besoin d’aide 2013-08-22T14:13:24+00:00
  • Auteur
    Messages
  • cedric
    Participant
    Post count: 9

    UsbFix
    [spoiler:2k9aa89o]Utilisateur: Bretagne (Administrateur) # MJKB
    Mis à jour le 20/08/2013 par El Desaparecido
    Lancé à 16:10:18 | 22/08/2013

    Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: viewtopic.php?f=6&t=489
    Contact: eldesaparecido@sosvirus.net

    PC: SAMSUNG ELECTRONICS CO., LTD. (N150P/N210P/N220P ) (X86-based PC)
    CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1662)
    RAM -> [Total : 1013 | Free : 494]
    BIOS: Phoenix SecureCore(tm) NB Version 01KY.M008.20100430.RHU
    BOOT: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    WB: Windows Internet Explorer 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 70 Go (27 Go libre(s) – 39%) [] # NTFS
    D: -> Disque fixe # 70 Go (30 Go libre(s) – 43%) [] # NTFS

    ################## | Listing |

    [16/08/2012 – 00:28:43 | D ] C:252f83bcf657e6e2498757250c26
    [16/06/2012 – 09:06:54 | N | 1110476] C:7-zip_7-zip_9.20_francais_11161.exe
    [22/06/2010 – 20:28:49 | N | 0] C:AUTOEXEC.BAT
    [22/08/2013 – 15:49:50 | RASHD ] C:Autorun.inf
    [04/11/2010 – 17:53:35 | N | 227] C:boot.ini
    [14/04/2008 – 14:00:00 | N | 4952] C:Bootfont.bin
    [22/06/2010 – 20:28:49 | N | 0] C:CONFIG.SYS
    [04/11/2010 – 17:30:12 | D ] C:Documents and Settings
    [16/06/2012 – 08:32:38 | N | 39060536] C:FileFormatConverters.exe
    [22/08/2013 – 14:14:05 | ASH | 1062514688] C:hiberfil.sys
    [22/06/2010 – 20:28:49 | N | 0] C:IO.SYS
    [30/01/2011 – 13:35:39 | D ] C:Logiciel OFFICE Pro
    [22/06/2010 – 20:28:49 | N | 0] C:MSDOS.SYS
    [14/04/2008 – 14:00:00 | N | 47564] C:NTDETECT.COM
    [14/04/2008 – 14:00:00 | N | 252240] C:ntldr
    [22/08/2013 – 14:14:04 | ASH | 1598029824] C:pagefile.sys
    [27/02/2011 – 00:59:02 | N | 17656592] C:PDFCreator-1_2_0_setup.exe
    [19/08/2013 – 18:18:29 | D ] C:Program Files
    [04/11/2010 – 19:21:57 | SHD ] C:RECYCLER
    [10/06/2012 – 20:21:14 | D ] C:SCOQI
    [22/06/2010 – 21:23:26 | N | 191] C:Setup.log
    [07/08/2013 – 02:40:47 | SHD ] C:System Volume Information
    [06/09/2012 – 11:18:29 | D ] C:temp
    [22/08/2013 – 16:10:20 | D ] C:UsbFix
    [21/08/2013 – 17:20:15 | N | 9966] C:UsbFix [Clean 10] MJKB.txt
    [21/08/2013 – 18:16:14 | N | 12119] C:UsbFix [Clean 11] MJKB.txt
    [21/08/2013 – 18:23:10 | N | 10217] C:UsbFix [Clean 12] MJKB.txt
    [21/08/2013 – 18:37:18 | N | 10420] C:UsbFix [Clean 13] MJKB.txt
    [21/08/2013 – 18:41:55 | N | 10659] C:UsbFix [Clean 14] MJKB.txt
    [22/08/2013 – 15:35:56 | N | 11452] C:UsbFix [Clean 15] MJKB.txt
    [22/08/2013 – 15:49:52 | A | 9617] C:UsbFix [Clean 16] MJKB.txt
    [20/08/2013 – 22:18:37 | N | 11124] C:UsbFix [Clean 1] MJKB.txt
    [20/08/2013 – 22:23:45 | N | 8862] C:UsbFix [Clean 2] MJKB.txt
    [20/08/2013 – 22:29:42 | N | 8994] C:UsbFix [Clean 3] MJKB.txt
    [20/08/2013 – 22:49:50 | N | 11016] C:UsbFix [Clean 4] MJKB.txt
    [20/08/2013 – 23:16:45 | N | 9266] C:UsbFix [Clean 5] MJKB.txt
    [20/08/2013 – 23:21:03 | N | 9331] C:UsbFix [Clean 6] MJKB.txt
    [21/08/2013 – 01:57:21 | N | 11847] C:UsbFix [Clean 7] MJKB.txt
    [21/08/2013 – 12:40:12 | N | 10360] C:UsbFix [Clean 8] MJKB.txt
    [21/08/2013 – 17:15:24 | N | 10362] C:UsbFix [Clean 9] MJKB.txt
    [20/08/2013 – 22:02:08 | N | 3817] C:UsbFix [Listing 1 ] MJKB.txt
    [20/08/2013 – 22:03:04 | N | 3886] C:UsbFix [Listing 2 ] MJKB.txt
    [21/08/2013 – 18:06:44 | N | 5662] C:UsbFix [Listing 3 ] MJKB.txt
    [21/08/2013 – 18:28:25 | N | 5867] C:UsbFix [Listing 4 ] MJKB.txt
    [22/08/2013 – 15:28:26 | N | 6204] C:UsbFix [Listing 5 ] MJKB.txt
    [22/08/2013 – 15:31:29 | N | 5112] C:UsbFix [Listing 6 ] MJKB.txt
    [22/08/2013 – 15:45:07 | N | 5249] C:UsbFix [Listing 7 ] MJKB.txt
    [22/08/2013 – 16:10:20 | A | 3841] C:UsbFix [Listing 8 ] MJKB.txt
    [20/08/2013 – 23:56:34 | N | 7501] C:UsbFix [Scan 10] MJKB.txt
    [21/08/2013 – 01:43:00 | N | 7677] C:UsbFix [Scan 11] MJKB.txt
    [21/08/2013 – 01:46:10 | N | 7677] C:UsbFix [Scan 12] MJKB.txt
    [21/08/2013 – 01:52:56 | N | 7677] C:UsbFix [Scan 13] MJKB.txt
    [21/08/2013 – 12:34:14 | N | 6190] C:UsbFix [Scan 14] MJKB.txt
    [21/08/2013 – 12:36:04 | N | 6191] C:UsbFix [Scan 15] MJKB.txt
    [21/08/2013 – 18:30:36 | N | 5765] C:UsbFix [Scan 17] MJKB.txt
    [22/08/2013 – 15:25:38 | N | 7506] C:UsbFix [Scan 18] MJKB.txt
    [20/08/2013 – 22:00:27 | N | 7907] C:UsbFix [Scan 1] MJKB.txt
    [20/08/2013 – 22:09:27 | N | 8070] C:UsbFix [Scan 2] MJKB.txt
    [20/08/2013 – 22:26:47 | N | 5964] C:UsbFix [Scan 3] MJKB.txt
    [20/08/2013 – 22:45:21 | N | 7581] C:UsbFix [Scan 4] MJKB.txt
    [20/08/2013 – 22:52:08 | N | 5805] C:UsbFix [Scan 5] MJKB.txt
    [20/08/2013 – 22:59:17 | N | 5805] C:UsbFix [Scan 6] MJKB.txt
    [20/08/2013 – 23:10:48 | N | 5805] C:UsbFix [Scan 7] MJKB.txt
    [20/08/2013 – 23:12:50 | N | 5804] C:UsbFix [Scan 8] MJKB.txt
    [20/08/2013 – 23:54:44 | N | 7501] C:UsbFix [Scan 9] MJKB.txt
    [20/08/2013 – 22:34:05 | D ] C:WINDOWS
    [22/08/2013 – 15:49:50 | RASHD ] D:Autorun.inf
    [30/07/2013 – 20:13:18 | D ] D:films
    [06/08/2013 – 16:53:52 | D ] D:kinshasa 2012
    [06/01/2011 – 22:05:04 | SHD ] D:RECYCLER
    [11/01/2013 – 21:47:43 | D ] D:SMRTNTKY
    [20/08/2013 – 21:45:56 | SHD ] D:System Volume Information

    ################## | E.O.F |[/spoiler:2k9aa89o]

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonjour et bienvenue sur SosVirus

    Le bon usage est déjà de dire bonjour, et de posez son problème
    N’étant pas un devin, pondre un rapport de USBFix qui semble ne pas être en mode Recherche, ne va pas faire avancer une solution !

    Bonne réception et à te lire ;)

  • cedric
    Participant
    Post count: 9

    bonjour et desole de ne pas m’etre presenter ! c’est la premierme fois que je vient sur le site je m’y connais pas bien et pensais que c’etais traiter automatiquement ! je vous prie de m’excuser !!!

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Re

    Précise ton problème !
    Si c’est un support externe USB qui t’ennuie => Lance USBFix en mode “Recherche
    Poste son rapport

    Edité 20H20 =>

    • Télécharges UsbFix (de El Desaparecido) sur ton Bureau !
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisi l’option Recherche

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
  • cedric
    Participant
    Post count: 9

    bonjour !!! merci pour cette prescieuse ! alors voila j’ai des soucis avec un fichier win 32 autorun qui s’est propager un peut partout dans mon pc sur les disques dur interne et j’ai aussi des pubs qui se telechargent intempestivement il y a aussi mes 2 cles usb !!! voila le rapport !!merci cordialement !!!
    [spoiler:31agv1zj]Utilisateur: Bretagne (Administrateur) # MJKB
    Mis à jour le 20/08/2013 par El Desaparecido
    Lancé à 02:05:16 | 23/08/2013

    Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: viewtopic.php?f=6&t=489
    Contact: eldesaparecido@sosvirus.net

    PC: SAMSUNG ELECTRONICS CO., LTD. (N150P/N210P/N220P ) (X86-based PC)
    CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (1662)
    RAM -> [Total : 1013 | Free : 334]
    BIOS: Phoenix SecureCore(tm) NB Version 01KY.M008.20100430.RHU
    BOOT: Normal boot

    OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
    WB: Windows Internet Explorer 8.0.6001.18702

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 70 Go (27 Go libre(s) – 39%) [] # NTFS
    D: -> Disque fixe # 70 Go (30 Go libre(s) – 43%) [] # NTFS
    E: -> Disque amovible # 8 Go (1 Go libre(s) – 15%) [USB DISK8GB] # FAT32
    F: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [KINGSTON_16] # FAT32

    ################## | Processus Actif |

    C:WINDOWSSystem32smss.exe (612)
    C:WINDOWSsystem32winlogon.exe (688)
    C:WINDOWSsystem32services.exe (732)
    C:WINDOWSsystem32lsass.exe (744)
    C:WINDOWSsystem32svchost.exe (916)
    C:WINDOWSSystem32svchost.exe (1036)
    C:Program FilesAviraAntiVir Desktopsched.exe (1588)
    C:Program FilesAviraAntiVir Desktopavgnt.exe (1132)
    C:Program FilesAviraAntiVir Desktopavguard.exe (2252)
    C:WINDOWSsystem32svchost.exe (2876)
    C:Program FilesAviraAntiVir Desktopavshadow.exe (3444)
    C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe (2984)
    C:WINDOWSExplorer.exe (3688)
    C:WINDOWSsystem32wuauclt.exe (2544)
    C:Program FilesInternet Exploreriexplore.exe (2452)
    C:WINDOWSsystem32ctfmon.exe (1980)
    c:program filessupreme savingssupreme savings-bg.exe (512)
    C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe (3588)
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (2420)
    C:Program FilesInternet Exploreriexplore.exe (1164)
    C:Program FilesInternet Exploreriexplore.exe (5172)
    C:UsbFixGo.exe (4808)

    ################## | El Desaparecido Section |

    HKLMSOFTWARE | Run : [RTHDCPL] – RTHDCPL.EXE
    HKLMSOFTWARE | Run : [IgfxTray] – C:WINDOWSsystem32igfxtray.exe
    HKLMSOFTWARE | Run : [HotKeysCmds] – C:WINDOWSsystem32hkcmd.exe
    HKLMSOFTWARE | Run : [Persistence] – C:WINDOWSsystem32igfxpers.exe
    HKLMSOFTWARE | Run : [ETDWare] – %ProgramFiles%ElantechETDCtrl.exe
    HKLMSOFTWARE | Run : [BatteryManager] – C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe
    HKLMSOFTWARE | Run : [EasySpeedUpManager] – C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe
    HKLMSOFTWARE | Run : [EasySpeedUpManager2] – C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager2.exe /s
    HKLMSOFTWARE | Run : [SUPBackground] – C:Program FilesSamsungSamsung Update PlusSUPBackground.exe
    HKLMSOFTWARE | Run : [DMHotKey] – C:Program FilesSamsungEasy Display ManagerDMLoader.exe
    HKLMSOFTWARE | Run : [SamsungWInClon] – C:Program FilesSamsungSamsung Recovery Solution 4WCScheduler
    HKLMSOFTWARE | Run : [UCam_Menu] – “C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe” “C:Program FilesCyberLinkYouCam” UpdateWithCreateOnce “SoftwareCyberLinkYouCam2.0”
    HKLMSOFTWARE | Run : [] –
    HKLMSOFTWARE | Run : [ApnUpdater] – “C:Program FilesAsk.comUpdaterUpdater.exe”
    HKLMSOFTWARE | Run : [APSDaemon] – “C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe”
    HKLMSOFTWARE | Run : [avgnt] – “C:Program FilesAviraAntiVir Desktopavgnt.exe” /min
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [QuickTime Task] – “C:Program FilesQuickTimeqttask.exe” -atboottime
    HKLMSOFTWARE | Run : [UserFaultCheck] – %systemroot%system32dumprep 0 -u
    HKLMSOFTWARE | Run : [Boxore Client] – C:Program FilesBoxoreBoxoreClientboxore.exe
    HKLMSOFTWARE | Run : [iTunesHelper] – “C:Program FilesiTunesiTunesHelper.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-20SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-21-532639649-2019491048-2505128532-1005SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32ctfmon.exe
    HKUS-1-5-21-532639649-2019491048-2505128532-1005SOFTWARE | Run : [BatteryLifeExtender] – C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe /2
    HKUS-1-5-21-532639649-2019491048-2505128532-1005SOFTWARE | Run : [SSCKbdHk] – C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
    HKUS-1-5-21-532639649-2019491048-2505128532-1005SOFTWARE | Run : [swg] – “C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    HKUS-1-5-21-532639649-2019491048-2505128532-1005SOFTWARE | Run : [Skype] – “C:Program FilesSkypePhoneSkype.exe” /minimized /regrun
    HKUS-1-5-21-532639649-2019491048-2505128532-1005SOFTWARE | Run : [Updater19962.exe] – C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
    HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE
    HKUS-1-5-18SOFTWARE | RunOnce : [FlashPlayerUpdate] – C:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe -update activex

    ################## | Éléments infectieux |

    ################## | Registre |

    ################## | Mountpoints2 |

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:31agv1zj]

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonjour Cédric

    /! Procédure à effectuer dans l’ordre des tutos proposés !

