01/2008 - 16:16:22 ---A- . (.MCCI Corporation - Sony Ericsson Device A016 Driver.) -- C:\Windows\System32\Drivers\a016bus.sys [83880]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 13/06/2013 - C:\Windows\System32\Drivers\FLOCKXP.sys (FILELOCK) .(.TopLang Software - File Lock Kernel.) - LEGACY_FILELOCK
~ Legacy: 81 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossrider.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1363892741); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundver", 34); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22/**/%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Mar 28 2013 19:52:08 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22CI%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1363895535"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maro[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22109182%22%2C%22sub_id[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%22109182%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221242%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22160650%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1363895525618"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're [...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Ma[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E3EF711F2A924C[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "50"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (M[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Fri Mar 22 2013 01:51:56 GMT+0000 (Mar[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 35); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21810/plugins/089/ff/plu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsversion", 44); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps"); =>PUP.SpecialSavings
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.ver", 50); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.apps", "21810"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.cid", 21810); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.installationdate", 1363895505); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheck", 22731592); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheckitem", 22731596); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.bbDpng", "21");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.cntry", "CI");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.hdrMd5", "92C9FB14FB0A22A75E12FFBED21B41C2");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.id", "343c20e00000000000001c1d67a5117b");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlDay", "15785");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {74120DA9-995F-42FA-8E3D-ED2D6CEF6B2B} - (AVG Secure Search) - https://search.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! ) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 01s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.0348D153DDEB37F0C7FA1432EA78E352] [SPRF][23/06/2012] (...) -- C:\Users\user\AppData\Local\dzgvugwsp.exe [304128]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\Local\prvlcl.dat [0]
[MD5.55A925E1C0D7795BA0410D861D252366] [SPRF][20/01/2011] (.AdoMado.com - UnInstallAdoMado.) -- C:\Users\user\AppData\Local\UnInstallAdoMado.exe [89088]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\LocalLow\prvlcl.dat [0]
[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][13/06/2013] (...) -- C:\Users\user\Desktop\adwcleaner.exe [648201]
[MD5.2DAB23839765369C6201B7D20E15E612] [SPRF][26/05/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\user\Desktop\install_flashplayer11x32_mssa_aih.exe [2141192]
[MD5.75F76B3B6BAF7DCE26EAF4A597C826D1] [SPRF][14/05/2013] (.Jonathan Kay - Messenger Reviver 2.) -- C:\Users\user\Desktop\MessengerReviver-2-2-2.exe [414720]
[MD5.855402C4B57BB85B8A900A379B24FCE7] [SPRF][14/05/2013] (.Softonic - Softonic Downloader.) -- C:\Users\user\Desktop\SoftonicDownloader_pour_messenger-reviver.exe [393080]
[MD5.8EE509FEE63CB89AB1D763F644ACFED2] [SPRF][13/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\user\Desktop\ZHPDiag2.exe [5676095]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{BC064205-1D11-4423-984F-A57CE8F839F2}" |In - Public - P17 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "{68B5AEAE-7AFB-4FA0-9CB3-6AAE8CEFC026}" |In - Public - P6 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "UDP Query User{18874962-5EFE-42E2-BA39-4D5C104A3770}C:\program files\flashget\flashget.exe" | In - Public - P17 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7D7E9849-A315-4732-B29E-6CF80D738F8C}C:\program files\flashget\flashget.exe" | In - Public - P6 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7CE721EB-27A8-4C00-BCBE-CF9ACCE31319}E:\yoxbf.exe" |In - Public - P6 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
O87 - FAEL: "UDP Query User{49F3BFC3-387B-4686-8358-07E1A2418BBA}E:\yoxbf.exe" |In - Public - P17 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (10/06/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 2
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zuma's Revenge!1.0] =>Adware.PopCap
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Classes\Toolbar3.MHTBPos00] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.MHTBPos00.1] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220222182210}] =>PUP.CrossRider
C:\Program Files\Zuma's Revenge! =>Adware.PopCap
C:\Program Files\Seekeen =>Adware.OneStep
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
C:\Users\user\AppData\LocalLow\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\user\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\user\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe =>Adware.VidSaver
C:\Users\user\AppData\Roaming\Mozilla\Firefox\
je ne le retrouve pas
zhpdiag
Rapport de ZHPDiag v2013.6.10.15 par Nicolas Coolman, Update du 10/06/2013
Run by user at 13/06/2013 18:53:52
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.110
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
McAfee Security Scan Plus v3.0.318.3
Spyware Terminator 2012 v3.0.0.74
Windows Defender W7
---\\ System Optimizer
CCleaner v3.27 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (33%) free of 147 GB
---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 147 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 01:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 5/707
~ Mes musiques (My Musics) : 1/1523
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 12/15566
~ Mon Bureau (My Desktop) : 0/8267
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 02mn 08s
---\\ Processus lancés
[MD5.6BF6E5FAD331DF37728A234DAC17FE34] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587472] [PID.1964]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552] [PID.2784]
[MD5.54C5FCD5500F862B4572C4960265C9F1] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.2792]
[MD5.783F7F39A134AA5A9FE78A137980190B] - (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe [351000] [PID.2832]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.2844] =>Toolbar.Conduit
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.2872]
[MD5.407FA94676AA5EC31D2F561AEBAF0238] - (...) -- C:\Users\user\appinfo.exe [718848] [PID.2884]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\user\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.2896]
[MD5.E6A2593AD58D205535F5BA0AEB231DC1] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.3096]
[MD5.4AA7F70580AC5A7496A66A1A40884D1B] - (.HUAWEI - WiMAX Connection Manager.) -- C:\Program Files\WiMAX Connection Manager\WiMAX Connection Manager.exe [102400] [PID.3700]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4080]
[MD5.3A32FAFEEE290E6E6C058DE59EC4EC88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7478272] [PID.2164]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.3292]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.3692]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\avg_igeared.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [user - nwx53jol.default] http://www.delta-search.com =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [user - nwx53jol.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v1.2 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\extension21810@extension21810.com] [] Giant Savings Extension v1.2 (..) =>Adware.VidSaver
M2 - MFEP: prefs.js [user - nwx53jol.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.6.0.20130418072822 (..)