    /! Pour les rapports de MalwareBytes Anti-Malware et AdwCleaner
    Mettre le curseur de la souris sur le rapport ouvert
    Appuyer simultanément sur les touches CTRL et A pour tout sélectionner ( surligné en bleu en général) et relâcher les touches
    Appuyer simultanément sur les touches CTRL et C pour copier le contenu du rapport dans le presse-papier de Windows et relâcher les touches
    Ouvrir une réponse dans votre sujet sur le forum ou en créer un, y pointer le curseur de la souris
    Appuyer simultanément sur les touches CTRL et V pour coller le contenu du presse-papier
    Envoyer la réponse et donner des détails précis sur la teneur des problèmes, comment et quand sont-ils apparus, etc…

    /! Pour le rapport de ZHPDiag, il faudra l’héberger sur Sosupload

    1/
    Télécharger => Malwarebytes Anti-malware
    Sous Vista /Win7 / Win8 => clic droit, et exécuter en tant qu’administrateur.
    Sous XP => double clic

    Pendant l’installation Choisir la langue

    Lancer MalwareBytes Anti-Malware

    [resizeimg=50]http://sosvirus.org/design/antivirus/mbam11.jpg[/resizeimg]

    Se rendre dans l’onglet Mise à jour du programme après son lancement
    Faites la mise à jour

    Une fois le programme relancé après mises à jour, dans l’onglet Recherche sur lequel s’ouvre ce dernier

    Cocher Exécuter un examen rapide

    Cliquer sur Rechercher

    Lorsque le scan est terminé, après une dizaine de minutes selon les configurations, cliquer sur Afficher les résultats

    Dans la nouvelle fenêtre, cocher tout et cliquer sur le bouton Supprimer la sélection

    Poster un copier-coller du rapport qui s’ouvrira automatiquement
    Il n’est pas nécessaire de l’héberger ce dernier étant relativement petit
    Voir plus de cette aide

    2/

    de AdwCleaner(d’Xplode)

    Télécharge et enregistre AdwCleaner => https://www.sosvirus.net/telecharger/adwcleaner/” onclick=”window.open(this.href);return false; sur ton bureau
    Clique sur AdwCleaner pour le lancer
    Clique sur “Scanner

    Une fois le Scan terminé, clique sur “Rapport
    Copie/Colle le rapport dans ta réponse, sur le forum

    Relance AdwCleaner
    Clique sur “Nettoyer
    A l’issue, le rapport de nettoyage va s’afficher, poste le par copier/coller dans ta réponse, sur le forum
    Vous pouvez fermer le programme

    Note : Le rapport est également sauvegardé sous C:AdwCleanerAdwCleaner[0].txt

    3/

    Téléchargez et enregistrez ZHPDiag => https://www.sosvirus.net/telecharger/zhpdiag/” onclick=”window.open(this.href);return false; sur votre ordinateur.
    Cliquez ensuite sur le fichier téléchargé pour exécuter l’installation du logiciel.
    Laissez vous guider lors de l’installation en laissant les réglages par défaut, n’oubliez pas de cocher la case “raccourci bureau“.
    Suite à ces actions, trois raccourcis bureau sont présents. (MBRCheck,ZHPFix, ZHPDiag)

    Pour exécuter une analyse compléte, cliquez sur l’icône bureau “ZHPDiag” représentant un “parchemin“.
    Dans l’interface du logiciel, cliquez sur le bouton “Configurer” pour accéder aux réglages.
    Cliquez ensuite sur bouton ” Loupe + ” en bas à gauche, pour lancer un Diagnostic Full options

    L’analyse s’effectue, patientez quelques minutes pendant le travail de l’outil indiqué par “Traitement en cours…”.

    Il arrive parfois que le programme affiche un message “Ne répond pas”, attendez qu’il le fasse.
    Le blocage étant le plus souvent “temporaire”…patientez

    A l’issue de l’analyse le rapport va s’ouvrir dans le bloc note
    Vous pouvez poster ce rapport par copier/coller et fermer le programme.
    Le rapport ZHPDiag.txt sera aussi sur votre bureau. En cas de nécessité, il est sauvegardé dans C:ZHPZHPDiag.txt

    Rappel pour poster par copier/coller

    Vérifier dans le bloc notes (Notepad) > Format , que “Retour automatique à la ligne” soit décoché.
    Mettre le curseur de la souris sur le rapport ouvert
    Appuyer simultanément sur les touches CTRL et A pour tout sélectionner (surligné en bleu en général) et relâcher les touches.
    Appuyer simultanément sur les touches CTRL et C pour copier le contenu du rapport dans le presse-papier de Windows et relâcher les touches.
    Ouvrir une réponse dans votre sujet sur le forum qui vous aide ou en créer un, y pointer le curseur de la souris.
    Appuyer simultanément sur les touches CTRL et V pour coller le contenu du presse-papier.

    Si le rapport est trop lourd alors hébergez le afin d’y accéder

    Rendez vous sur Sosupload
    Aide: Clique ici

    Reviens dans ta réponse avec les trois rapports demandés ;)

  • cedric
    Participant
    Post count: 9

    bonjour ! merci beaucoup de m’aider a resoudre mes problemes ! alors voila com
    http://www.malwarebytes.org

    Version de la base de données: v2013.08.26.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Bretagne :: MJKB [administrateur]

    Protection: Activé

    26/08/2013 12:53:26
    MBAM-log-2013-08-26 (13-18-57).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 218400
    Temps écoulé: 22 minute(s), 56 seconde(s)

    Processus mémoire détecté(s): 2
    C:Program FilesBoxoreBoxoreClientboxore.exe (Adware.Boxore) -> 1096 -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientboxore.exe (Adware.Boxore) -> 2012 -> Aucune action effectuée.

    Module(s) mémoire détecté(s): 2
    C:Program FilesSupreme SavingsSupreme Savings.dll (PUP.Optional.Crossrider) -> Aucune action effectuée.
    C:Program FilesLyricsPlus128.dll (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.

    Clé(s) du Registre détectée(s): 33
    HKLMSYSTEMCurrentControlSetServicessupdate (Adware.Boxore) -> Aucune action effectuée.
    HKCRAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Aucune action effectuée.
    HKCRCLSID{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCRTypeLib{44444444-4444-4444-4444-440144994462} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCRInterface{55555555-5555-5555-5555-550155995562} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCRCrossriderApp0019962.BHO.1 (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{4492DDF7-7E0C-499A-8417-F75574E4B41C} (PUP.Optional.LyricsAd) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4492DDF7-7E0C-499A-8417-F75574E4B41C} (PUP.Optional.LyricsAd) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{6F8C19A0-97A1-435D-9532-857EFF3AD43E} (PUP.LyricsAd) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6F8C19A0-97A1-435D-9532-857EFF3AD43E} (PUP.LyricsAd) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Aucune action effectuée.
    HKCRCrossriderApp0019962.BHO (PUP.Optional.Crossrider) -> Aucune action effectuée.
    HKCUSoftwareDataMngr (PUP.Optional.DataMngr) -> Aucune action effectuée.
    HKCUSOFTWARECROSSRIDER (Adware.GamePlayLab) -> Aucune action effectuée.
    HKCUSOFTWAREINSTALLCORE (PUP.Optional.InstallCore.A) -> Aucune action effectuée.
    HKLMSOFTWAREBoxore (Adware.Boxore) -> Aucune action effectuée.
    HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONUNINSTALL{006E6A46-8D55-4F10-BBA8-2C9653B4278B} (Adware.Boxore) -> Aucune action effectuée.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallDelta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{792300d6-f625-40b3-9864-a317332a9419} (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.
    HKCRCLSID{792300d6-f625-40b3-9864-a317332a9419} (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.
    HKCRTypeLib{18158B6F-E9EB-41B9-9276-3D3FE170FAD9} (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.
    HKCRInterface{D75787E6-FCAB-4847-ACDE-C9F33017ECD6} (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{792300D6-F625-40B3-9864-A317332A9419} (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{792300D6-F625-40B3-9864-A317332A9419} (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.

    Valeur(s) du Registre détectée(s): 4
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|Boxore Client (Adware.Boxore) -> Données: C:Program FilesBoxoreBoxoreClientboxore.exe -> Aucune action effectuée.
    HKCUSoftwareCrossrider|215AppVerifier (Adware.GamePlayLab) -> Données: 7406efe45d27521e3dbf0d7d3c95f598 -> Aucune action effectuée.
    HKCUSoftwareInstallCore|tb (PUP.Optional.InstallCore.A) -> Données: 0I1I2Y1R2U1OtF0HtHzw -> Aucune action effectuée.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{006E6A46-8D55-4F10-BBA8-2C9653B4278B}|Publisher (Adware.Boxore) -> Données: Boxore OU. -> Aucune action effectuée.

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 9
    C:Program FilesBoxoreBoxoreClient (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplay (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChrome (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayFirefox (Adware.Boxore) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabylon (PUP.Optional.Babylon.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolution (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionShared (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataOpenCandy (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataOpenCandy18F1A39829EA46138735ACC3484DA3C5 (PUP.Optional.OpenCandy) -> Aucune action effectuée.

    Fichier(s) détecté(s): 25
    C:Program FilesBoxoreBoxoreClientboxore.exe (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesSoftwareUpdateSoftwareUpdate.exe (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesSupreme SavingsSupreme Savings.dll (PUP.Optional.Crossrider) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientrules.dat (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientCOPYING (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientindex.dat (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientLICENSE.txt (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientPRIVACY.txt (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientREADME.txt (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromebackground.js (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromemanifest.json (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromesmartdisplay.js (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromesmartdisplay.png (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromeutils.html (Adware.Boxore) -> Aucune action effectuée.
    C:Program FilesBoxoreBoxoreClientSmartDisplayFirefoxsmartdisplay.xpi (Adware.Boxore) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt (PUP.Optional.Babylon.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedBabMaint.exe (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedBUSUninstall.exe (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedchu.js (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedDelta2.ico (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedGUninstaller.exe (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedSetupParams.ini (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedsqlite3.dll (PUP.Optional.BabSolution.A) -> Aucune action effectuée.
    C:Documents and SettingsBretagneApplication DataOpenCandy18F1A39829EA46138735ACC3484DA3C5TuneUpUtilities2013-2200324_fr-FR.exe (PUP.Optional.OpenCandy) -> Aucune action effectuée.
    C:Program FilesLyricsPlus128.dll (PUP.Optional.LyricsAd.Gen) -> Aucune action effectuée.

    (fin)
    me demander le rapport malwarebytes ! merci

  • cedric
    Participant
    Post count: 9

    rebonjour je me suis peut etre tromper de rapport !celui la est apres la suppression ! merci

    Version de la base de données: v2013.08.26.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Bretagne :: MJKB [administrateur]

    Protection: Activé

    26/08/2013 12:53:26
    mbam-log-2013-08-26 (12-53-26).txt

    Type d’examen: Examen rapide
    Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d’examen désactivées: P2P
    Elément(s) analysé(s): 218400
    Temps écoulé: 22 minute(s), 56 seconde(s)

    Processus mémoire détecté(s): 2
    C:Program FilesBoxoreBoxoreClientboxore.exe (Adware.Boxore) -> 1096 -> Suppression au redémarrage.
    C:Program FilesBoxoreBoxoreClientboxore.exe (Adware.Boxore) -> 2012 -> Suppression au redémarrage.

    Module(s) mémoire détecté(s): 2
    C:Program FilesSupreme SavingsSupreme Savings.dll (PUP.Optional.Crossrider) -> Suppression au redémarrage.
    C:Program FilesLyricsPlus128.dll (PUP.Optional.LyricsAd.Gen) -> Suppression au redémarrage.

    Clé(s) du Registre détectée(s): 33
    HKLMSYSTEMCurrentControlSetServicessupdate (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    HKCRAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCRCLSID{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCRTypeLib{44444444-4444-4444-4444-440144994462} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCRInterface{55555555-5555-5555-5555-550155995562} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCRCrossriderApp0019962.BHO.1 (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{4492DDF7-7E0C-499A-8417-F75574E4B41C} (PUP.Optional.LyricsAd) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4492DDF7-7E0C-499A-8417-F75574E4B41C} (PUP.Optional.LyricsAd) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{6F8C19A0-97A1-435D-9532-857EFF3AD43E} (PUP.LyricsAd) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6F8C19A0-97A1-435D-9532-857EFF3AD43E} (PUP.LyricsAd) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Mis en quarantaine et supprimé avec succès.
    HKCRCrossriderApp0019962.BHO (PUP.Optional.Crossrider) -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareDataMngr (PUP.Optional.DataMngr) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWARECROSSRIDER (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREINSTALLCORE (PUP.Optional.InstallCore.A) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREBoxore (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONUNINSTALL{006E6A46-8D55-4F10-BBA8-2C9653B4278B} (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallDelta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{792300d6-f625-40b3-9864-a317332a9419} (PUP.Optional.LyricsAd.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCRCLSID{792300d6-f625-40b3-9864-a317332a9419} (PUP.Optional.LyricsAd.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCRTypeLib{18158B6F-E9EB-41B9-9276-3D3FE170FAD9} (PUP.Optional.LyricsAd.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCRInterface{D75787E6-FCAB-4847-ACDE-C9F33017ECD6} (PUP.Optional.LyricsAd.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{792300D6-F625-40B3-9864-A317332A9419} (PUP.Optional.LyricsAd.Gen) -> Mis en quarantaine et supprimé avec succès.
    HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{792300D6-F625-40B3-9864-A317332A9419} (PUP.Optional.LyricsAd.Gen) -> Mis en quarantaine et supprimé avec succès.

    Valeur(s) du Registre détectée(s): 4
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|Boxore Client (Adware.Boxore) -> Données: C:Program FilesBoxoreBoxoreClientboxore.exe -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareCrossrider|215AppVerifier (Adware.GamePlayLab) -> Données: 7406efe45d27521e3dbf0d7d3c95f598 -> Mis en quarantaine et supprimé avec succès.
    HKCUSoftwareInstallCore|tb (PUP.Optional.InstallCore.A) -> Données: 0I1I2Y1R2U1OtF0HtHzw -> Mis en quarantaine et supprimé avec succès.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{006E6A46-8D55-4F10-BBA8-2C9653B4278B}|Publisher (Adware.Boxore) -> Données: Boxore OU. -> Mis en quarantaine et supprimé avec succès.

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 9
    C:Program FilesBoxoreBoxoreClient (Adware.Boxore) -> Suppression au redémarrage.
    C:Program FilesBoxoreBoxoreClientSmartDisplay (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChrome (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayFirefox (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabylon (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolution (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionShared (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataOpenCandy (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataOpenCandy18F1A39829EA46138735ACC3484DA3C5 (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.

    Fichier(s) détecté(s): 25
    C:Program FilesBoxoreBoxoreClientboxore.exe (Adware.Boxore) -> Suppression au redémarrage.
    C:Program FilesSoftwareUpdateSoftwareUpdate.exe (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesSupreme SavingsSupreme Savings.dll (PUP.Optional.Crossrider) -> Suppression au redémarrage.
    C:Program FilesBoxoreBoxoreClientrules.dat (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientCOPYING (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientindex.dat (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientLICENSE.txt (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientPRIVACY.txt (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientREADME.txt (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromebackground.js (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromemanifest.json (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromesmartdisplay.js (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromesmartdisplay.png (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayChromeutils.html (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesBoxoreBoxoreClientSmartDisplayFirefoxsmartdisplay.xpi (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedBabMaint.exe (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedBUSUninstall.exe (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedchu.js (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedDelta2.ico (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedGUninstaller.exe (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedSetupParams.ini (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataBabSolutionSharedsqlite3.dll (PUP.Optional.BabSolution.A) -> Mis en quarantaine et supprimé avec succès.
    C:Documents and SettingsBretagneApplication DataOpenCandy18F1A39829EA46138735ACC3484DA3C5TuneUpUtilities2013-2200324_fr-FR.exe (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.
    C:Program FilesLyricsPlus128.dll (PUP.Optional.LyricsAd.Gen) -> Suppression au redémarrage.