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\libdivx.dll
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\ssldivx.dll
~ Firefox Browser: 57 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} . (.www.flashget.com - Flashget GetFlash Module.) -- C:\Program Files\FlashGet\getflash.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} Clé orpheline
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\TaskBar: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: FlashGet.lnk . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\flashget.exe
O4 - GS\QuickLaunch: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (...) -- C:\Windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - GS\QuickLaunch: SUPER ©.lnk . (...) -- C:\Program Files\eRightSoft\SUPER\SUPER.exe
O4 - GS\QuickLaunch: Yahoo! Messenger (3).lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\user\Documents
O4 - GS\Desktop: Internet ADSL.lnk - Clé orpheline
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Microsoft Office Access 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
O4 - GS\Desktop: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\Desktop: Microsoft Office Publisher 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -- Clé orpheline
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_3.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.109.2 41.206.65.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Tes (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software - TuneUp Program Statistics Service.) - C:\Windows\System32\TUProgSt.exe
~ Services: 6 Legitimates Filtered in 00mn 35s
---\\ Tâches planifiées en automatique (O39)
[MD5.99EA72BAF1BFCA1FBC372D2307B9C168] [APT] [Updater21810.exe] (.215 Apps.) -- C:\users\user\AppData\Local\Updater21810\Updater21810.exe [206336] =>PUP.SpecialSavings
[MD5.00000000000000000000000000000000] [APT] [{5E7C1D13-5EC5-4E9C-80F5-71FCFF9C0CA0}] (...) -- C:\users\user\Desktop\ST330_VistaSetup_v0.3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7BEC0F68-312E-4C29-BE96-3CA64B6A294B}] (...) -- C:\users\user\Desktop\newyears1_9061.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DB583F8-A7AE-4A59-8EBB-D420598F04B6}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D66B1B84-9938-4553-BE79-CCA4B0534976}] (...) -- F:\PT11G\InstallerFiles\instmsia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ED3A1331-45BA-4B78-9AD4-0EE7CFF67354}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 22s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 66 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: C.I.L. version 2.1 - (...) [HKLM] -- Convertisseur d'Images par Lots_is1
O42 - Logiciel: MSRuntime Libraries - (.Thomson.) [HKLM] -- {ECA2B21B-A180-4775-B93F-6E404E36A8CC}
O42 - Logiciel: My Kingdom for the Princess - (.Nevosoft.) [HKLM] -- My Kingdom for the Princess1.0
~ Logic: 90 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AlexSoft]
[HKCU\Software\Apcr]
[HKCU\Software\DevelopEx]
[HKCU\Software\IncrediMail]
[HKCU\Software\KontextViewer]
[HKCU\Software\SpeedTouch]
[HKLM\Software\Giganology]
[HKLM\Software\Seekeen]
[HKLM\Software\SpeedTouch]
[HKLM\Software\TopLang]
~ Key Software: 206 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/07/2010 - 09:45:12 - [1,088] ----D C:\Program Files\AlexSoft
O43 - CFD: 30/03/2009 - 18:23:12 - [0,004] ----D C:\Program Files\Giganology
O43 - CFD: 09/10/2010 - 11:10:31 - [2,905] ----D C:\Program Files\KontextViewer
O43 - CFD: 30/03/2009 - 18:23:39 - [0] ----D C:\Program Files\made by albarg
O43 - CFD: 30/03/2009 - 18:23:40 - [6,712] ----D C:\Program Files\MakeUp Pilot
O43 - CFD: 30/03/2009 - 18:24:37 - [96,431] ----D C:\Program Files\My Kingdom for the Princess
O43 - CFD: 27/03/2010 - 21:33:24 - [0] ----D C:\Program Files\Seekeen
O43 - CFD: 30/03/2009 - 18:26:04 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/03/2009 - 18:26:04 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 16/10/2012 - 21:29:26 - [0] ----D C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
O43 - CFD: 21/03/2013 - 19:06:03 - [1,943] ----D C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 21/03/2013 - 19:05:16 - [0,009] ----D C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 21/03/2013 - 19:05:54 - [0,259] ----D C:\Users\user\AppData\Roaming\Delta
O43 - CFD: 30/03/2009 - 18:40:19 - [0,001] ----D C:\Users\user\AppData\Roaming\MakeUpPilot
O43 - CFD: 30/03/2009 - 18:40:38 - [0,011] ----D C:\Users\user\AppData\Roaming\Peace Craft
O43 - CFD: 21/03/2013 - 19:06:14 - [0,014] ----D C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
O43 - CFD: 30/03/2009 - 18:38:24 - [9,938] ----D C:\Users\user\AppData\Local\IM
O43 - CFD: 21/03/2013 - 19:05:53 - [0,197] ----D C:\Users\user\AppData\Local\Updater21810 =>PUP.CrossRider
O43 - CFD: 30/03/2009 - 18:40:33 - [0,004] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Kingdom for the Princess
~ 241 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 501 Legitimates Filtered in 01mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.534D78034B774B6266F2189576F8C6E3] - 13/06/2013 - 18:39:07 ---A- . (...) -- C:\Windows\System32\FileLock.TLU [92]
O44 - LFC:[MD5.4D51B93531413652F2678EBBEF2E5753] - 13/06/2013 - 18:39:07 ---A- . (.TopLang Software - File Lock Kernel.) -- C:\Windows\System32\Drivers\FLockXP.sys [25930]
O44 - LFC:[MD5.3355E6A7B2498E14E86BBC4D88E0A753] - 13/06/2013 - 18:38:29 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [441]
~ Files: 15 Legitimates Filtered in 00mn 12s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{b07bbc1c-00d3-11e1-be60-c8564195f3dc}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Flashget [Key] . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.B021D0AE4605CE5DF67F06E741278CDF] - 18/01/2008 - 16:16:22 ---A- . (.MCCI Corporation - Sony Ericsson Device A016 Driver.) -- C:\Windows\System32\Drivers\a016bus.sys [83880]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 13/06/2013 - C:\Windows\System32\Drivers\FLOCKXP.sys (FILELOCK) .(.TopLang Software - File Lock Kernel.) - LEGACY_FILELOCK