    (fin)

  • cedric
    Participant
    Post count: 9

    rerebonjour ! voila je continu de suivre la procedure et j’envois le rapport adwcleaner ! merci
    # Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d’utilisateur : Bretagne – MJKB
    # Exécuté depuis : C:Documents and SettingsBretagneBureauadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.6001.18702

    -\ Mozilla Firefox v23.0 (fr)

    [ Fichier : C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js ]

    -\ Google Chrome v23.0.1271.97

    [ Fichier : C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [47499 octets] – [26/08/2013 13:43:18]
    AdwCleaner[R1].txt – [1130 octets] – [26/08/2013 14:07:35]
    AdwCleaner[S0].txt – [48285 octets] – [26/08/2013 13:48:40]
    AdwCleaner[S1].txt – [1052 octets] – [26/08/2013 14:09:16]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [1112 octets] ##########

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonjour Cédric

    OK, avec MBAM & AdwCleaner ! :bravo1:

    Tu continues avec ZHPDiag et son rapport hébergé sur Sosupload

    ;)

  • cedric
    Participant
    Post count: 9

    rererebonjour voila donc le troisieme rapport de zhpdiag ! j’ai donc suivi toute la procedure !!! merci
    ~ Lancé par Bretagne (26/08/2013 16:59:18)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
    MFIE: Mozilla Firefox 23.0
    GCIE: Google Chrome v23.0.1271.97

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Home Edition Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : KO

    —\ Logiciels de protection du système
    Avira Free Antivirus v13.0.0.3885
    Malwarebytes Anti-Malware version 1.75.0.1300

    —\ Logiciels d’optimisation du système
    CCleaner v4.00 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1013 MB (38% free)
    System Restore: Activé (Enable)
    System drive C: has 26 GB (38%) free of 70 GB

    —\ Mode de connexion au système
    ~ Computer Name: MJKB
    ~ User Name: Bretagne
    ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Bretagne, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppData% : C:Documents and SettingsBretagneApplication Data
    ~ %Desktop% : C:Documents and SettingsBretagneBureau
    ~ %Favorites% : C:Documents and SettingsBretagneFavoris
    ~ %LocalAppData% : C:Documents and SettingsBretagneLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsBretagneMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 70 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 30 Go of 70 Go)
    E: Floppy drive, Flash card reader, USB Key (Free 1 Go of 8 Go)
    F: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 30 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.E1948293F7CBC38987270432935D8D05] – (.Microsoft Corporation – Internet Extensions for Win32.) (.26/07/2013 – 03:47:15.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 03s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/123
    ~ Mes musiques (My Musics) : 1/10
    ~ Mes Videos (My Videos) : 1/2
    ~ Mes Favoris (My Favorites) : 1/13
    ~ Mes Documents (My Documents) : 1/200
    ~ Mon Bureau (My Desktop) : 0/1812
    ~ Menu demarrer (Programs) : 1/34
    ~ Hidden Files: Scanned in 00mn 03s

    —\ Processus lancés au démarrage du système
    [MD5.99387251353598C939592FAF40DF8AA9] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program FilesAviraAntiVir Desktopsched.exe [84024] [PID.1588]
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] – (.Google Inc. – Programme d’installation de Google.) — C:Program FilesGoogleUpdateGoogleUpdate.exe [135664] [PID.1856]
    [MD5.D8E53BEFD52A3CC726F7738EA676AF06] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [19520544] [PID.2012]
    [MD5.7CE609C249FE99BC57E255593D432462] – (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe [141336] [PID.2028]
    [MD5.A6E71671F25E7B8A453B475E86ECD740] – (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe [173592] [PID.2036]
    [MD5.D87943DAD4EF197C80E8901F6F6163F1] – (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe [141336] [PID.2044]
    [MD5.09A3504A57450A1BFD4A9F3DB2FAEEAE] – (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe [1891720] [PID.128]
    [MD5.0B9D78D1F4140A8350797E5407612C53] – (.Pas de propriétaire – BatteryManager MFC.) — C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe [3155456] [PID.136]
    [MD5.8EAA6052BA14FCE32069E7E66B895717] – (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe [374784] [PID.124]
    [MD5.477256F141D6EB932542F900D13B5E6B] – (.Intel Corporation – igfxsrvc Module.) — C:WINDOWSsystem32igfxsrvc.exe [250392] [PID.224]
    [MD5.167F9E5AF87B57763DAAA27D3144C2A0] – (.SEC – Samsung Recovery Solution 4.) — C:Program FilesSamsungSamsung Recovery Solution 4WCScheduler.exe [2201192] [PID.248]
    [MD5.4631FF0EE2964CCDC646AF807CB778F5] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [345144] [PID.444]
    [MD5.B508C9139D26AF2A91BF728279BF858C] – (.ELAN Microelectronics Corp. – ETD Control Center Helper.) — C:Program FilesElantechETDCtrlHelper.exe [1599880] [PID.628]
    [MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152392] [PID.920]
    [MD5.10760383AA50CCFC7DB9B5AB0D326AAF] – (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe [1749504] [PID.1072]
    [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.1140]
    [MD5.F44431CFD96428206039D3556311BF1B] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [19876968] [PID.1156]
    [MD5.DFC5DCAB25683ECC60073E085B84FE58] – (.Samsung Electronics Co., Ltd. – Easy Display Manager.) — C:Program FilesSamsungEasy Display Managerdmhkcore.exe [847360] [PID.1168]
    [MD5.FF786A74F62361A71AECDB8F8AC95D6F] – (.Somoto – FilesFrog.com Update Checker.) — C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe [201808] [PID.788] =>Adware.MegaSearch
    [MD5.978294640062C57482BF2B65A342C266] – (.Microsoft Corporation – SQL Server Service Manager.) — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [69632] [PID.1412]
    [MD5.83166BFFA8C4BBAC4413F47C865CC8EE] – (.Microsoft Corporation – Outil de notification de cadeaux MSN.) — C:Documents and SettingsBretagneApplication DataMicrosoftOutil de notification de cadeaux MSNmsnotif.exe [183096] [PID.1424]
    [MD5.8491FDA93507F2F27FFBA11372764086] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [108088] [PID.2112]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2124]
    [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.2156]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2384]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2500]
    [MD5.7CE50C9E49ECEED8B6418446358126D9] – (.Microsoft Corporation – Machine Debug Manager.) — C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe [270336] [PID.2556]
    [MD5.C06719A652E32D5B65CC25C45D44A0D3] – (.Microsoft Corporation – SQL Server Windows NT.) — C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [7442493] [PID.2588]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2616]
    [MD5.7CB15A15DBB2E1DF973A0A799C76DCC8] – (.SRS Labs, Inc. – Service to handle post-installation details.) — C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe [66792] [PID.2764]
    [MD5.68C105908A54D734D2B154DB546F562E] – (.Avira Operations GmbH & Co. KG – Avira Shadow Copy Service.) — C:Program FilesAviraAntiVir Desktopavshadow.exe [76856] [PID.3888]
    [MD5.622CB6E588ABA809DF29EAC8AB1D46D4] – (.Intel Corporation – igfxext Module.) — C:WINDOWSsystem32igfxext.exe [172056] [PID.2480]
    [MD5.D8B8B5A8FE57CF4F307A540D9A153C23] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [553288] [PID.2708]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1776]
    [MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] – (.Microsoft Corporation – COM Surrogate.) — C:WINDOWSsystem32dllhost.exe [5120] [PID.3752]
    [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.1928]
    [MD5.11821BB2822BFDF2C8654A157A829C2F] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7836672] [PID.5960]
    [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.1808]
    [MD5.8648D670AE0D95C95E7BBB5B80661796] – (.Microsoft Corporation – MS DTC console program.) — C:WINDOWSsystem32msdtc.exe [6144] [PID.1728]
    ~ Processes Running: Scanned in 00mn 10s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [hlddcjcfgdjclmkhhddocoendieiooag] Lyrics Plus v.1.125 (Activé) =>Adware.AddLyrics
    G2 – GCE: Preference [User DataDefault] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.51 (Activé) =>PUP.RewardsArcade
    G2 – GCE: Preference [User DataDefault] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (Activé) =>Adware.AddLyrics
    G2 – GCE: Preference [User DataDefault] [nohfdhapjjlndfgjnmdlcabloeembdkj] Delta Toolbar v.1.0 (Activé) =>Toolbar.DeltaSearch
    G2 – GCE: Preference [User DataDefault] [pxpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay
    ~ Google Browser: 10 Legitimates Filtered in 00mn 10s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultuser.js
    M3 – MFPP: Plugins – [Bretagne] — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit
    M0 – MFSP: prefs.js [Bretagne – o0k85q7f.default] r_pref(“browser.startup.homepage”, );
    M2 – MFEP: prefs.js [Bretagne – o0k85q7f.defaultcrossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
    M2 – MFEP: prefs.js [Bretagne – o0k85q7f.default{97A78363-B868-4B48-AC91-A783A31215AF}] [] AppsHat v2.0.1 (..)
    ~ Firefox Browser: 15 Legitimates Filtered in 00mn 02s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: MinibarBHO – {AA74D58F-ACD0-450D-A85E-6C04B171C044} . (.KangoExtensions – Minibar.) — C:Program FilesMinibarMinibar.dll
    O2 – BHO: Lyrics-Pal – {dc29db0f-529e-415e-9754-c4d493333108} . (.Lyrics-Pal – Pas de description.) — C:Program FilesLyricsPal130.dll =>Adware.AddLyrics
    O2 – BHO: Lyrics Plus – {2aeec9be-127f-480f-9f4e-51080d8480af} . (…) — C:Program FilesLyricsPlus130.dll (.not file.) =>Adware.AddLyrics
    ~ BHO: 12 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications démarrées par registre & par dossier (O4)
    O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
    O4 – HKLM..Run: [BatteryManager] . (.Pas de propriétaire – BatteryManager MFC.) — C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe
    O4 – HKLM..Run: [EasySpeedUpManager] . (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe
    O4 – HKLM..Run: [EasySpeedUpManager2] . (.Samsung Electronics – Easy SpeedUp Manager II.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager2.exe
    O4 – HKLM..Run: [SUPBackground] . (…) — C:Program FilesSamsungSamsung Update PlusSUPBackground.exe
    O4 – HKLM..Run: [DMHotKey] . (.SAMSUNG Electronics – Loader of Easy Display Manager – Display Co.) — C:Program FilesSamsungEasy Display ManagerDMLoader.exe
    O4 – HKLM..Run: [SamsungWInClon] Clé orpheline
    O4 – HKLM..Run: [UCam_Menu] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKLM..RunOnce: [awfr7zip53668] Clé orpheline
    O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
    O4 – HKCU..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
    O4 – HKCU..Run: [SDP] . (.Somoto – FilesFrog.com Update Checker.) — C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe (.not file.)
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SDP] . (.Somoto – FilesFrog.com Update Checker.) — C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch
    ~ Application: Scanned in 00mn 02s

    —\ Autres liens utilisateurs (O4)
    O4 – GSPrograms: Adobe Reader XI.lnk . (…) — C:WINDOWSInstaller{AC76BA86-7AD7-1036-7B44-AB0000000001}SC_Reader.ico
    O4 – GSPrograms: Apple Software Update.lnk . (…) — C:WINDOWSInstaller{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}AppleSoftwareUpdateIco.exe
    O4 – GSPrograms: Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation – Microsoft® Works.) — C:Program FilesMicrosoft WorksMSWorks.exe
    O4 – GSPrograms: Microsoft Access.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}accicons.exe
    O4 – GSPrograms: Microsoft Excel.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}xlicons.exe
    O4 – GSPrograms: Microsoft FrontPage.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}misc.exe
    O4 – GSPrograms: Microsoft Outlook.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}outicon.exe
    O4 – GSPrograms: Microsoft PowerPoint.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}pptico.exe
    O4 – GSPrograms: Microsoft Word.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}wordicon.exe
    O4 – GSPrograms: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSPrograms: Windows Movie Maker.lnk . (.Microsoft Corporation – Windows Movie Maker.) — C:Program FilesMovie Makermoviemk.exe
    O4 – GSPrograms: Assistance à distance.lnk . (.Microsoft Corporation – Assistance à distance Microsoft.) — C:WINDOWSsystem32rcimlby.exe
    O4 – GSPrograms: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSPrograms: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe
    O4 – GSPrograms: Outlook Express.lnk . (.Microsoft Corporation – Outlook Express.) — C:Program FilesOutlook Expressmsimn.exe
    ~ Global Startup: Scanned in 00mn 02s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: Visit AppsHat.com – {AAA38851-3CFF-475F-B5E0-720D3645E4A5} . (…) — C:Program FilesMinibariconsicon16.ico
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
    O14 – IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    ~ IE Paramètres WEB: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS3ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
    ~ Domain: Scanned in 00mn 00s

    —\ Titr_HJT34=Protocole additionnel (O18)
    O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll
    O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    O23 – Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) . (.SRS Labs, Inc. – Service to handle post-installation details.) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
    ~ Services: 9 Legitimates Filtered in 00mn 15s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop Component 0: (no name) – file:file:///C:/DOCUME~1/Bretagne/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksEPUpdater.job [278]
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksGoforFilesUpdate.job [282] =>P2P.GoforFiles
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksLyrics Plus Update.job [366] =>Adware.AddLyrics
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksLyrics-Pal Update.job [356] =>Adware.AddLyrics
    ~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Boxore Client – (.Boxore OU.) [HKLM] — {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
    O42 – Logiciel: Lyrics Plus – (.Plus Add-on Software.) [HKLM] — {b6f4d32a-8066-470a-b12e-14cf2675282d} =>Adware.AddLyrics
    O42 – Logiciel: Lyrics-Pal – (.LyricsPal Soft. LTD.) [HKLM] — {42974caa-fd59-4421-ad43-cf5e6a6bbd56} =>Adware.AddLyrics
    ~ Logic: 91 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBI]
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKCUSoftwareDataMngr] =>PUP.Datamngr
    [HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr
    [HKCUSoftwareSomoto] =>Adware.MegaSearch
    [HKLMSoftware868fdbb768e448]
    [HKLMSoftwareASKINSTALLER]
    [HKLMSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKLMSoftwareDataMngr] =>PUP.Datamngr
    [HKLMSoftwareMinibar]
    [HKLMSoftwareTarma Installer] =>Toolbar.Tarma
    [HKLMSoftwareWLAN]
    ~ Key Software: 152 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 29/01/2011 – 00:00:58 – [6,162] —-D C:Program FilesIEAK
    O43 – CFD: 26/08/2013 – 14:29:15 – [0,384] —-D C:Program FilesMinibar
    O43 – CFD: 23/04/2013 – 13:17:07 – [0,062] —-D C:Program Filesmixiedj
    O43 – CFD: 07/11/2010 – 14:58:58 – [18,762] —-D C:Program FilesORKTools
    O43 – CFD: 26/08/2013 – 16:14:51 – [0] —-D C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon
    O43 – CFD: 16/08/2013 – 18:46:52 – [0,169] —-D C:Documents and SettingsAll UsersApplication DataBoxUpdChk
    O43 – CFD: 26/08/2013 – 16:15:13 – [8,070] —-D C:Documents and SettingsAll UsersApplication DataBrowserDefender =>Hijacker.Eazel
    O43 – CFD: 26/08/2013 – 16:50:38 – [1,048] —-D C:Documents and SettingsAll UsersApplication DataTarma Installer =>Toolbar.Tarma
    O43 – CFD: 22/06/2010 – 20:36:24 – [0,002] —-D C:Documents and SettingsAll UsersApplication DataWLAN
    O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsAll UsersApplication DataXWare
    O43 – CFD: 26/08/2013 – 16:14:50 – [0,003] —-D C:Documents and SettingsBretagneApplication DataBabylon =>Toolbar.Babylon
    O43 – CFD: 26/08/2013 – 15:28:38 – [0,003] —-D C:Documents and SettingsBretagneApplication DataMinibar
    O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsBretagneApplication DataXWare
    O43 – CFD: 26/08/2013 – 14:29:23 – [0,946] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataMinibar
    O43 – CFD: 25/04/2013 – 00:52:31 – [0,201] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider
    O43 – CFD: 26/08/2013 – 16:54:22 – [0,061] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataWebPlayer
    ~ Program Folder: 160 Legitimates Filtered in 00mn 23s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.48616C31735824FEF79366A9E79F7409] – 26/08/2013 – 14:37:49 —A- . (…) — C:WINDOWSwiadebug.log [159]
    O44 – LFC:[MD5.C94B738AAEE16A295A8B5861766DCF38] – 26/08/2013 – 14:37:35 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.6B785669A9C20A7A90DF95F95D006809] – 23/08/2013 – 01:07:49 —A- . (…) — C:UsbFix [Scan 20] MJKB.txt [6153]
    O44 – LFC:[MD5.020B8DCE0BA439C08CF0250E0CF63839] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSFaxSetup.log [17808]
    O44 – LFC:[MD5.C8F109970F5CFA6A689DDB593BBFC02F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWScomsetup.log [6245]
    O44 – LFC:[MD5.AEA2986D266F531C85F37A09854499FD] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSiis6.log [1960]
    O44 – LFC:[MD5.6730A7F08728B3431EC147701D47103F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSimsins.log [4566]
    O44 – LFC:[MD5.41934423ABF980D38AA9C0A34C95C819] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSmsgsocm.log [1356]
    O44 – LFC:[MD5.BEC9D232793E30CF95F60E340CAFD9C8] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSntdtcsetup.log [4909]
    O44 – LFC:[MD5.8D51B5CCDC25B32532785385F279EF65] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocgen.log [19604]
    O44 – LFC:[MD5.EAAF5A9230E3EF40665A1FE647BF1F91] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocmsn.log [1771]
    O44 – LFC:[MD5.2A3F78C2D6C450B9EB590406A4818690] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWStsoc.log [10238]
    O44 – LFC:[MD5.896C6B3C1F7A0BD4FC6170EADA330685] – 22/08/2013 – 18:39:56 —A- . (…) — C:WINDOWSimsins.BAK [1917]
    O44 – LFC:[MD5.FA45C9F4570D3A2747E875C67B904E43] – 22/08/2013 – 17:48:13 —A- . (…) — C:UsbFix [Clean 19] MJKB.txt [10519]
    O44 – LFC:[MD5.FEC7712BA55B3C0A6D6D5E4D02F6AF66] – 22/08/2013 – 17:36:49


    . (…) — C:UsbFix [Clean 18] MJKB.txt [10482]
    O44 – LFC:[MD5.7094CC9372186AA764DF2F02CA3316A0] – 22/08/2013 – 15:26:10


    . (…) — C:UsbFix [Clean 17] MJKB.txt [10040]
    O44 – LFC:[MD5.317F70AD2419404FCB42F2B620D76933] – 22/08/2013 – 15:14:53


    . (…) — C:UsbFix [Listing 9 ] MJKB.txt [5454]
    O44 – LFC:[MD5.D7CBB8F6B3DB205020B07011A4EF5CA1] – 22/08/2013 – 15:10:20


    . (…) — C:UsbFix [Listing 8 ] MJKB.txt [5385]
    O44 – LFC:[MD5.B2B12A94824D6081D880EA7F3D2676B3] – 22/08/2013 – 14:49:52


    . (…) — C:UsbFix [Clean 16] MJKB.txt [9617]
    O44 – LFC:[MD5.918E75016872D5E4764DF8C3A7726092] – 22/08/2013 – 14:45:07


    . (…) — C:UsbFix [Listing 7 ] MJKB.txt [5249]
    O44 – LFC:[MD5.91962B57267976F66AB91AD2DC2DB51A] – 22/08/2013 – 14:35:56


    . (…) — C:UsbFix [Clean 15] MJKB.txt [11452]
    O44 – LFC:[MD5.1546B05A7F32F4A5D0EBB7D65F466AED] – 22/08/2013 – 14:31:29


    . (…) — C:UsbFix [Listing 6 ] MJKB.txt [5112]
    O44 – LFC:[MD5.6362A6126DDB221BF6AB01BA6DB03FB8] – 22/08/2013 – 14:28:26


    . (…) — C:UsbFix [Listing 5 ] MJKB.txt [6204]
    O44 – LFC:[MD5.8B955AC9AA39B12CB1176E1823FE36C1] – 22/08/2013 – 14:25:38


    . (…) — C:UsbFix [Scan 18] MJKB.txt [7506]
    O44 – LFC:[MD5.05B81747D5D2D2FD4DA475D5279738C4] – 21/08/2013 – 17:41:55


    . (…) — C:UsbFix [Clean 14] MJKB.txt [10659]
    O44 – LFC:[MD5.FC845A71D08D75F6F1D3CA6CD484171C] – 21/08/2013 – 17:37:18


    . (…) — C:UsbFix [Clean 13] MJKB.txt [10420]
    O44 – LFC:[MD5.28067A01BB1E2C9AEB798DD0EA43AB91] – 21/08/2013 – 17:30:36


    . (…) — C:UsbFix [Scan 17] MJKB.txt [5765]
    O44 – LFC:[MD5.5024ABCBD0BD3802F1C702D0BBE26A93] – 21/08/2013 – 17:28:25


    . (…) — C:UsbFix [Listing 4 ] MJKB.txt [5867]
    O44 – LFC:[MD5.890ED705D6CAE038E1C0A35AB2171FAF] – 21/08/2013 – 17:23:10


    . (…) — C:UsbFix [Clean 12] MJKB.txt [10217]
    O44 – LFC:[MD5.8F4CE5BA5E7DB67F0BFC7326BA545384] – 21/08/2013 – 17:16:14


    . (…) — C:UsbFix [Clean 11] MJKB.txt [12119]
    O44 – LFC:[MD5.0E52476635813398FB98868E481751D4] – 21/08/2013 – 17:06:44


    . (…) — C:UsbFix [Listing 3 ] MJKB.txt [5662]
    O44 – LFC:[MD5.EEEB62033E4E9918CAA2C09B95F97209] – 21/08/2013 – 16:20:15


    . (…) — C:UsbFix [Clean 10] MJKB.txt [9966]
    O44 – LFC:[MD5.BA98F432C09CAC39E8F475E283CA59ED] – 21/08/2013 – 16:15:24


    . (…) — C:UsbFix [Clean 9] MJKB.txt [10362]
    O44 – LFC:[MD5.6B5F56095093F251CC961A91CED5E1E1] – 21/08/2013 – 11:40:12


    . (…) — C:UsbFix [Clean 8] MJKB.txt [10360]
    O44 – LFC:[MD5.C370CFA908485F8977C1C7615FC4AF86] – 21/08/2013 – 11:36:04


    . (…) — C:UsbFix [Scan 15] MJKB.txt [6191]
    O44 – LFC:[MD5.02F3EF2D61A0981337D12FCED09BDB99] – 21/08/2013 – 11:34:14


    . (…) — C:UsbFix [Scan 14] MJKB.txt [6190]
    O44 – LFC:[MD5.1BA528BC459BB3786A197FD3742E25E7] – 21/08/2013 – 00:57:21


    . (…) — C:UsbFix [Clean 7] MJKB.txt [11847]
    O44 – LFC:[MD5.CC69773D7C40497B4335281B614A6C1B] – 21/08/2013 – 00:52:56


    . (…) — C:UsbFix [Scan 13] MJKB.txt [7677]
    O44 – LFC:[MD5.343B04498E038140F760BC0DE2E59015] – 21/08/2013 – 00:46:10


    . (…) — C:UsbFix [Scan 12] MJKB.txt [7677]
    O44 – LFC:[MD5.4C46ACBDE5054557E3DEC64BB2920F64] – 21/08/2013 – 00:43:00


    . (…) — C:UsbFix [Scan 11] MJKB.txt [7677]
    O44 – LFC:[MD5.65DC6632ABF3FCF5881C983D9A2F45F7] – 20/08/2013 – 22:56:34


    . (…) — C:UsbFix [Scan 10] MJKB.txt [7501]
    O44 – LFC:[MD5.FE2340286837A393CA0A3AE9307B70D6] – 20/08/2013 – 22:54:44


    . (…) — C:UsbFix [Scan 9] MJKB.txt [7501]
    O44 – LFC:[MD5.39CCB3B1C026A6E89DB2E1BE44BC1DF5] – 20/08/2013 – 22:21:03


    . (…) — C:UsbFix [Clean 6] MJKB.txt [9331]
    O44 – LFC:[MD5.B27322B288857CC56F9E59FC15163F54] – 20/08/2013 – 22:16:45


    . (…) — C:UsbFix [Clean 5] MJKB.txt [9266]
    O44 – LFC:[MD5.CAD40AAE383155E0EE26BBA4044FB06E] – 20/08/2013 – 22:12:50


    . (…) — C:UsbFix [Scan 8] MJKB.txt [5804]
    O44 – LFC:[MD5.F90EBA89A6F93CEF51426C3732AA0846] – 20/08/2013 – 22:10:48


    . (…) — C:UsbFix [Scan 7] MJKB.txt [5805]
    O44 – LFC:[MD5.174F0FDF6D10BB199633C65FE2F2EA90] – 20/08/2013 – 21:59:17


    . (…) — C:UsbFix [Scan 6] MJKB.txt [5805]
    O44 – LFC:[MD5.44351144602772E6836104433DD2A28F] – 20/08/2013 – 21:52:08


    . (…) — C:UsbFix [Scan 5] MJKB.txt [5805]
    O44 – LFC:[MD5.972021C0BF529F1158BAB1737556FD35] – 20/08/2013 – 21:49:50


    . (…) — C:UsbFix [Clean 4] MJKB.txt [11016]
    O44 – LFC:[MD5.32FD1C1C13B32BDE770FACD2F952AC17] – 20/08/2013 – 21:45:21


    . (…) — C:UsbFix [Scan 4] MJKB.txt [7581]
    O44 – LFC:[MD5.4DF9E1B70B0395C0AA0E8354C5652999] – 20/08/2013 – 21:29:42


    . (…) — C:UsbFix [Clean 3] MJKB.txt [8994]
    O44 – LFC:[MD5.B328DFEB202BBC6417B60582004973AE] – 20/08/2013 – 21:26:47


    . (…) — C:UsbFix [Scan 3] MJKB.txt [5964]
    O44 – LFC:[MD5.1501D415C86D6A2C14858968DA32BCF8] – 20/08/2013 – 21:23:45


    . (…) — C:UsbFix [Clean 2] MJKB.txt [8862]
    O44 – LFC:[MD5.3E8BD0694B9A6ED7AE1077F6D28F2061] – 20/08/2013 – 21:18:37


    . (…) — C:UsbFix [Clean 1] MJKB.txt [11124]
    O44 – LFC:[MD5.201C7C6167E040DCA4F6239CA3FA037B] – 20/08/2013 – 21:09:27


    . (…) — C:UsbFix [Scan 2] MJKB.txt [8070]
    O44 – LFC:[MD5.C16A94CDA3E0B99DE1C880122B21B809] – 20/08/2013 – 21:03:04


    . (…) — C:UsbFix [Listing 2 ] MJKB.txt [3886]
    O44 – LFC:[MD5.AC3D4F8AAD4C824A4E4A463ED4CEC2B1] – 20/08/2013 – 21:02:08


    . (…) — C:UsbFix [Listing 1 ] MJKB.txt [3817]
    O44 – LFC:[MD5.A703F2D9070F9BEC6F54DB4EE80DC9A9] – 20/08/2013 – 21:00:27


    . (…) — C:UsbFix [Scan 1] MJKB.txt [7907]
    O44 – LFC:[MD5.937777DBF9D14CA516322D64B030A497] – 16/08/2013 – 02:10:06 —A- . (…) — C:WINDOWSsystem32TZLog.log [23712]
    ~ Files: 76 Legitimates Filtered in 01mn 33s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.D251FF0A85573CC832AAAFDF52BA1366] – 20/08/2013 – 22:36:58 —A- – C:WINDOWSPrefetchSSFLWBOX.SCR-00C6F4BF.pf
    O45 – LFCP:[MD5.8AA95728A7C2A5B34312AED525031601] – 23/08/2013 – 01:04:41 —A- – C:WINDOWSPrefetchGO.EXE-2DCC3FAB.pf
    O45 – LFCP:[MD5.1ED4A59650EFF110647C8CC4C7A0C54E] – 23/08/2013 – 21:03:01 —A- – C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore
    O45 – LFCP:[MD5.4432395CA35830AC23B2FE3495BA3E92] – 25/08/2013 – 19:06:17 —A- – C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade
    O45 – LFCP:[MD5.A508515EC45775307AB1C419DE477E5B] – 26/08/2013 – 11:37:16 —A- – C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade
    O45 – LFCP:[MD5.9481E75CB06930331E001712BC2A7CB7] – 26/08/2013 – 11:39:00 —A- – C:WINDOWSPrefetchSOFTWARECRASHHANDLER.EXE-0425ECA6.pf
    O45 – LFCP:[MD5.F8C7A66B2D2A298967C8343C1FE5033E] – 26/08/2013 – 12:35:04 —A- – C:WINDOWSPrefetchLRCSPLS.EXE-18B9133F.pf
    O45 – LFCP:[MD5.D902AEA64786C42DA5FF58B0AEEBD694] – 26/08/2013 – 12:35:16 —A- – C:WINDOWSPrefetchBATTERYMANAGER.EXE-1658E718.pf
    O45 – LFCP:[MD5.F6ED459CF7D49E7EC460B48DC8E61F4F] – 26/08/2013 – 12:35:21 —A- – C:WINDOWSPrefetchEASYSPEEDUPMANAGER2.EXE-363852B6.pf
    O45 – LFCP:[MD5.DA74447FACF8DC07AA89DC76E60265EF] – 26/08/2013 – 12:35:22 —A- – C:WINDOWSPrefetchSUPBACKGROUND.EXE-32DA3BFE.pf
    O45 – LFCP:[MD5.A4DAE50F7713862277A68714B7640B1C] – 26/08/2013 – 12:35:23 —A- – C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics
    O45 – LFCP:[MD5.755520E716E07A05EE36D9DF7F30501D] – 26/08/2013 – 12:35:28 —A- – C:WINDOWSPrefetchDMLOADER.EXE-126D6CC1.pf
    O45 – LFCP:[MD5.E12AC658050CBCECF735DE38821F5732] – 26/08/2013 – 12:35:38 —A- – C:WINDOWSPrefetchDMHKCORE.EXE-2FDBB09D.pf
    O45 – LFCP:[MD5.23C4D043450BFB31FB6D9BD62765A5C3] – 26/08/2013 – 12:35:49 —A- – C:WINDOWSPrefetchBATTERYLIFEEXTENDER.EXE-24D86617.pf
    O45 – LFCP:[MD5.0DF892C85FCBC5178B42F7B2969B054C] – 26/08/2013 – 12:36:05 —A- – C:WINDOWSPrefetchUPDATER19962.EXE-2D2C866D.pf
    O45 – LFCP:[MD5.95DF40A29E3D7798E9A4B0275BC0EC24] – 26/08/2013 – 12:36:11 —A- – C:WINDOWSPrefetchSQLMANGR.EXE-19670CF9.pf
    O45 – LFCP:[MD5.02C9DF6F06C7C155C53CF21A80436B61] – 26/08/2013 – 12:36:12 —A- – C:WINDOWSPrefetchMSNOTIF.EXE-2CBCBEF4.pf
    O45 – LFCP:[MD5.1F6DA1A96B835664DED860928B433F30] – 26/08/2013 – 13:29:05 —A- – C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics
    O45 – LFCP:[MD5.E9F59BAF53E771AA59DDF22AD18F2D30] – 26/08/2013 – 13:29:14 —A- – C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics
    O45 – LFCP:[MD5.93A6238700337CC8DFE67BE85355189B] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchAPPSHAT-DISTRIBUTION.EXE-0479C4BD.pf
    O45 – LFCP:[MD5.EBD6711B2A2A98ACC22FAE63968C5007] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchNS11.TMP-22531237.pf
    O45 – LFCP:[MD5.87A013BF720734215BB1DCDEBBBCC397] – 26/08/2013 – 13:29:22 —A- – C:WINDOWSPrefetchMINIBAR.EXE-0B9EBD16.pf
    O45 – LFCP:[MD5.7B1828C62C6223B534972C1BE3D63776] – 26/08/2013 – 14:37:45 —A- – C:WINDOWSPrefetchSRS_POSTINSTALLER.EXE-07ACEA63.pf
    ~ Prefetcher: 129 Legitimates Filtered in 00mn 01s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:Program FilesGoforFilesgoforfilesdl.exe” [Enabled] .(…) — C:Program FilesGoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O47 – AAKE:Key Export SP – “C:Program FilesGoforFilesGoforFiles.exe” [Enabled] .(…) — C:Program FilesGoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O47 – AAKE:Key Export SP – “C:UsbFixGo.exe” [Enabled] .(.Pas de propriétaire.) — C:UsbFixGo.exe
    ~ Keys Export: 14 Legitimates Filtered in 00mn 03s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] – 18/11/2009 – 15:16:00 —A- . (.Creative – Creative WDM 3D Audio Driver.) — C:WINDOWSsystem32DriversAmbfilt.sys [1691480]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    ~ Drivers: 5 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 23/08/2013 – 00:50:46 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_149563041514.xml [10042]
    O61 – LFC: 23/08/2013 – 08:31:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar Cache7.5.4209.2358frtranslate_languages.json.content [1497]
    O61 – LFC: 23/08/2013 – 21:02:23 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_162682205354.xml [12221]
    O61 – LFC: 25/08/2013 – 20:02:48 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerUserDataindex.dat [32768]
    O61 – LFC: 26/08/2013 – 12:20:20 —A- . (…) — C:Documents and SettingsBretagneBureauMBAM-log-2013-08-26 (13-18-57).txt [20098]
    O61 – LFC: 26/08/2013 – 12:20:20 —A- . (…) — C:Documents and SettingsBretagneRecentMBAM-log-2013-08-26 (13-18-57).lnk [619]
    O61 – LFC: 26/08/2013 – 13:07:00 —A- . (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
    O61 – LFC: 26/08/2013 – 13:27:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_3723752548.xml [9271]
    O61 – LFC: 26/08/2013 – 13:29:07 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences [78261]
    O61 – LFC: 26/08/2013 – 13:29:07 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication Dataavgchromeavgp [78261]
    O61 – LFC: 26/08/2013 – 13:29:12 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarUninstall.exe [44277]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentcontent.xul [3038]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentextension_info.json [376]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentinitial_config.json [440]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}install.rdf [811]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentcontent.xul [3038]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentextension_info.json [376]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentinitial_config.json [440]
    O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxinstall.rdf [811]
    O61 – LFC: 26/08/2013 – 13:29:23 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions.sqlite [458752]
    O61 – LFC: 26/08/2013 – 13:29:48 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataWebPlayerUninstall.exe [64142]
    O61 – LFC: 26/08/2013 – 14:28:30 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataLocal State [24417]
    O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16900701131.xml [4080]
    O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftInternet Explorerframeiconcache.dat [7492]
    O61 – LFC: 26/08/2013 – 14:36:18 -SHA- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftCredentialsS-1-5-21-532639649-2019491048-2505128532-1005Credentials [370]
    O61 – LFC: 26/08/2013 – 15:12:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7913243153.xml [8019]
    O61 – LFC: 26/08/2013 – 15:12:55 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7929303826.xml [8695]
    O61 – LFC: 26/08/2013 – 15:14:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies [25600]
    O61 – LFC: 26/08/2013 – 15:15:02 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcookies.sqlite [1048576]
    O61 – LFC: 26/08/2013 – 15:15:30 —A- . (…) — C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt [3475] =>Toolbar.Babylon
    O61 – LFC: 26/08/2013 – 15:48:25 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js [7155]
    O61 – LFC: 26/08/2013 – 15:48:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_15648585209.xml [6258]
    O61 – LFC: 26/08/2013 – 15:50:59 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultuser.js [53]
    O61 – LFC: 26/08/2013 – 15:51:28 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16201793910.xml [6590]
    O61 – LFC: 26/08/2013 – 15:52:27 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerDesktop.htt [2794]
    O61 – LFC: 26/08/2013 – 15:53:49 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16703706965.xml [6363]
    O61 – LFC: 26/08/2013 – 15:54:53 -SHA- . (…) — C:Documents and SettingsBretagnePrivacIEindex.dat [16187392]
    O61 – LFC: 26/08/2013 – 15:55:10 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16992118486.xml [7576]
    O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibar84aa9af4de1e6192dc4b9dbf179837fc [10]
    O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibaraf09d0924736ea4a9e63f535b85c2648 [8]
    O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibard4a168eac5857656408c740918891943 [32]
    O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibaredfa3fb066612f39394b7d4c7bb2c28f [32]
    O61 – LFC: 26/08/2013 – 15:55:33 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibar9a2f9a664501565866aceb15179c1699 [886]
    O61 – LFC: 26/08/2013 – 15:55:33 -SHA- . (…) — C:Documents and SettingsBretagneIETldCacheindex.dat [262144]
    O61 – LFC: 26/08/2013 – 15:55:45 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibar80d702918c7c9962dac9fed5df6a5718 [2670]
    O61 – LFC: 26/08/2013 – 15:55:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17136839246.xml [10180]
    O61 – LFC: 26/08/2013 – 15:55:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17150870296.xml [8228]
    O61 – LFC: 26/08/2013 – 15:56:01 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar DNS datadata [67725]
    ~ 53 Fichiers temporaires (Temporary files)
    ~ 224 Fichiers cookies (Cookies files)
    ~ Files: 615 Legitimates Filtered in 03mn 11s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – SosVirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 27/10/2005 – Pas de propriétaire (DOSMEMIO) .(…) – LEGACY_DOSMEMIO
    O64 – Services: CurCS – 06/08/2009 – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe (SRS_WOWXT_Service) .(.SRS Labs, Inc. – Service to handle post-installation details.) – LEGACY_SRS_WOWXT_SERVICE
    ~ Legacy: 143 Legitimates Filtered in 00mn 04s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (@ieframe.dll,-12512) – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Babylon Search) – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.269D66BE95976ABC08FC6A2864873B06] [SPRF][10/06/2012] (…) — C:Documents and SettingsBretagneApplication Datawklnhst.dat [140]
    [MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][26/08/2013] (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
    [MD5.4754539F6D178B84DE28DBCBE7CDA23A] [SPRF][12/04/2013] (…) — C:Documents and SettingsBretagneBureauavira_free_antivirus.exe [2092792]
    [MD5.9941443D6A4C2DAE26582731B61444D4] [SPRF][12/04/2013] (.Piriform Ltd – CCleaner Installer.) — C:Documents and SettingsBretagneBureauccsetup400.exe [4316280] =>Piriform Ltd
    [MD5.2DFB1094CD2578E7A760D04DDA2651A1] [SPRF][12/03/2011] (…) — C:Program FilesQlogigra20.exe [12733237]
    ~ Files: 10 Legitimates Filtered in 00mn 07s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “DF42B2AC01EE9B240B94AA0862E8E712” . (.Boxore Client.) — C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore
    ~ Update Products: 58 Legitimates Filtered in 00mn 00s