~ Legacy: 81 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossrider.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1363892741); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundver", 34); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22/**/%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Mar 28 2013 19:52:08 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22CI%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1363895535"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maro[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22109182%22%2C%22sub_id[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%22109182%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221242%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22160650%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1363895525618"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're [...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Ma[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E3EF711F2A924C[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "50"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (M[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Fri Mar 22 2013 01:51:56 GMT+0000 (Mar[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 35); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21810/plugins/089/ff/plu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsversion", 44); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps"); =>PUP.SpecialSavings
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.ver", 50); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.apps", "21810"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.cid", 21810); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.installationdate", 1363895505); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheck", 22731592); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheckitem", 22731596); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.bbDpng", "21");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.cntry", "CI");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.hdrMd5", "92C9FB14FB0A22A75E12FFBED21B41C2");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.id", "343c20e00000000000001c1d67a5117b");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlDay", "15785");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {74120DA9-995F-42FA-8E3D-ED2D6CEF6B2B} - (AVG Secure Search) - https://search.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! ) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 01s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.0348D153DDEB37F0C7FA1432EA78E352] [SPRF][23/06/2012] (...) -- C:\Users\user\AppData\Local\dzgvugwsp.exe [304128]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\Local\prvlcl.dat [0]
[MD5.55A925E1C0D7795BA0410D861D252366] [SPRF][20/01/2011] (.AdoMado.com - UnInstallAdoMado.) -- C:\Users\user\AppData\Local\UnInstallAdoMado.exe [89088]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\LocalLow\prvlcl.dat [0]
[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][13/06/2013] (...) -- C:\Users\user\Desktop\adwcleaner.exe [648201]
[MD5.2DAB23839765369C6201B7D20E15E612] [SPRF][26/05/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\user\Desktop\install_flashplayer11x32_mssa_aih.exe [2141192]
[MD5.75F76B3B6BAF7DCE26EAF4A597C826D1] [SPRF][14/05/2013] (.Jonathan Kay - Messenger Reviver 2.) -- C:\Users\user\Desktop\MessengerReviver-2-2-2.exe [414720]
[MD5.855402C4B57BB85B8A900A379B24FCE7] [SPRF][14/05/2013] (.Softonic - Softonic Downloader.) -- C:\Users\user\Desktop\SoftonicDownloader_pour_messenger-reviver.exe [393080]
[MD5.8EE509FEE63CB89AB1D763F644ACFED2] [SPRF][13/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\user\Desktop\ZHPDiag2.exe [5676095]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{BC064205-1D11-4423-984F-A57CE8F839F2}" |In - Public - P17 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "{68B5AEAE-7AFB-4FA0-9CB3-6AAE8CEFC026}" |In - Public - P6 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "UDP Query User{18874962-5EFE-42E2-BA39-4D5C104A3770}C:\program files\flashget\flashget.exe" | In - Public - P17 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7D7E9849-A315-4732-B29E-6CF80D738F8C}C:\program files\flashget\flashget.exe" | In - Public - P6 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7CE721EB-27A8-4C00-BCBE-CF9ACCE31319}E:\yoxbf.exe" |In - Public - P6 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
O87 - FAEL: "UDP Query User{49F3BFC3-387B-4686-8358-07E1A2418BBA}E:\yoxbf.exe" |In - Public - P17 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (10/06/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 2
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zuma's Revenge!1.0] =>Adware.PopCap
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Classes\Toolbar3.MHTBPos00] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.MHTBPos00.1] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220222182210}] =>PUP.CrossRider
C:\Program Files\Zuma's Revenge! =>Adware.PopCap
C:\Program Files\Seekeen =>Adware.OneStep
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
C:\Users\user\AppData\LocalLow\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\user\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\user\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe =>Adware.VidSaver
C:\Users\user\AppData\Roaming\Mozilla\Firefox\
bonjour
c est une copie après j avais vista original et mon technicien après une panne ma ramené cette copie
Rapport de ZHPDiag v2013.6.10.15 par Nicolas Coolman, Update du 10/06/2013
Run by user at 13/06/2013 18:53:52
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.110
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
McAfee Security Scan Plus v3.0.318.3
Spyware Terminator 2012 v3.0.0.74
Windows Defender W7
---\\ System Optimizer
CCleaner v3.27 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (33%) free of 147 GB
---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 147 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 01:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 5/707
~ Mes musiques (My Musics) : 1/1523
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 12/15566
~ Mon Bureau (My Desktop) : 0/8267
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 02mn 08s
---\\ Processus lancés
[MD5.6BF6E5FAD331DF37728A234DAC17FE34] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587472] [PID.1964]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552] [PID.2784]
[MD5.54C5FCD5500F862B4572C4960265C9F1] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.2792]
[MD5.783F7F39A134AA5A9FE78A137980190B] - (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe [351000] [PID.2832]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.2844] =>Toolbar.Conduit
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.2872]
[MD5.407FA94676AA5EC31D2F561AEBAF0238] - (...) -- C:\Users\user\appinfo.exe [718848] [PID.2884]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\user\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.2896]
[MD5.E6A2593AD58D205535F5BA0AEB231DC1] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.3096]
[MD5.4AA7F70580AC5A7496A66A1A40884D1B] - (.HUAWEI - WiMAX Connection Manager.) -- C:\Program Files\WiMAX Connection Manager\WiMAX Connection Manager.exe [102400] [PID.3700]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4080]
[MD5.3A32FAFEEE290E6E6C058DE59EC4EC88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7478272] [PID.2164]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.3292]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.3692]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\avg_igeared.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [user - nwx53jol.default] http://www.delta-search.com =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [user - nwx53jol.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v1.2 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\extension21810@extension21810.com] [] Giant Savings Extension v1.2 (..) =>Adware.VidSaver
M2 - MFEP: prefs.js [user - nwx53jol.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.6.0.20130418072822 (..)
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\libdivx.dll
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\ssldivx.dll
~ Firefox Browser: 57 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} . (.www.flashget.com - Flashget GetFlash Module.) -- C:\Program Files\FlashGet\getflash.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} Clé orpheline
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\TaskBar: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: FlashGet.lnk . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\flashget.exe
O4 - GS\QuickLaunch: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (...) -- C:\Windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - GS\QuickLaunch: SUPER ©.lnk . (...) -- C:\Program Files\eRightSoft\SUPER\SUPER.exe
O4 - GS\QuickLaunch: Yahoo! Messenger (3).lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\user\Documents
O4 - GS\Desktop: Internet ADSL.lnk - Clé orpheline
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Microsoft Office Access 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
O4 - GS\Desktop: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\Desktop: Microsoft Office Publisher 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -- Clé orpheline
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_3.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.109.2 41.206.65.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Tes (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software - TuneUp Program Statistics Service.) - C:\Windows\System32\TUProgSt.exe
~ Services: 6 Legitimates Filtered in 00mn 35s
---\\ Tâches planifiées en automatique (O39)
[MD5.99EA72BAF1BFCA1FBC372D2307B9C168] [APT] [Updater21810.exe] (.215 Apps.) -- C:\users\user\AppData\Local\Updater21810\Updater21810.exe [206336] =>PUP.SpecialSavings
[MD5.00000000000000000000000000000000] [APT] [{5E7C1D13-5EC5-4E9C-80F5-71FCFF9C0CA0}] (...) -- C:\users\user\Desktop\ST330_VistaSetup_v0.3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7BEC0F68-312E-4C29-BE96-3CA64B6A294B}] (...) -- C:\users\user\Desktop\newyears1_9061.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DB583F8-A7AE-4A59-8EBB-D420598F04B6}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D66B1B84-9938-4553-BE79-CCA4B0534976}] (...) -- F:\PT11G\InstallerFiles\instmsia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ED3A1331-45BA-4B78-9AD4-0EE7CFF67354}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 22s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 66 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: C.I.L. version 2.1 - (...) [HKLM] -- Convertisseur d'Images par Lots_is1
O42 - Logiciel: MSRuntime Libraries - (.Thomson.) [HKLM] -- {ECA2B21B-A180-4775-B93F-6E404E36A8CC}
O42 - Logiciel: My Kingdom for the Princess - (.Nevosoft.) [HKLM] -- My Kingdom for the Princess1.0
~ Logic: 90 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AlexSoft]
[HKCU\Software\Apcr]
[HKCU\Software\DevelopEx]
[HKCU\Software\IncrediMail]
[HKCU\Software\KontextViewer]
[HKCU\Software\SpeedTouch]
[HKLM\Software\Giganology]
[HKLM\Software\Seekeen]
[HKLM\Software\SpeedTouch]
[HKLM\Software\TopLang]
~ Key Software: 206 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/07/2010 - 09:45:12 - [1,088] ----D C:\Program Files\AlexSoft
O43 - CFD: 30/03/2009 - 18:23:12 - [0,004] ----D C:\Program Files\Giganology
O43 - CFD: 09/10/2010 - 11:10:31 - [2,905] ----D C:\Program Files\KontextViewer
O43 - CFD: 30/03/2009 - 18:23:39 - [0] ----D C:\Program Files\made by albarg
O43 - CFD: 30/03/2009 - 18:23:40 - [6,712] ----D C:\Program Files\MakeUp Pilot
O43 - CFD: 30/03/2009 - 18:24:37 - [96,431] ----D C:\Program Files\My Kingdom for the Princess
O43 - CFD: 27/03/2010 - 21:33:24 - [0] ----D C:\Program Files\Seekeen
O43 - CFD: 30/03/2009 - 18:26:04 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/03/2009 - 18:26:04 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 16/10/2012 - 21:29:26 - [0] ----D C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
O43 - CFD: 21/03/2013 - 19:06:03 - [1,943] ----D C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 21/03/2013 - 19:05:16 - [0,009] ----D C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 21/03/2013 - 19:05:54 - [0,259] ----D C:\Users\user\AppData\Roaming\Delta