    —\ Export de clés de registre aléatoires (O91)
    [HKLMSoftware868fdbb768e448] => Clé orpheline
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.42E11F7095F9D26DE9C014B19B558142] [WIS][16/08/2013] (.Boxore OU – Boxore Client Installer.) — C:WindowsInstaller333bed3.msi [474624] =>Adware.Boxore
    ~ WIS: 58 Legitimates Filtered in 00mn 09s

  • cedric
    Participant
    Post count: 9

    voici la deuxieme partis du rapport !m
    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 20/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 02/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
    SR – | Auto 02/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Auto 11/08/2012 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/08/2012 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 27/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 08/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SR – | Auto 06/08/2009 66792 | (SRS_WOWXT_Service) . (.SRS Labs, Inc..) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
    ~ Services: Scanned in 00mn 13s

    —\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Bretagne at 26/08/2013 17:07:01

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x86B39AB8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 13 Legitimates Filtered in 00mn 02s

    —\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Bretagne at 26/08/2013 17:07:03

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : v2.12865 – (24/08/2013)
    Clés trouvées (Keys found) : 40
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 13
    Fichiers trouvés (Files found) : 23

    [HKLMSoftwareGoogleChromeExtensionshlddcjcfgdjclmkhhddocoendieiooag] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsihkeoookbpemkdccdccdmacnidhooohk] =>PUP.RewardsArcade^
    [HKLMSoftwareGoogleChromeExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj] =>Toolbar.DeltaSearch^
    [HKLMSoftwareGoogleChromeExtensionspxpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DC29DB0F-529E-415E-9754-C4D493333108}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2AEEC9BE-127F-480F-9F4E-51080D8480AF}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{b6f4d32a-8066-470a-b12e-14cf2675282d}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{42974caa-fd59-4421-ad43-cf5e6a6bbd56}] =>Adware.AddLyrics^
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
    [HKLMSoftwareClassesInterface{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>Toolbar.Minibar
    [HKLMSoftwareClassesCLSID{539F76FD-084E-4858-86D5-62F02F54AE86}] =>Toolbar.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKLMSoftwareClassesCLSID{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
    [HKLMSoftwareClassesCLSID{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
    [HKLMSoftwareMicrosoftInternet Explorerextensions{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
    [HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareClassesTypeLib{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>Toolbar.Minibar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareASKInstaller] =>Toolbar.AskBarDis
    [HKCUSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKLMSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareMinibar] =>Toolbar.Minibar
    [HKCUSoftwareSomoto] =>Adware.MegaSearch
    [HKLMSoftwareTarma Installer] =>Toolbar.Tarma
    [HKLMSOFTWARESOFTWAREUPDATECLIENTS{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
    [HKLMSoftwareClassesProd.cap] =>Toolbar.Babylon
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallbi_uninstaller] =>Adware.MegaSearch
    [HKCUSoftwareBI] =>Adware.MegaSearch
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:SDP =>Adware.MegaSearch^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcrossriderapp19962@crossrider.com =>PUP.RewardsArcade^
    C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon^
    C:Documents and SettingsAll UsersApplication DataBrowserDefender =>Hijacker.Eazel^
    C:Documents and SettingsAll UsersApplication DataTarma Installer =>Toolbar.Tarma^
    C:Documents and SettingsBretagneApplication DataBabylon =>Toolbar.Babylon^
    C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider^
    C:Program FilesMinibar =>Toolbar.Minibar
    C:Program FilesSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneApplication DataMinibar =>Toolbar.Minibar
    C:Documents and SettingsBretagneLocal SettingsApplication DataMinibar =>Toolbar.Minibar
    C:Documents and SettingsBretagneLocal SettingsApplication DataSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneLocal SettingsApplication DataBundled software uninstaller =>Adware.MegaSearch
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultExtensions{97A78363-B868-4B48-AC91-A783A31215AF} =>Toolbar.Minibar
    C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshlddcjcfgdjclmkhhddocoendieiooag =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj =>Toolbar.DeltaSearch^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspxpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit^
    C:Program FilesLyricsPal130.dll =>Adware.AddLyrics^
    C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
    C:WINDOWSTasksLyrics Plus Update.job =>Adware.AddLyrics^
    C:WINDOWSTasksLyrics-Pal Update.job =>Adware.AddLyrics^
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr^
    C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore^
    C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics^
    C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt =>Toolbar.Babylon^
    C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore^
    C:WindowsInstaller333bed3.msi =>Adware.Boxore^
    C:WINDOWSTasksEPUpdater.job =>Hijacker.BabSolution
    ~ Additionnel Scan: 226391 Items scanned in 00mn 42s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com26919368-adware-megasearch” onclick=”window.open(this.href);return false; =>Adware.MegaSearch
    ~ http://nicolascoolman.webs.com26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
    ~ http://nicolascoolman.webs.com28000037-pup-rewardsarcade” onclick=”window.open(this.href);return false; =>PUP.RewardsArcade
    ~ http://nicolascoolman.webs.com27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ http://nicolascoolman.webs.com26678994-hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
    ~ http://nicolascoolman.webs.com26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    ~ http://nicolascoolman.webs.com27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
    ~ http://nicolascoolman.webs.com29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>Toolbar.Tarma
    ~ http://nicolascoolman.webs.com27161672-hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
    ~ http://nicolascoolman.webs.com27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    ~ http://nicolascoolman.webs.com26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    ~ MSI: 15 link(s) detected in 00mn 42s

    ~ 1661 Legitimates filtered by white list
    End of the scan (787 lines in 08mn 28s)(0)erci

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Re

    /! Pour la prochaine fois tu le sauras =>
    Quand je demande d’héberger un rapport c’est qu’il y a une raison ;)

    Applique ce correctif =>

    Lance ZHPFix par l’icône sur le bureau, par un double clic

    * Dans la fenêtre qui s’ouvre, valide par ” OK
    Elle a été créée lors de l’installation de ZHPDiag