O43 - CFD: 30/03/2009 - 18:40:19 - [0,001] ----D C:\Users\user\AppData\Roaming\MakeUpPilot
O43 - CFD: 30/03/2009 - 18:40:38 - [0,011] ----D C:\Users\user\AppData\Roaming\Peace Craft
O43 - CFD: 21/03/2013 - 19:06:14 - [0,014] ----D C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
O43 - CFD: 30/03/2009 - 18:38:24 - [9,938] ----D C:\Users\user\AppData\Local\IM
O43 - CFD: 21/03/2013 - 19:05:53 - [0,197] ----D C:\Users\user\AppData\Local\Updater21810 =>PUP.CrossRider
O43 - CFD: 30/03/2009 - 18:40:33 - [0,004] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Kingdom for the Princess
~ 241 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 501 Legitimates Filtered in 01mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.534D78034B774B6266F2189576F8C6E3] - 13/06/2013 - 18:39:07 ---A- . (...) -- C:\Windows\System32\FileLock.TLU [92]
O44 - LFC:[MD5.4D51B93531413652F2678EBBEF2E5753] - 13/06/2013 - 18:39:07 ---A- . (.TopLang Software - File Lock Kernel.) -- C:\Windows\System32\Drivers\FLockXP.sys [25930]
O44 - LFC:[MD5.3355E6A7B2498E14E86BBC4D88E0A753] - 13/06/2013 - 18:38:29 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [441]
~ Files: 15 Legitimates Filtered in 00mn 12s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{b07bbc1c-00d3-11e1-be60-c8564195f3dc}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Flashget [Key] . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.B021D0AE4605CE5DF67F06E741278CDF] - 18/01/2008 - 16:16:22 ---A- . (.MCCI Corporation - Sony Ericsson Device A016 Driver.) -- C:\Windows\System32\Drivers\a016bus.sys [83880]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 13/06/2013 - C:\Windows\System32\Drivers\FLOCKXP.sys (FILELOCK) .(.TopLang Software - File Lock Kernel.) - LEGACY_FILELOCK
~ Legacy: 81 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossrider.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1363892741); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundver", 34); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22/**/%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Mar 28 2013 19:52:08 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22CI%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1363895535"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maro[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22109182%22%2C%22sub_id[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%22109182%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221242%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22160650%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1363895525618"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're [...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Ma[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E3EF711F2A924C[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "50"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (M[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Fri Mar 22 2013 01:51:56 GMT+0000 (Mar[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 35); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21810/plugins/089/ff/plu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsversion", 44); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps"); =>PUP.SpecialSavings
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.ver", 50); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.apps", "21810"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.cid", 21810); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.installationdate", 1363895505); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheck", 22731592); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheckitem", 22731596); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.bbDpng", "21");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.cntry", "CI");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.hdrMd5", "92C9FB14FB0A22A75E12FFBED21B41C2");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.id", "343c20e00000000000001c1d67a5117b");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlDay", "15785");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {74120DA9-995F-42FA-8E3D-ED2D6CEF6B2B} - (AVG Secure Search) - https://search.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! ) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 01s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.0348D153DDEB37F0C7FA1432EA78E352] [SPRF][23/06/2012] (...) -- C:\Users\user\AppData\Local\dzgvugwsp.exe [304128]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\Local\prvlcl.dat [0]
[MD5.55A925E1C0D7795BA0410D861D252366] [SPRF][20/01/2011] (.AdoMado.com - UnInstallAdoMado.) -- C:\Users\user\AppData\Local\UnInstallAdoMado.exe [89088]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\LocalLow\prvlcl.dat [0]
[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][13/06/2013] (...) -- C:\Users\user\Desktop\adwcleaner.exe [648201]
[MD5.2DAB23839765369C6201B7D20E15E612] [SPRF][26/05/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\user\Desktop\install_flashplayer11x32_mssa_aih.exe [2141192]
[MD5.75F76B3B6BAF7DCE26EAF4A597C826D1] [SPRF][14/05/2013] (.Jonathan Kay - Messenger Reviver 2.) -- C:\Users\user\Desktop\MessengerReviver-2-2-2.exe [414720]
[MD5.855402C4B57BB85B8A900A379B24FCE7] [SPRF][14/05/2013] (.Softonic - Softonic Downloader.) -- C:\Users\user\Desktop\SoftonicDownloader_pour_messenger-reviver.exe [393080]
[MD5.8EE509FEE63CB89AB1D763F644ACFED2] [SPRF][13/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\user\Desktop\ZHPDiag2.exe [5676095]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{BC064205-1D11-4423-984F-A57CE8F839F2}" |In - Public - P17 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "{68B5AEAE-7AFB-4FA0-9CB3-6AAE8CEFC026}" |In - Public - P6 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "UDP Query User{18874962-5EFE-42E2-BA39-4D5C104A3770}C:\program files\flashget\flashget.exe" | In - Public - P17 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7D7E9849-A315-4732-B29E-6CF80D738F8C}C:\program files\flashget\flashget.exe" | In - Public - P6 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7CE721EB-27A8-4C00-BCBE-CF9ACCE31319}E:\yoxbf.exe" |In - Public - P6 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
O87 - FAEL: "UDP Query User{49F3BFC3-387B-4686-8358-07E1A2418BBA}E:\yoxbf.exe" |In - Public - P17 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (10/06/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 2
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zuma's Revenge!1.0] =>Adware.PopCap
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Classes\Toolbar3.MHTBPos00] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.MHTBPos00.1] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220222182210}] =>PUP.CrossRider
C:\Program Files\Zuma's Revenge! =>Adware.PopCap
C:\Program Files\Seekeen =>Adware.OneStep
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
C:\Users\user\AppData\LocalLow\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\user\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\user\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe =>Adware.VidSav
c est une copie après j avais vista original et mon technicien après une panne ma ramené cette copie
Rapport de ZHPDiag v2013.6.10.15 par Nicolas Coolman, Update du 10/06/2013
Run by user at 13/06/2013 18:53:52
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.110
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
McAfee Security Scan Plus v3.0.318.3
Spyware Terminator 2012 v3.0.0.74
Windows Defender W7
---\\ System Optimizer
CCleaner v3.27 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (33%) free of 147 GB
---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 147 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 01:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 5/707
~ Mes musiques (My Musics) : 1/1523
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 12/15566
~ Mon Bureau (My Desktop) : 0/8267
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 02mn 08s
---\\ Processus lancés
[MD5.6BF6E5FAD331DF37728A234DAC17FE34] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587472] [PID.1964]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552] [PID.2784]
[MD5.54C5FCD5500F862B4572C4960265C9F1] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.2792]
[MD5.783F7F39A134AA5A9FE78A137980190B] - (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe [351000] [PID.2832]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.2844] =>Toolbar.Conduit
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.2872]
[MD5.407FA94676AA5EC31D2F561AEBAF0238] - (...) -- C:\Users\user\appinfo.exe [718848] [PID.2884]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\user\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.2896]
[MD5.E6A2593AD58D205535F5BA0AEB231DC1] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.3096]
[MD5.4AA7F70580AC5A7496A66A1A40884D1B] - (.HUAWEI - WiMAX Connection Manager.) -- C:\Program Files\WiMAX Connection Manager\WiMAX Connection Manager.exe [102400] [PID.3700]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4080]
[MD5.3A32FAFEEE290E6E6C058DE59EC4EC88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7478272] [PID.2164]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.3292]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.3692]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nwx53jol.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\avg_igeared.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\WebSearch.xml
M0 - MFSP: prefs.js [user - nwx53jol.default] http://www.delta-search.com =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [user - nwx53jol.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v1.2 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\extension21810@extension21810.com] [] Giant Savings Extension v1.2 (..) =>Adware.VidSaver
M2 - MFEP: prefs.js [user - nwx53jol.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (..)
M2 - MFEP: prefs.js [user - nwx53jol.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.6.0.20130418072822 (..)
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\libdivx.dll
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, https://www.openssl.org/ - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\ssldivx.dll
~ Firefox Browser: 57 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} . (.www.flashget.com - Flashget GetFlash Module.) -- C:\Program Files\FlashGet\getflash.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} Clé orpheline
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [L08FXLRD_509358] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-888570132-3422824007-3177497335-1000\..\Run: [appinfo] C:\Users\userappinfo.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\TaskBar: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: FlashGet.lnk . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\flashget.exe
O4 - GS\QuickLaunch: Free M4a to MP3 Converter.lnk . (.ManiacTools - Pas de description.) -- C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (...) -- C:\Windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - GS\QuickLaunch: SUPER ©.lnk . (...) -- C:\Program Files\eRightSoft\SUPER\SUPER.exe
O4 - GS\QuickLaunch: Yahoo! Messenger (3).lnk . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop: Documents.lnk . (...) -- C:\Users\user\Documents
O4 - GS\Desktop: Internet ADSL.lnk - Clé orpheline
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Microsoft Office Access 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
O4 - GS\Desktop: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\Desktop: Microsoft Office Publisher 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -- Clé orpheline
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_3.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpNameServer = 213.136.109.2 41.206.65.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{835FBF4C-E737-4709-99C1-CB9415955235}: DhcpDomain = mtn.ci
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.109.2 41.206.65.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Tes (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software - TuneUp Program Statistics Service.) - C:\Windows\System32\TUProgSt.exe
~ Services: 6 Legitimates Filtered in 00mn 35s