    A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

    [MD5.FF786A74F62361A71AECDB8F8AC95D6F] - (.Somoto - FilesFrog.com Update Checker.) -- C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe [201808] [PID.788]   =>Adware.MegaSearch
    G2 - GCE: Preference [User DataDefault] [hlddcjcfgdjclmkhhddocoendieiooag] Lyrics Plus v.1.125 (Activé) =>Adware.AddLyrics
    G2 - GCE: Preference [User DataDefault] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.51 (Activé) =>PUP.RewardsArcade
    G2 - GCE: Preference [User DataDefault] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (Activé) =>Adware.AddLyrics
    G2 - GCE: Preference [User DataDefault] [nohfdhapjjlndfgjnmdlcabloeembdkj] Delta Toolbar v.1.0 (Activé) =>Toolbar.DeltaSearch
    G2 - GCE: Preference [User DataDefault] [pxpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay
    M3 - MFPP: Plugins - [Bretagne] -- C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit
    M0 - MFSP: prefs.js [Bretagne - o0k85q7f.default] r_pref("browser.startup.homepage", );
    M2 - MFEP: prefs.js [Bretagne - o0k85q7f.defaultcrossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
    M2 - MFEP: prefs.js [Bretagne - o0k85q7f.default{97A78363-B868-4B48-AC91-A783A31215AF}] [] AppsHat v2.0.1 (..) => Adware.MegaSearch
    O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} . (.KangoExtensions - Minibar.) -- C:Program FilesMinibarMinibar.dll => Toolbar.Minibar
    O2 - BHO: Lyrics-Pal - {dc29db0f-529e-415e-9754-c4d493333108} . (.Lyrics-Pal - Pas de description.) -- C:Program FilesLyricsPal130.dll =>Adware.AddLyrics
    O2 - BHO: Lyrics Plus - {2aeec9be-127f-480f-9f4e-51080d8480af} . (...) -- C:Program FilesLyricsPlus130.dll (.not file.) =>Adware.AddLyrics
    O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 - ToolbarWebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline => Toolbar.Google
    O4 - HKLM..Run: [SamsungWInClon] Clé orpheline => Orphean Key not necessary
    O4 - HKLM..RunOnce: [awfr7zip53668] Clé orpheline => Orphean Key not necessary
    O4 - HKCU..Run: [SDP] . (.Somoto - FilesFrog.com Update Checker.) -- C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch
    O4 - HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SDP] . (.Somoto - FilesFrog.com Update Checker.) -- C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch
    O9 - Extra button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} . (...) -- C:Program FilesMinibariconsicon16.ico => Toolbar.Minibar
    O39 - APT:Automatic Planified Task - C:WINDOWSTasksEPUpdater.job [278] => Infection PUP (Hijacker.BabSolution)
    O39 - APT:Automatic Planified Task - C:WINDOWSTasksGoforFilesUpdate.job [282] =>P2P.GoforFiles
    O39 - APT:Automatic Planified Task - C:WINDOWSTasksLyrics Plus Update.job [366] =>Adware.AddLyrics
    O39 - APT:Automatic Planified Task - C:WINDOWSTasksLyrics-Pal Update.job [356] =>Adware.AddLyrics
    O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
    O42 - Logiciel: Lyrics Plus - (.Plus Add-on Software.) [HKLM] -- {b6f4d32a-8066-470a-b12e-14cf2675282d} =>Adware.AddLyrics
    O42 - Logiciel: Lyrics-Pal - (.LyricsPal Soft. LTD.) [HKLM] -- {42974caa-fd59-4421-ad43-cf5e6a6bbd56} =>Adware.AddLyrics
    [HKCUSoftwareBI] => Infection Web (Adware.MegaSearch)
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKCUSoftwareDataMngr] =>PUP.Datamngr
    [HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr
    [HKCUSoftwareSomoto] =>Adware.MegaSearch
    [HKLMSoftware868fdbb768e448]
    [HKLMSoftwareASKINSTALLER] => Toolbar.Ask
    [HKLMSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKLMSoftwareDataMngr] =>PUP.Datamngr
    [HKLMSoftwareMinibar] => Toolbar.Minibar
    [HKLMSoftwareTarma Installer] =>Toolbar.Tarma
    O43 - CFD: 26/08/2013 - 14:29:15 - [0,384] ----D C:Program FilesMinibar => Toolbar.Minibar
    O43 - CFD: 26/08/2013 - 16:14:51 - [0] ----D C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon
    O43 - CFD: 26/08/2013 - 16:15:13 - [8,070] ----D C:Documents and SettingsAll UsersApplication DataBrowserDefender =>Hijacker.Eazel
    O43 - CFD: 26/08/2013 - 16:50:38 - [1,048] ----D C:Documents and SettingsAll UsersApplication DataTarma Installer =>Toolbar.Tarma
    O43 - CFD: 26/08/2013 - 16:14:50 - [0,003] ----D C:Documents and SettingsBretagneApplication DataBabylon =>Toolbar.Babylon
    O43 - CFD: 26/08/2013 - 15:28:38 - [0,003] ----D C:Documents and SettingsBretagneApplication DataMinibar => Toolbar.Minibar
    O43 - CFD: 26/08/2013 - 14:29:23 - [0,946] ----D C:Documents and SettingsBretagneLocal SettingsApplication DataMinibar => Toolbar.Minibar
    O43 - CFD: 25/04/2013 - 00:52:31 - [0,201] ----D C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider
    O43 - CFD: 26/08/2013 - 16:54:22 - [0,061] ----D C:Documents and SettingsBretagneLocal SettingsApplication DataWebPlayer => Infection PUP (Adware.SocialSkinz)
    O45 - LFCP:[MD5.1ED4A59650EFF110647C8CC4C7A0C54E] - 23/08/2013 - 21:03:01 ---A- - C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore
    O45 - LFCP:[MD5.4432395CA35830AC23B2FE3495BA3E92] - 25/08/2013 - 19:06:17 ---A- - C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade
    O45 - LFCP:[MD5.A508515EC45775307AB1C419DE477E5B] - 26/08/2013 - 11:37:16 ---A- - C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade
    O45 - LFCP:[MD5.9481E75CB06930331E001712BC2A7CB7] - 26/08/2013 - 11:39:00 ---A- - C:WINDOWSPrefetchSOFTWARECRASHHANDLER.EXE-0425ECA6.pf => Infection PUP (Adware.Boxore)
    O45 - LFCP:[MD5.A4DAE50F7713862277A68714B7640B1C] - 26/08/2013 - 12:35:23 ---A- - C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics
    O45 - LFCP:[MD5.1F6DA1A96B835664DED860928B433F30] - 26/08/2013 - 13:29:05 ---A- - C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics
    O45 - LFCP:[MD5.E9F59BAF53E771AA59DDF22AD18F2D30] - 26/08/2013 - 13:29:14 ---A- - C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics
    O47 - AAKE:Key Export SP - "C:Program FilesGoforFilesgoforfilesdl.exe" [Enabled] .(...) -- C:Program FilesGoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O47 - AAKE:Key Export SP - "C:Program FilesGoforFilesGoforFiles.exe" [Enabled] .(...) -- C:Program FilesGoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O61 - LFC: 23/08/2013 - 00:50:46 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_149563041514.xml [10042] => Toolbar.Google
    O61 - LFC: 23/08/2013 - 08:31:50 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar Cache7.5.4209.2358frtranslate_languages.json.content [1497] => Toolbar.Google
    O61 - LFC: 23/08/2013 - 21:02:23 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_162682205354.xml [12221] => Toolbar.Google
    O61 - LFC: 26/08/2013 - 13:27:53 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_3723752548.xml [9271] => Toolbar.Google
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentcontent.xul [3038] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentextension_info.json [376] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentinitial_config.json [440] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}install.rdf [811] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentcontent.xul [3038] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentextension_info.json [376] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentinitial_config.json [440] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:21 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxinstall.rdf [811] => Toolbar.Minibar
    O61 - LFC: 26/08/2013 - 13:29:48 ---A- . (...) -- C:Documents and SettingsBretagneLocal SettingsApplication DataWebPlayerUninstall.exe [64142] => Infection PUP (Adware.SocialSkinz)
    O61 - LFC: 26/08/2013 - 15:15:30 ---A- . (...) -- C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt [3475] =>Toolbar.Babylon
    O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Babylon Search) - http://search.babylon.com =>Toolbar.Babylon
    O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore
    [MD5.42E11F7095F9D26DE9C014B19B558142] [WIS][16/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:WindowsInstaller333bed3.msi [474624] =>Adware.Boxore
    [HKLMSoftwareGoogleChromeExtensionshlddcjcfgdjclmkhhddocoendieiooag] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsihkeoookbpemkdccdccdmacnidhooohk] =>PUP.RewardsArcade^
    [HKLMSoftwareGoogleChromeExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj] =>Toolbar.DeltaSearch^
    [HKLMSoftwareGoogleChromeExtensionspxpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DC29DB0F-529E-415E-9754-C4D493333108}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2AEEC9BE-127F-480F-9F4E-51080D8480AF}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{b6f4d32a-8066-470a-b12e-14cf2675282d}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{42974caa-fd59-4421-ad43-cf5e6a6bbd56}] =>Adware.AddLyrics^
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
    [HKLMSoftwareClassesInterface{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>Toolbar.Minibar
    [HKLMSoftwareClassesCLSID{539F76FD-084E-4858-86D5-62F02F54AE86}] =>Toolbar.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKLMSoftwareClassesCLSID{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
    [HKLMSoftwareClassesCLSID{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
    [HKLMSoftwareMicrosoftInternet Explorerextensions{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
    [HKLMSoftwareClassesAppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
    [HKLMSoftwareClassesTypeLib{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}] =>Toolbar.Minibar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareASKInstaller] =>Toolbar.AskBarDis
    [HKCUSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKLMSoftwareBabylonToolbar] =>Toolbar.Babylon
    [HKCUSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareDataMngr] =>Adware.Bandoo
    [HKLMSoftwareMinibar] =>Toolbar.Minibar
    [HKCUSoftwareSomoto] =>Adware.MegaSearch
    [HKLMSoftwareTarma Installer] =>Toolbar.Tarma
    [HKLMSOFTWARESOFTWAREUPDATECLIENTS{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
    [HKLMSoftwareClassesProd.cap] =>Toolbar.Babylon
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallbi_uninstaller] =>Adware.MegaSearch
    [HKCUSoftwareBI] =>Adware.MegaSearch
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:SDP =>Adware.MegaSearch^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcrossriderapp19962@crossrider.com =>PUP.RewardsArcade^
    C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon^
    C:Documents and SettingsAll UsersApplication DataBrowserDefender =>Hijacker.Eazel^
    C:Documents and SettingsAll UsersApplication DataTarma Installer =>Toolbar.Tarma^
    C:Documents and SettingsBretagneApplication DataBabylon =>Toolbar.Babylon^
    C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider^
    C:Program FilesMinibar =>Toolbar.Minibar
    C:Program FilesSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneApplication DataMinibar =>Toolbar.Minibar
    C:Documents and SettingsBretagneLocal SettingsApplication DataMinibar =>Toolbar.Minibar
    C:Documents and SettingsBretagneLocal SettingsApplication DataSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneLocal SettingsApplication DataBundled software uninstaller =>Adware.MegaSearch
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultExtensions{97A78363-B868-4B48-AC91-A783A31215AF} =>Toolbar.Minibar
    C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshlddcjcfgdjclmkhhddocoendieiooag =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj =>Toolbar.DeltaSearch^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspxpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit^
    C:Program FilesLyricsPal130.dll =>Adware.AddLyrics^
    C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
    C:WINDOWSTasksLyrics Plus Update.job =>Adware.AddLyrics^
    C:WINDOWSTasksLyrics-Pal Update.job =>Adware.AddLyrics^
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr^
    C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore^
    C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics^
    C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt =>Toolbar.Babylon^
    C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore^
    C:WindowsInstaller333bed3.msi =>Adware.Boxore^
    C:WINDOWSTasksEPUpdater.job =>Hijacker.BabSolution
    EmptyCLSID
    Emptytemp
    EmptyFlash
    Sysrestore

    Clique sur le bouton Presse-papier encadré en rouge sur l’image.

    Les lignes contenues dans le presse-papier vont s’afficher.

    Clique sur le bouton GO en bas à gauche.

    Note: Si l’UAC est active, après le clic sur “GO”, un message va apparaître du style “Voulez-vous autoriser le programme….” qu’il faudra valider :
    Puis ZHPFix se relance, il faudra à nouveau cliquer sur le bouton “Presse-papier” pour coller les lignes, puis sur le bouton “GO”

    Une fois le résultat affiché, clique sur la croix rouge pour refermer l’outil (en haut à doite).

    Poste le contenu du rapport ZHPFixReport.txt, enregistré sur le bureau.

    Le rapport se trouve aussi à cet emplacement => C:ZHPZHPFix.txt

    A te lire avec son rapport :)

  • cedric
    Participant
    Post count: 9

    bonjour ! merci enc~ Rapport de ZHPDiag v2013.8.24.35 – Nicolas Coolman (24/08/2013)
    ~ Lancé par Bretagne (27/08/2013 18:35:21)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Problème connexion internet
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
    MFIE: Mozilla Firefox 23.0.1
    GCIE: Google Chrome v23.0.1271.97

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows XP Home Edition Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : KO

    —\ Logiciels de protection du système
    Avira Free Antivirus v13.0.0.3885
    Malwarebytes Anti-Malware version 1.75.0.1300

    —\ Logiciels d’optimisation du système
    CCleaner v4.00 =>Piriform Ltd

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1013 MB (36% free)
    System Restore: Activé (Enable)
    System drive C: has 26 GB (38%) free of 70 GB

    —\ Mode de connexion au système
    ~ Computer Name: MJKB
    ~ User Name: Bretagne
    ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Bretagne, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppData% : C:Documents and SettingsBretagneApplication Data
    ~ %Desktop% : C:Documents and SettingsBretagneBureau
    ~ %Favorites% : C:Documents and SettingsBretagneFavoris
    ~ %LocalAppData% : C:Documents and SettingsBretagneLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsBretagneMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 70 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 30 Go of 70 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 30 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.E1948293F7CBC38987270432935D8D05] – (.Microsoft Corporation – Internet Extensions for Win32.) (.26/07/2013 – 03:47:15.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 03s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/123
    ~ Mes musiques (My Musics) : 1/10
    ~ Mes Videos (My Videos) : 1/2
    ~ Mes Favoris (My Favorites) : 1/13
    ~ Mes Documents (My Documents) : 1/200
    ~ Mon Bureau (My Desktop) : 0/1811
    ~ Menu demarrer (Programs) : 1/32
    ~ Hidden Files: Scanned in 00mn 04s

    —\ Processus lancés au démarrage du système
    [MD5.99387251353598C939592FAF40DF8AA9] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program FilesAviraAntiVir Desktopsched.exe [84024] [PID.1612]
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] – (.Google Inc. – Programme d’installation de Google.) — C:Program FilesGoogleUpdateGoogleUpdate.exe [135664] [PID.1888]
    [MD5.167F9E5AF87B57763DAAA27D3144C2A0] – (.SEC – Samsung Recovery Solution 4.) — C:Program FilesSamsungSamsung Recovery Solution 4WCScheduler.exe [2201192] [PID.332]
    [MD5.B508C9139D26AF2A91BF728279BF858C] – (.ELAN Microelectronics Corp. – ETD Control Center Helper.) — C:Program FilesElantechETDCtrlHelper.exe [1599880] [PID.356]
    [MD5.4631FF0EE2964CCDC646AF807CB778F5] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [345144] [PID.604]
    [MD5.DFC5DCAB25683ECC60073E085B84FE58] – (.Samsung Electronics Co., Ltd. – Easy Display Manager.) — C:Program FilesSamsungEasy Display Managerdmhkcore.exe [847360] [PID.1004]
    [MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152392] [PID.1184]
    [MD5.10760383AA50CCFC7DB9B5AB0D326AAF] – (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe [1749504] [PID.1276]
    [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.1304]
    [MD5.F44431CFD96428206039D3556311BF1B] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [19876968] [PID.1312]
    [MD5.978294640062C57482BF2B65A342C266] – (.Microsoft Corporation – SQL Server Service Manager.) — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [69632] [PID.1424]
    [MD5.83166BFFA8C4BBAC4413F47C865CC8EE] – (.Microsoft Corporation – Outil de notification de cadeaux MSN.) — C:Documents and SettingsBretagneApplication DataMicrosoftOutil de notification de cadeaux MSNmsnotif.exe [183096] [PID.1432]
    [MD5.8491FDA93507F2F27FFBA11372764086] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [108088] [PID.2108]
    [MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2156]
    [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.2188]
    [MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2404]
    [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2652]
    [MD5.7CE50C9E49ECEED8B6418446358126D9] – (.Microsoft Corporation – Machine Debug Manager.) — C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe [270336] [PID.2808]
    [MD5.C06719A652E32D5B65CC25C45D44A0D3] – (.Microsoft Corporation – SQL Server Windows NT.) — C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [7442493] [PID.2848]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2864]
    [MD5.7CB15A15DBB2E1DF973A0A799C76DCC8] – (.SRS Labs, Inc. – Service to handle post-installation details.) — C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe [66792] [PID.2976]
    [MD5.D8B8B5A8FE57CF4F307A540D9A153C23] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [553288] [PID.2724]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1932]
    [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe [638816] [PID.1532]
    [MD5.11821BB2822BFDF2C8654A157A829C2F] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7836672] [PID.2604]
    [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.2284]
    ~ Processes Running: Scanned in 00mn 10s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [hlddcjcfgdjclmkhhddocoendieiooag] Lyrics Plus v.1.125 (Activé) =>Adware.AddLyrics
    G2 – GCE: Preference [User DataDefault] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.51 (Activé) =>PUP.RewardsArcade
    G2 – GCE: Preference [User DataDefault] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (Activé) =>Adware.AddLyrics
    G2 – GCE: Preference [User DataDefault] [nohfdhapjjlndfgjnmdlcabloeembdkj] Delta Toolbar v.1.0 (Activé) =>Toolbar.DeltaSearch
    G2 – GCE: Preference [User DataDefault] [pxpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay
    ~ Google Browser: 10 Legitimates Filtered in 00mn 10s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js
    M3 – MFPP: Plugins – [Bretagne] — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit
    M3 – MFPP: Plugins – [Bretagne] — C:Program FilesMozilla FireFoxsearchpluginsbabylon.xml =>Toolbar.Babylon
    M2 – MFEP: prefs.js [Bretagne – o0k85q7f.defaultcrossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
    ~ Firefox Browser: 14 Legitimates Filtered in 00mn 02s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications démarrées par registre & par dossier (O4)
    O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
    O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
    O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
    O4 – HKLM..Run: [BatteryManager] . (.Pas de propriétaire – BatteryManager MFC.) — C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe
    O4 – HKLM..Run: [EasySpeedUpManager] . (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe
    O4 – HKLM..Run: [EasySpeedUpManager2] . (.Samsung Electronics – Easy SpeedUp Manager II.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager2.exe
    O4 – HKLM..Run: [SUPBackground] . (…) — C:Program FilesSamsungSamsung Update PlusSUPBackground.exe
    O4 – HKLM..Run: [DMHotKey] . (.SAMSUNG Electronics – Loader of Easy Display Manager – Display Co.) — C:Program FilesSamsungEasy Display ManagerDMLoader.exe
    O4 – HKLM..Run: [SamsungWInClon] Clé orpheline
    O4 – HKLM..Run: [UCam_Menu] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKCU..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
    O4 – HKCU..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
    O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-18..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe (.not file.)
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
    ~ Application: Scanned in 00mn 04s

    —\ Autres liens utilisateurs (O4)
    O4 – GSPrograms: Adobe Reader XI.lnk . (…) — C:WINDOWSInstaller{AC76BA86-7AD7-1036-7B44-AB0000000001}SC_Reader.ico
    O4 – GSPrograms: Apple Software Update.lnk . (…) — C:WINDOWSInstaller{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}AppleSoftwareUpdateIco.exe
    O4 – GSPrograms: Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation – Microsoft® Works.) — C:Program FilesMicrosoft WorksMSWorks.exe
    O4 – GSPrograms: Microsoft Access.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}accicons.exe
    O4 – GSPrograms: Microsoft Excel.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}xlicons.exe
    O4 – GSPrograms: Microsoft FrontPage.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}misc.exe
    O4 – GSPrograms: Microsoft Outlook.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}outicon.exe
    O4 – GSPrograms: Microsoft PowerPoint.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}pptico.exe
    O4 – GSPrograms: Microsoft Word.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}wordicon.exe
    O4 – GSPrograms: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSPrograms: Windows Movie Maker.lnk . (.Microsoft Corporation – Windows Movie Maker.) — C:Program FilesMovie Makermoviemk.exe
    O4 – GSPrograms: Assistance à distance.lnk . (.Microsoft Corporation – Assistance à distance Microsoft.) — C:WINDOWSsystem32rcimlby.exe
    O4 – GSPrograms: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSPrograms: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe
    O4 – GSPrograms: Outlook Express.lnk . (.Microsoft Corporation – Outlook Express.) — C:Program FilesOutlook Expressmsimn.exe
    ~ Global Startup: Scanned in 00mn 04s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
    O14 – IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    ~ IE Paramètres WEB: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS3ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
    ~ Domain: Scanned in 00mn 00s