---\\ Tâches planifiées en automatique (O39)
[MD5.99EA72BAF1BFCA1FBC372D2307B9C168] [APT] [Updater21810.exe] (.215 Apps.) -- C:\users\user\AppData\Local\Updater21810\Updater21810.exe [206336] =>PUP.SpecialSavings
[MD5.00000000000000000000000000000000] [APT] [{5E7C1D13-5EC5-4E9C-80F5-71FCFF9C0CA0}] (...) -- C:\users\user\Desktop\ST330_VistaSetup_v0.3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7BEC0F68-312E-4C29-BE96-3CA64B6A294B}] (...) -- C:\users\user\Desktop\newyears1_9061.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9DB583F8-A7AE-4A59-8EBB-D420598F04B6}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D66B1B84-9938-4553-BE79-CCA4B0534976}] (...) -- F:\PT11G\InstallerFiles\instmsia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ED3A1331-45BA-4B78-9AD4-0EE7CFF67354}] (...) -- C:\Program Files\Thomson\ST330\drivers\x64\installer\installInf.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 22s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 66 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: C.I.L. version 2.1 - (...) [HKLM] -- Convertisseur d'Images par Lots_is1
O42 - Logiciel: MSRuntime Libraries - (.Thomson.) [HKLM] -- {ECA2B21B-A180-4775-B93F-6E404E36A8CC}
O42 - Logiciel: My Kingdom for the Princess - (.Nevosoft.) [HKLM] -- My Kingdom for the Princess1.0
~ Logic: 90 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AlexSoft]
[HKCU\Software\Apcr]
[HKCU\Software\DevelopEx]
[HKCU\Software\IncrediMail]
[HKCU\Software\KontextViewer]
[HKCU\Software\SpeedTouch]
[HKLM\Software\Giganology]
[HKLM\Software\Seekeen]
[HKLM\Software\SpeedTouch]
[HKLM\Software\TopLang]
~ Key Software: 206 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/07/2010 - 09:45:12 - [1,088] ----D C:\Program Files\AlexSoft
O43 - CFD: 30/03/2009 - 18:23:12 - [0,004] ----D C:\Program Files\Giganology
O43 - CFD: 09/10/2010 - 11:10:31 - [2,905] ----D C:\Program Files\KontextViewer
O43 - CFD: 30/03/2009 - 18:23:39 - [0] ----D C:\Program Files\made by albarg
O43 - CFD: 30/03/2009 - 18:23:40 - [6,712] ----D C:\Program Files\MakeUp Pilot
O43 - CFD: 30/03/2009 - 18:24:37 - [96,431] ----D C:\Program Files\My Kingdom for the Princess
O43 - CFD: 27/03/2010 - 21:33:24 - [0] ----D C:\Program Files\Seekeen
O43 - CFD: 30/03/2009 - 18:26:04 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/03/2009 - 18:26:04 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 16/10/2012 - 21:29:26 - [0] ----D C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
O43 - CFD: 21/03/2013 - 19:06:03 - [1,943] ----D C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 21/03/2013 - 19:05:16 - [0,009] ----D C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 21/03/2013 - 19:05:54 - [0,259] ----D C:\Users\user\AppData\Roaming\Delta
O43 - CFD: 30/03/2009 - 18:40:19 - [0,001] ----D C:\Users\user\AppData\Roaming\MakeUpPilot
O43 - CFD: 30/03/2009 - 18:40:38 - [0,011] ----D C:\Users\user\AppData\Roaming\Peace Craft
O43 - CFD: 21/03/2013 - 19:06:14 - [0,014] ----D C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
O43 - CFD: 30/03/2009 - 18:38:24 - [9,938] ----D C:\Users\user\AppData\Local\IM
O43 - CFD: 21/03/2013 - 19:05:53 - [0,197] ----D C:\Users\user\AppData\Local\Updater21810 =>PUP.CrossRider
O43 - CFD: 30/03/2009 - 18:40:33 - [0,004] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Kingdom for the Princess
~ 241 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 501 Legitimates Filtered in 01mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.534D78034B774B6266F2189576F8C6E3] - 13/06/2013 - 18:39:07 ---A- . (...) -- C:\Windows\System32\FileLock.TLU [92]
O44 - LFC:[MD5.4D51B93531413652F2678EBBEF2E5753] - 13/06/2013 - 18:39:07 ---A- . (.TopLang Software - File Lock Kernel.) -- C:\Windows\System32\Drivers\FLockXP.sys [25930]
O44 - LFC:[MD5.3355E6A7B2498E14E86BBC4D88E0A753] - 13/06/2013 - 18:38:29 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [441]
~ Files: 15 Legitimates Filtered in 00mn 12s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{b07bbc1c-00d3-11e1-be60-c8564195f3dc}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Flashget [Key] . (.FlashGet.com - FlashGet.) -- C:\Program Files\FlashGet\FlashGet.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.B021D0AE4605CE5DF67F06E741278CDF] - 18/01/2008 - 16:16:22 ---A- . (.MCCI Corporation - Sony Ericsson Device A016 Driver.) -- C:\Windows\System32\Drivers\a016bus.sys [83880]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 13/06/2013 - C:\Windows\System32\Drivers\FLOCKXP.sys (FILELOCK) .(.TopLang Software - File Lock Kernel.) - LEGACY_FILELOCK
~ Legacy: 81 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossrider.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1363892741); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.backgroundver", 34); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1363892741"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22/**/%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Thu Mar 21 2013 19:57:15 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Mar 28 2013 19:52:08 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22CI%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1363895535"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maro[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22109182%22%2C%22sub_id[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221363714804%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%22109182%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221242%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22160650%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1363895525618"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're [...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Ma[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E3EF711F2A924C[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "50"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (M[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Fri Mar 22 2013 01:51:56 GMT+0000 (Mar[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 35); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.ver", 1); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21810/plugins/089/ff/plu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.pluginsversion", 44); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps"); =>PUP.SpecialSavings