    —\ Titr_HJT34=Protocole additionnel (O18)
    O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll
    O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    O23 – Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) . (.SRS Labs, Inc. – Service to handle post-installation details.) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
    ~ Services: 9 Legitimates Filtered in 00mn 12s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop Component 0: (no name) – file:file:///C:/DOCUME~1/Bretagne/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksGoforFilesUpdate.job [282] =>P2P.GoforFiles
    O39 – APT:Automatic Planified Task – C:WINDOWSTasksLyrics Plus Update.job [366] =>Adware.AddLyrics
    ~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Boxore Client – (.Boxore OU.) [HKLM] — {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
    O42 – Logiciel: Lyrics Plus – (.Plus Add-on Software.) [HKLM] — {b6f4d32a-8066-470a-b12e-14cf2675282d} =>Adware.AddLyrics
    O42 – Logiciel: Lyrics-Pal – (.LyricsPal Soft. LTD.) [HKLM] — {42974caa-fd59-4421-ad43-cf5e6a6bbd56} =>Adware.AddLyrics
    ~ Logic: 88 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareASKINSTALLER]
    [HKLMSoftwareWLAN]
    ~ Key Software: 138 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 29/01/2011 – 00:00:58 – [6,162] —-D C:Program FilesIEAK
    O43 – CFD: 23/04/2013 – 13:17:07 – [0,062] —-D C:Program Filesmixiedj
    O43 – CFD: 07/11/2010 – 14:58:58 – [18,762] —-D C:Program FilesORKTools
    O43 – CFD: 16/08/2013 – 18:46:52 – [0,169] —-D C:Documents and SettingsAll UsersApplication DataBoxUpdChk
    O43 – CFD: 22/06/2010 – 20:36:24 – [0,002] —-D C:Documents and SettingsAll UsersApplication DataWLAN
    O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsAll UsersApplication DataXWare
    O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsBretagneApplication DataXWare
    O43 – CFD: 25/04/2013 – 00:52:31 – [0,201] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider
    ~ Program Folder: 148 Legitimates Filtered in 00mn 29s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.5C9C2D4C37033ACCC02537813145BC8B] – 27/08/2013 – 01:09:40 —A- . (…) — C:WINDOWSwiadebug.log [157]
    O44 – LFC:[MD5.0B0831019A236A4374C4FD09BBC11A1F] – 27/08/2013 – 01:09:24 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.020B8DCE0BA439C08CF0250E0CF63839] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSFaxSetup.log [17808]
    O44 – LFC:[MD5.C8F109970F5CFA6A689DDB593BBFC02F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWScomsetup.log [6245]
    O44 – LFC:[MD5.AEA2986D266F531C85F37A09854499FD] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSiis6.log [1960]
    O44 – LFC:[MD5.6730A7F08728B3431EC147701D47103F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSimsins.log [4566]
    O44 – LFC:[MD5.41934423ABF980D38AA9C0A34C95C819] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSmsgsocm.log [1356]
    O44 – LFC:[MD5.BEC9D232793E30CF95F60E340CAFD9C8] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSntdtcsetup.log [4909]
    O44 – LFC:[MD5.8D51B5CCDC25B32532785385F279EF65] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocgen.log [19604]
    O44 – LFC:[MD5.EAAF5A9230E3EF40665A1FE647BF1F91] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocmsn.log [1771]
    O44 – LFC:[MD5.2A3F78C2D6C450B9EB590406A4818690] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWStsoc.log [10238]
    O44 – LFC:[MD5.896C6B3C1F7A0BD4FC6170EADA330685] – 22/08/2013 – 18:39:56 —A- . (…) — C:WINDOWSimsins.BAK [1917]
    O44 – LFC:[MD5.937777DBF9D14CA516322D64B030A497] – 16/08/2013 – 02:10:06 —A- . (…) — C:WINDOWSsystem32TZLog.log [23712]
    ~ Files: 31 Legitimates Filtered in 01mn 14s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.D251FF0A85573CC832AAAFDF52BA1366] – 20/08/2013 – 22:36:58 —A- – C:WINDOWSPrefetchSSFLWBOX.SCR-00C6F4BF.pf
    O45 – LFCP:[MD5.8AA95728A7C2A5B34312AED525031601] – 23/08/2013 – 01:04:41 —A- – C:WINDOWSPrefetchGO.EXE-2DCC3FAB.pf
    O45 – LFCP:[MD5.1ED4A59650EFF110647C8CC4C7A0C54E] – 23/08/2013 – 21:03:01 —A- – C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore
    O45 – LFCP:[MD5.4432395CA35830AC23B2FE3495BA3E92] – 25/08/2013 – 19:06:17 —A- – C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade
    O45 – LFCP:[MD5.A508515EC45775307AB1C419DE477E5B] – 26/08/2013 – 11:37:16 —A- – C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade
    O45 – LFCP:[MD5.9481E75CB06930331E001712BC2A7CB7] – 26/08/2013 – 11:39:00 —A- – C:WINDOWSPrefetchSOFTWARECRASHHANDLER.EXE-0425ECA6.pf
    O45 – LFCP:[MD5.F8C7A66B2D2A298967C8343C1FE5033E] – 26/08/2013 – 12:35:04 —A- – C:WINDOWSPrefetchLRCSPLS.EXE-18B9133F.pf
    O45 – LFCP:[MD5.D902AEA64786C42DA5FF58B0AEEBD694] – 26/08/2013 – 12:35:16 —A- – C:WINDOWSPrefetchBATTERYMANAGER.EXE-1658E718.pf
    O45 – LFCP:[MD5.F6ED459CF7D49E7EC460B48DC8E61F4F] – 26/08/2013 – 12:35:21 —A- – C:WINDOWSPrefetchEASYSPEEDUPMANAGER2.EXE-363852B6.pf
    O45 – LFCP:[MD5.DA74447FACF8DC07AA89DC76E60265EF] – 26/08/2013 – 12:35:22 —A- – C:WINDOWSPrefetchSUPBACKGROUND.EXE-32DA3BFE.pf
    O45 – LFCP:[MD5.A4DAE50F7713862277A68714B7640B1C] – 26/08/2013 – 12:35:23 —A- – C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics
    O45 – LFCP:[MD5.755520E716E07A05EE36D9DF7F30501D] – 26/08/2013 – 12:35:28 —A- – C:WINDOWSPrefetchDMLOADER.EXE-126D6CC1.pf
    O45 – LFCP:[MD5.E12AC658050CBCECF735DE38821F5732] – 26/08/2013 – 12:35:38 —A- – C:WINDOWSPrefetchDMHKCORE.EXE-2FDBB09D.pf
    O45 – LFCP:[MD5.23C4D043450BFB31FB6D9BD62765A5C3] – 26/08/2013 – 12:35:49 —A- – C:WINDOWSPrefetchBATTERYLIFEEXTENDER.EXE-24D86617.pf
    O45 – LFCP:[MD5.0DF892C85FCBC5178B42F7B2969B054C] – 26/08/2013 – 12:36:05 —A- – C:WINDOWSPrefetchUPDATER19962.EXE-2D2C866D.pf
    O45 – LFCP:[MD5.95DF40A29E3D7798E9A4B0275BC0EC24] – 26/08/2013 – 12:36:11 —A- – C:WINDOWSPrefetchSQLMANGR.EXE-19670CF9.pf
    O45 – LFCP:[MD5.02C9DF6F06C7C155C53CF21A80436B61] – 26/08/2013 – 12:36:12 —A- – C:WINDOWSPrefetchMSNOTIF.EXE-2CBCBEF4.pf
    O45 – LFCP:[MD5.1F6DA1A96B835664DED860928B433F30] – 26/08/2013 – 13:29:05 —A- – C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics
    O45 – LFCP:[MD5.E9F59BAF53E771AA59DDF22AD18F2D30] – 26/08/2013 – 13:29:14 —A- – C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics
    O45 – LFCP:[MD5.93A6238700337CC8DFE67BE85355189B] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchAPPSHAT-DISTRIBUTION.EXE-0479C4BD.pf
    O45 – LFCP:[MD5.EBD6711B2A2A98ACC22FAE63968C5007] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchNS11.TMP-22531237.pf
    O45 – LFCP:[MD5.87A013BF720734215BB1DCDEBBBCC397] – 26/08/2013 – 13:29:22 —A- – C:WINDOWSPrefetchMINIBAR.EXE-0B9EBD16.pf
    O45 – LFCP:[MD5.F9F62185B0A6B89EE637FEFF9FD8BC2F] – 26/08/2013 – 21:53:00 —A- – C:WINDOWSPrefetchSRS_POSTINSTALLER.EXE-07ACEA63.pf
    ~ Prefetcher: 129 Legitimates Filtered in 00mn 02s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “C:Program FilesGoforFilesgoforfilesdl.exe” [Enabled] .(…) — C:Program FilesGoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O47 – AAKE:Key Export SP – “C:Program FilesGoforFilesGoforFiles.exe” [Enabled] .(…) — C:Program FilesGoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O47 – AAKE:Key Export SP – “C:UsbFixGo.exe” [Enabled] .(.Pas de propriétaire.) — C:UsbFixGo.exe
    ~ Keys Export: 14 Legitimates Filtered in 00mn 03s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] – 18/11/2009 – 15:16:00 —A- . (.Creative – Creative WDM 3D Audio Driver.) — C:WINDOWSsystem32DriversAmbfilt.sys [1691480]
    O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    ~ Drivers: 5 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 25/08/2013 – 20:02:48 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerUserDataindex.dat [32768]
    O61 – LFC: 26/08/2013 – 12:20:20 —A- . (…) — C:Documents and SettingsBretagneRecentMBAM-log-2013-08-26 (13-18-57).lnk [619]
    O61 – LFC: 26/08/2013 – 13:07:00 —A- . (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
    O61 – LFC: 26/08/2013 – 13:27:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_3723752548.xml [9271]
    O61 – LFC: 26/08/2013 – 13:29:07 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication Dataavgchromeavgp [78261]
    O61 – LFC: 26/08/2013 – 14:28:30 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataLocal State [24417]
    O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16900701131.xml [4080]
    O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftInternet Explorerframeiconcache.dat [7492]
    O61 – LFC: 26/08/2013 – 15:12:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7913243153.xml [8019]
    O61 – LFC: 26/08/2013 – 15:12:55 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7929303826.xml [8695]
    O61 – LFC: 26/08/2013 – 15:14:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies [25600]
    O61 – LFC: 26/08/2013 – 15:48:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_15648585209.xml [6258]
    O61 – LFC: 26/08/2013 – 15:51:28 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16201793910.xml [6590]
    O61 – LFC: 26/08/2013 – 15:53:49 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16703706965.xml [6363]
    O61 – LFC: 26/08/2013 – 15:55:10 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16992118486.xml [7576]
    O61 – LFC: 26/08/2013 – 15:55:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17136839246.xml [10180]
    O61 – LFC: 26/08/2013 – 15:55:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17150870296.xml [8228]
    O61 – LFC: 26/08/2013 – 17:37:01 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultInvalidprefs.js [7155]
    O61 – LFC: 26/08/2013 – 17:37:13 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences [78261]
    O61 – LFC: 26/08/2013 – 19:00:11 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxCrash ReportsInstallTime20130814063812 [10]
    O61 – LFC: 26/08/2013 – 19:00:11 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultparent.lock [0]
    O61 – LFC: 26/08/2013 – 19:00:22 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultpluginreg.dat [9106]
    O61 – LFC: 26/08/2013 – 19:00:27 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions.sqlite [458752]
    O61 – LFC: 26/08/2013 – 19:00:29 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxMozilla Firefoxactive-update.xml [57]
    O61 – LFC: 26/08/2013 – 19:00:29 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxMozilla Firefoxupdates.xml [5965]
    O61 – LFC: 26/08/2013 – 19:00:30 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultwebappswebapps.json [2]
    O61 – LFC: 26/08/2013 – 19:00:40 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearch.json [12924]
    O61 – LFC: 26/08/2013 – 19:00:50 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaulturlclassifierkey3.txt [154]
    O61 – LFC: 26/08/2013 – 19:00:51 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultdownloads.sqlite [98304]
    O61 – LFC: 26/08/2013 – 19:01:35 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultformhistory.sqlite [196608]
    O61 – LFC: 26/08/2013 – 19:01:51 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxProfileso0k85q7f.defaultstartupCachestartupCache.4.little [1388167]
    O61 – LFC: 26/08/2013 – 19:02:02 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaulthealthreportstate.json [89]
    O61 – LFC: 26/08/2013 – 19:06:48 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultplaces.sqlite [10485760]
    O61 – LFC: 26/08/2013 – 19:08:35 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultaddons.sqlite [524288]
    O61 – LFC: 26/08/2013 – 19:10:32 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultblocklist.xml [76870]
    O61 – LFC: 26/08/2013 – 19:21:18 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultdh-media-lists.rdf [520]
    O61 – LFC: 26/08/2013 – 19:21:18 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultdh-smart-names.rdf [60185]
    O61 – LFC: 26/08/2013 – 19:21:18 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsessionstore.js [111439]
    O61 – LFC: 26/08/2013 – 19:21:19 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultbookmarkbackupsbookmarks-2013-08-26.json [5716]
    O61 – LFC: 26/08/2013 – 19:21:19 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaulthealthreport.sqlite [1146880]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcert8.db [114688]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcookies.sqlite [1048576]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultkey3.db [16384]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultlocalstore.rdf [8962]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultpermissions.sqlite [65536]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js [327086]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultwebappsstore.sqlite [294912]
    O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxProfileso0k85q7f.default_CACHE_CLEAN_ [1]
    O61 – LFC: 26/08/2013 – 19:51:48 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_28344452028.xml [15042]
    O61 – LFC: 26/08/2013 – 21:56:44 —A- . (…) — C:Documents and SettingsBretagneRecentIMG_0342.lnk [576]
    O61 – LFC: 26/08/2013 – 21:56:44 —A- . (…) — C:Documents and SettingsBretagneRecentkinshasa.lnk [435]
    O61 – LFC: 26/08/2013 – 22:05:09 —A- . (…) — C:Documents and SettingsBretagneRecentP1040112.lnk [626]
    O61 – LFC: 26/08/2013 – 22:41:24 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_10804311252.xml [5296]
    O61 – LFC: 26/08/2013 – 22:45:58 —A- . (…) — C:Documents and SettingsBretagneRecentP1040588.lnk [611]
    O61 – LFC: 27/08/2013 – 01:08:07 -SHA- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftCredentialsS-1-5-21-532639649-2019491048-2505128532-1005Credentials [370]
    O61 – LFC: 27/08/2013 – 01:09:20 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerDesktop.htt [2794]
    O61 – LFC: 27/08/2013 – 17:25:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar DNS datadata [67711]
    O61 – LFC: 27/08/2013 – 17:30:09 -SHA- . (…) — C:Documents and SettingsBretagneIETldCacheindex.dat [262144]
    O61 – LFC: 27/08/2013 – 17:30:09 -SHA- . (…) — C:Documents and SettingsBretagnePrivacIEindex.dat [16187392]
    ~ 15 Fichiers temporaires (Temporary files)
    ~ 208 Fichiers cookies (Cookies files)
    ~ Files: 745 Legitimates Filtered in 03mn 23s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – SosVirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 27/10/2005 – Pas de propriétaire (DOSMEMIO) .(…) – LEGACY_DOSMEMIO
    O64 – Services: CurCS – 06/08/2009 – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe (SRS_WOWXT_Service) .(.SRS Labs, Inc. – Service to handle post-installation details.) – LEGACY_SRS_WOWXT_SERVICE
    ~ Legacy: 144 Legitimates Filtered in 00mn 04s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