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.21810.ver", 50); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.apps", "21810"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.bic", "13d8e81d0bb39134a3e9b547d3878060"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.cid", 21810); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.installationdate", 1363895505); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheck", 22731592); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.lastcheckitem", 22731596); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.crossriderapp21810.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.bbDpng", "21");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.cntry", "CI");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.hdrMd5", "92C9FB14FB0A22A75E12FFBED21B41C2");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.id", "343c20e00000000000001c1d67a5117b");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlDay", "15785");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsnTs", "1.8.10.019:06:01");
O69 - SBI: prefs.js [user - nwx53jol.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {74120DA9-995F-42FA-8E3D-ED2D6CEF6B2B} - (AVG Secure Search) - https://search.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! ) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 01s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.0348D153DDEB37F0C7FA1432EA78E352] [SPRF][23/06/2012] (...) -- C:\Users\user\AppData\Local\dzgvugwsp.exe [304128]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\Local\prvlcl.dat [0]
[MD5.55A925E1C0D7795BA0410D861D252366] [SPRF][20/01/2011] (.AdoMado.com - UnInstallAdoMado.) -- C:\Users\user\AppData\Local\UnInstallAdoMado.exe [89088]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][01/11/2011] (...) -- C:\Users\user\AppData\LocalLow\prvlcl.dat [0]
[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][13/06/2013] (...) -- C:\Users\user\Desktop\adwcleaner.exe [648201]
[MD5.2DAB23839765369C6201B7D20E15E612] [SPRF][26/05/2013] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\user\Desktop\install_flashplayer11x32_mssa_aih.exe [2141192]
[MD5.75F76B3B6BAF7DCE26EAF4A597C826D1] [SPRF][14/05/2013] (.Jonathan Kay - Messenger Reviver 2.) -- C:\Users\user\Desktop\MessengerReviver-2-2-2.exe [414720]
[MD5.855402C4B57BB85B8A900A379B24FCE7] [SPRF][14/05/2013] (.Softonic - Softonic Downloader.) -- C:\Users\user\Desktop\SoftonicDownloader_pour_messenger-reviver.exe [393080]
[MD5.8EE509FEE63CB89AB1D763F644ACFED2] [SPRF][13/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\user\Desktop\ZHPDiag2.exe [5676095]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{BC064205-1D11-4423-984F-A57CE8F839F2}" |In - Public - P17 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "{68B5AEAE-7AFB-4FA0-9CB3-6AAE8CEFC026}" |In - Public - P6 - TRUE | .(...) -- F:\STHIWv\stInstall.exe (.not file.)
O87 - FAEL: "UDP Query User{18874962-5EFE-42E2-BA39-4D5C104A3770}C:\program files\flashget\flashget.exe" | In - Public - P17 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7D7E9849-A315-4732-B29E-6CF80D738F8C}C:\program files\flashget\flashget.exe" | In - Public - P6 - TRUE | .(.FlashGet.com - FlashGet.) -- C:\program files\flashget\flashget.exe
O87 - FAEL: "TCP Query User{7CE721EB-27A8-4C00-BCBE-CF9ACCE31319}E:\yoxbf.exe" |In - Public - P6 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
O87 - FAEL: "UDP Query User{49F3BFC3-387B-4686-8358-07E1A2418BBA}E:\yoxbf.exe" |In - Public - P17 - TRUE | .(...) -- E:\yoxbf.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (10/06/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 13
Fichiers trouvés (Files found) : 2
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zuma's Revenge!1.0] =>Adware.PopCap
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Classes\Toolbar3.MHTBPos00] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.MHTBPos00.1] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220222182210}] =>PUP.CrossRider
C:\Program Files\Zuma's Revenge! =>Adware.PopCap
C:\Program Files\Seekeen =>Adware.OneStep
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\ProgramData\PC Registry Cleaner =>Rogue.PCRegistryCleaner
C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\user\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\user\AppData\Local\Giant Savings Extension =>Adware.VidSaver
C:\Users\user\AppData\LocalLow\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\user\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\user\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe =>Adware.VidSav
c est une copie après j avais vista original et mon technicien après une panne ma ramené cette copie
copie mais sans clé de licence valide ?? https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows
normalement nous aidons pas sur un pc qui est comme le lien pas sur une version légal de windows !
car déjà nous nous battons contre toutes sorte de piratage , et puis sur un windows dont on ignore se qui a été modifier on rique de planter le pc avec certain outils !!
et puis toi tu nous aide pas en ne suivant pas la procédure comme expliqué !! cela risque d'être compliqué pour les outils à venir si il y a ??
car tu as recoller le rapport de zhpdiag alors que sur le forum il passe pas car trop long !! donc encore une fois pas entier !!
copie mais sans clé de licence valide ?? https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows
normalement nous aidons pas sur un pc qui est comme le lien pas sur une version légal de windows !
car déjà nous nous battons contre toutes sorte de piratage , et puis sur un windows dont on ignore se qui a été modifier on rique de planter le pc avec certain outils !!
et puis toi tu nous aide pas en ne suivant pas la procédure comme expliqué !! cela risque d'être compliqué pour les outils à venir si il y a ??
car tu as recoller le rapport de zhpdiag alors que sur le forum il passe pas car trop long !! donc encore une fois pas entier !!