  • cedric
    Participant
    Post count: 9

    voila la deuxieme partie !!! merci —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossrider.bic”, “140bbc8eeb3c77c65a8a6a5913d26eae”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.InstallationThankYouPage”, false); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.InstallationTime”, 1377540042); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.active”, true); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.addressbar”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.addressbarenhanced”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.backgroundjs”, “nn//n”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.backgroundver”, 40); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.can_run_bg_code”, true); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.certdomaininstaller”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.changeprevious”, false); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.InstallationTime.value”, “1377540042”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_aoi.value”, “1377540042”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.expiration”, “Mon Aug 26 2013 20:05:56 GMT+0200”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.value”, “%22%28function%28%29%7BappAPI.db.get%28%5C%22_G[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_blocklist.value”, “%22nonexistantdomain.com%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration”, “Mon Sep 02 2013 20:00:55 GMT+0200”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_country_code.value”, “%22FR%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_crr.value”, “1377540131”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value”, “%221372074977%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value”, “%221%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value”, “%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installtime.value”, “%221372074977%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value”, “%2214019%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value”, “1377540098372”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_product_id.value”, “%221340%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value”, “%22345737%22”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.dbtest.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.dbtest.value”, “1377540054706”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.description”, “Supreme Savings”); =>PUP.RewardsArcade
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.domain”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.enablesearch”, false); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.homepage”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.iframe”, false); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value”, “%7B%22installer_bic%22%3Anull%2C%22install[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value”, “56”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value”, “1”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_meta.value”, “%7B%7D”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration”, “Tue Aug 27 2013 02:00:53 GMT+0200”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value”, “true”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_queue.value”, “%7B%7D”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.installer.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.installer.value”, “%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.js”, “nnif(“undefined”!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.manifesturl”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.name”, “Supreme Savings”); =>PUP.RewardsArcade
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.newtab”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.opensearch”, “”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1.code”, “appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1.ver”, 6); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000014.code”, “Array.prototype.indexOf||(Array.prototype.indexOf=fu[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000014.name”, “GPL Plugin (Loader)”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver”, 16); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000015.code”, “var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver”, 39); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_13.code”, “(function(a){a.selectedText=function(e,c){function d(){if[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_13.ver”, 3); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_14.code”, “if(typeof(appAPI)===”undefined”){appAPI={};}var CR__bIs[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_14.name”, “CrossriderUtils”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_14.ver”, 8); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_16.code”, “if((typeof isBackground===”undefined”||isBackground!==t[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_16.name”, “FFAppAPIWrapper”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_16.ver”, 9); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_17.code”, “if(typeof window!==”undefined”){n/*!n * jQuery JavaSc[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_17.ver”, 4); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_21.code”, “var CrossriderDebugManager=(function(h){var f={appId:appA[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_21.name”, “debug”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_21.ver”, 4); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_22.code”, “(function(a){appAPI.queueManager={queue:[],register:funct[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_22.ver”, 4); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_28.code”, “var CrossriderInitializerPlugin=(function(e){var c={appId[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_28.name”, “initializer”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_28.ver”, 3); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_4.code”, “var jQuery = $jquery_171 = $jquery = null;nnif (document[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_4.name”, “jquery_1_7_1”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_4.ver”, 4); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_47.code”, “(function(){appAPI.ready=function(a){appAPI.resources.isR[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_47.ver”, 3); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_64.code”, “(function(){var j=”__CR_EMPTY_CHANNEL__”;var d=function[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_64.name”, “appApiMessage”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_64.ver”, 2); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_72.code”, “if(appAPI.__should_activate_validation__===true){(functio[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_72.name”, “appApiValidation”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_72.ver”, 3); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_78.code”, “if(typeof jQuery!==”undefined”&&(jQuery)&&typeof naviga[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_78.name”, “CrossriderInfo”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_78.ver”, 3); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_98.code”, “(function(){var b=”cr_”+appAPI.appID+”internalMessage[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_98.name”, “omniCommands”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_98.ver”, 2); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins_lists.plugins_0”, “4,14,78,16,64,47,72,98,1000015”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins_lists.plugins_1”, “17,14,78,13,16,64,4,1,21,22,72,98,1000014,28”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins_lists.plugins_5”, “4,14,78,13,16,64,47,72”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.pluginsurl”, “https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/19962/plugins/091/ff/plugi[…] =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.pluginsversion”, 51); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.publisher”, “Innovative Apps”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.searchstatus”, 0); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.setnewtab”, false); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.thankyou”, “http://crossrider.com/thank_you/19962”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.updateinterval”, 360); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.ver”, 56); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.apps”, “19962”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.bic”, “140bbc8eeb3c77c65a8a6a5913d26eae”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.cid”, 19962); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.firstrun”, false); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.hadappinstalled”, true); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.installationdate”, 1377540042); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.lastcheck”, 22959001); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.lastcheckitem”, 22959021); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.modetype”, “production”); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.reportInstall”, true); =>PUP.CrossRider
    O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.statsDailyCounter”, 1); =>PUP.CrossRider
    O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (@ieframe.dll,-12512) – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.269D66BE95976ABC08FC6A2864873B06] [SPRF][10/06/2012] (…) — C:Documents and SettingsBretagneApplication Datawklnhst.dat [140]
    [MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][26/08/2013] (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
    [MD5.4754539F6D178B84DE28DBCBE7CDA23A] [SPRF][12/04/2013] (…) — C:Documents and SettingsBretagneBureauavira_free_antivirus.exe [2092792]
    [MD5.9941443D6A4C2DAE26582731B61444D4] [SPRF][12/04/2013] (.Piriform Ltd – CCleaner Installer.) — C:Documents and SettingsBretagneBureauccsetup400.exe [4316280] =>Piriform Ltd
    [MD5.2DFB1094CD2578E7A760D04DDA2651A1] [SPRF][12/03/2011] (…) — C:Program FilesQlogigra20.exe [12733237]
    ~ Files: 10 Legitimates Filtered in 00mn 06s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “DF42B2AC01EE9B240B94AA0862E8E712” . (.Boxore Client.) — C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore
    ~ Update Products: 58 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.42E11F7095F9D26DE9C014B19B558142] [WIS][16/08/2013] (.Boxore OU – Boxore Client Installer.) — C:WindowsInstaller333bed3.msi [474624] =>Adware.Boxore
    ~ WIS: 58 Legitimates Filtered in 00mn 09s

    —\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 20/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
    SR – | Auto 02/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
    SR – | Auto 02/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
    SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Auto 11/08/2012 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/08/2012 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 27/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SR – | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
    SS – | Demand 19/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SR – | Auto 06/08/2009 66792 | (SRS_WOWXT_Service) . (.SRS Labs, Inc..) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
    ~ Services: Scanned in 00mn 12s

    —\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by Bretagne at 27/08/2013 18:43:36

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x86BCFAB8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 13 Legitimates Filtered in 00mn 02s

    —\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Bretagne at 27/08/2013 18:43:38

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : v2.12865 – (24/08/2013)
    Clés trouvées (Keys found) : 16
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 4
    Fichiers trouvés (Files found) : 17

    [HKLMSoftwareGoogleChromeExtensionshlddcjcfgdjclmkhhddocoendieiooag] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsihkeoookbpemkdccdccdmacnidhooohk] =>PUP.RewardsArcade^
    [HKLMSoftwareGoogleChromeExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj] =>Toolbar.DeltaSearch^
    [HKLMSoftwareGoogleChromeExtensionspxpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{b6f4d32a-8066-470a-b12e-14cf2675282d}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{42974caa-fd59-4421-ad43-cf5e6a6bbd56}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareASKInstaller] =>Toolbar.AskBarDis
    [HKLMSOFTWARESOFTWAREUPDATECLIENTS{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcrossriderapp19962@crossrider.com =>PUP.RewardsArcade^
    C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider^
    C:Program FilesSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneLocal SettingsApplication DataSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshlddcjcfgdjclmkhhddocoendieiooag =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj =>Toolbar.DeltaSearch^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspxpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit^
    C:Program FilesMozilla FireFoxsearchpluginsbabylon.xml =>Toolbar.Babylon^
    C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
    C:WINDOWSTasksLyrics Plus Update.job =>Adware.AddLyrics^
    C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore^
    C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics^
    C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore^
    C:WindowsInstaller333bed3.msi =>Adware.Boxore^
    ~ Additionnel Scan: 226016 Items scanned in 00mn 48s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
    ~ http://nicolascoolman.webs.com28000037-pup-rewardsarcade” onclick=”window.open(this.href);return false; =>PUP.RewardsArcade
    ~ http://nicolascoolman.webs.com27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
    ~ http://nicolascoolman.webs.com29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
    ~ http://nicolascoolman.webs.com32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
    ~ http://nicolascoolman.webs.com26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ http://nicolascoolman.webs.com27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
    ~ MSI: 9 link(s) detected in 00mn 48s

    ~ 1711 Legitimates filtered by white list
    End of the scan (778 lines in 09mn 08s)(0)
    ore pour la procedure ! alors voila le rapport zhpdiag !

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir

    Applique ce correctif =>

    Lance ZHPFix par l’icône sur le bureau, par un double clic

    * Dans la fenêtre qui s’ouvre, valide par ” OK
    Elle a été créée lors de l’installation de ZHPDiag

    A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

    G2 - GCE: Preference [User DataDefault] [hlddcjcfgdjclmkhhddocoendieiooag] Lyrics Plus v.1.125 (Activé)   =>Adware.AddLyrics
    G2 - GCE: Preference [User DataDefault] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.51 (Activé) =>PUP.RewardsArcade
    G2 - GCE: Preference [User DataDefault] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (Activé) =>Adware.AddLyrics
    G2 - GCE: Preference [User DataDefault] [nohfdhapjjlndfgjnmdlcabloeembdkj] Delta Toolbar v.1.0 (Activé) =>Toolbar.DeltaSearch
    G2 - GCE: Preference [User DataDefault] [pxpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay
    M3 - MFPP: Plugins - [Bretagne] -- C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit
    M3 - MFPP: Plugins - [Bretagne] -- C:Program FilesMozilla FireFoxsearchpluginsbabylon.xml =>Toolbar.Babylon
    M2 - MFEP: prefs.js [Bretagne - o0k85q7f.defaultcrossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
    O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 - ToolbarWebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline => Toolbar.Google
    O4 - HKLM..Run: [SamsungWInClon] Clé orpheline => Orphean Key not necessary
    O39 - APT:Automatic Planified Task - C:WINDOWSTasksGoforFilesUpdate.job [282] =>P2P.GoforFiles
    O39 - APT:Automatic Planified Task - C:WINDOWSTasksLyrics Plus Update.job [366] =>Adware.AddLyrics
    O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
    O42 - Logiciel: Lyrics Plus - (.Plus Add-on Software.) [HKLM] -- {b6f4d32a-8066-470a-b12e-14cf2675282d} =>Adware.AddLyrics
    O42 - Logiciel: Lyrics-Pal - (.LyricsPal Soft. LTD.) [HKLM] -- {42974caa-fd59-4421-ad43-cf5e6a6bbd56} =>Adware.AddLyrics
    [HKLMSoftwareASKINSTALLER] => Toolbar.Ask
    O43 - CFD: 25/04/2013 - 00:52:31 - [0,201] ----D C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider
    O45 - LFCP:[MD5.1ED4A59650EFF110647C8CC4C7A0C54E] - 23/08/2013 - 21:03:01 ---A- - C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore
    O45 - LFCP:[MD5.4432395CA35830AC23B2FE3495BA3E92] - 25/08/2013 - 19:06:17 ---A- - C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade
    O45 - LFCP:[MD5.A508515EC45775307AB1C419DE477E5B] - 26/08/2013 - 11:37:16 ---A- - C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade
    O45 - LFCP:[MD5.9481E75CB06930331E001712BC2A7CB7] - 26/08/2013 - 11:39:00 ---A- - C:WINDOWSPrefetchSOFTWARECRASHHANDLER.EXE-0425ECA6.pf => Infection PUP (Adware.Boxore)
    O45 - LFCP:[MD5.A4DAE50F7713862277A68714B7640B1C] - 26/08/2013 - 12:35:23 ---A- - C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics
    O45 - LFCP:[MD5.1F6DA1A96B835664DED860928B433F30] - 26/08/2013 - 13:29:05 ---A- - C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics
    O45 - LFCP:[MD5.E9F59BAF53E771AA59DDF22AD18F2D30] - 26/08/2013 - 13:29:14 ---A- - C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics
    O47 - AAKE:Key Export SP - "C:Program FilesGoforFilesgoforfilesdl.exe" [Enabled] .(...) -- C:Program FilesGoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O47 - AAKE:Key Export SP - "C:Program FilesGoforFilesGoforFiles.exe" [Enabled] .(...) -- C:Program FilesGoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossrider.bic", "140bbc8eeb3c77c65a8a6a5913d26eae"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.InstallationThankYouPage", false); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1377540042); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.active", true); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.addressbar", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.addressbarenhanced", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.backgroundjs", "nn//n"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.backgroundver", 40); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.can_run_bg_code", true); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.certdomaininstaller", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.changeprevious", false); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1377540042"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.value", "1377540042"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.expiration", "Mon Aug 26 2013 20:05:56 GMT+0200"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7BappAPI.db.get%28%5C%22_G[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration", "Mon Sep 02 2013 20:00:55 GMT+0200"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.value", "%22FR%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.value", "1377540131"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value", "%221372074977%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.value", "%221372074977%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value", "1377540098372"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.value", "%221340%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value", "%22345737%22"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.value", "1377540054706"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.description", "Supreme Savings"); =>PUP.RewardsArcade
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.domain", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.enablesearch", false); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.homepage", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.iframe", false); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22install[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value", "56"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value", "1"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration", "Tue Aug 27 2013 02:00:53 GMT+0200"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.js", "nnif("undefined"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.manifesturl", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.name", "Supreme Savings"); =>PUP.RewardsArcade
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.newtab", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.opensearch", ""); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.ver", 6); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.ver", 3); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.code", "if(typeof(appAPI)==="undefined"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.name", "CrossriderUtils"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.ver", 8); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.code", "if((typeof isBackground==="undefined"||isBackground!==t[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.ver", 9); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.code", "if(typeof window!=="undefined"){n/*!n * jQuery JavaSc[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.ver", 4); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.ver", 4); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.ver", 4); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.ver", 3); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;nnif (document[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.ver", 4); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.ver", 3); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.code", "(function(){var j="__CR_EMPTY_CHANNEL__";var d=function[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.ver", 2); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.name", "appApiValidation"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.ver", 3); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.code", "if(typeof jQuery!=="undefined"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.ver", 3); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.code", "(function(){var b="cr_"+appAPI.appID+"internalMessage[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins.plugin_98.ver", 2); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/19962/plugins/091/ff/plugi[...] =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.pluginsversion", 51); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.publisher", "Innovative Apps"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.searchstatus", 0); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.setnewtab", false); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.thankyou", "http://crossrider.com/thank_you/19962"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.updateinterval", 360); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.19962.ver", 56); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.apps", "19962"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.bic", "140bbc8eeb3c77c65a8a6a5913d26eae"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.cid", 19962); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.firstrun", false); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.hadappinstalled", true); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.installationdate", 1377540042); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.lastcheck", 22959001); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.lastcheckitem", 22959021); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.modetype", "production"); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.reportInstall", true); =>PUP.CrossRider
    O69 - SBI: prefs.js [Bretagne - o0k85q7f.default] user_pref("extensions.crossriderapp19962.statsDailyCounter", 1); =>PUP.CrossRider
    O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore
    [MD5.42E11F7095F9D26DE9C014B19B558142] [WIS][16/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:WindowsInstaller333bed3.msi [474624] =>Adware.Boxore
    [HKLMSoftwareGoogleChromeExtensionshlddcjcfgdjclmkhhddocoendieiooag] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsihkeoookbpemkdccdccdmacnidhooohk] =>PUP.RewardsArcade^
    [HKLMSoftwareGoogleChromeExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^
    [HKLMSoftwareGoogleChromeExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj] =>Toolbar.DeltaSearch^
    [HKLMSoftwareGoogleChromeExtensionspxpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{b6f4d32a-8066-470a-b12e-14cf2675282d}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{42974caa-fd59-4421-ad43-cf5e6a6bbd56}] =>Adware.AddLyrics^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
    [HKLMSoftwareASKInstaller] =>Toolbar.AskBarDis
    [HKLMSOFTWARESOFTWAREUPDATECLIENTS{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcrossriderapp19962@crossrider.com =>PUP.RewardsArcade^
    C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider^
    C:Program FilesSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneLocal SettingsApplication DataSoftware =>Adware.Boxore
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshlddcjcfgdjclmkhhddocoendieiooag =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj =>Toolbar.DeltaSearch^
    C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspxpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
    C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit^
    C:Program FilesMozilla FireFoxsearchpluginsbabylon.xml =>Toolbar.Babylon^
    C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
    C:WINDOWSTasksLyrics Plus Update.job =>Adware.AddLyrics^
    C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore^
    C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade^
    C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics^
    C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics^
    C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore^
    C:WindowsInstaller333bed3.msi =>Adware.Boxore^


    EmptyCLSID
    Emptytemp
    EmptyFlash
    Sysrestore

    Clique sur le bouton Presse-papier encadré en rouge sur l’image.

    Les lignes contenues dans le presse-papier vont s’afficher.

    Clique sur le bouton GO en bas à gauche.

    Note: Si l’UAC est active, après le clic sur “GO”, un message va apparaître du style “Voulez-vous autoriser le programme….” qu’il faudra valider :
    Puis ZHPFix se relance, il faudra à nouveau cliquer sur le bouton “Presse-papier” pour coller les lignes, puis sur le bouton “GO”

    Une fois le résultat affiché, clique sur la croix rouge pour refermer l’outil (en haut à doite).

    Poste le contenu du rapport ZHPFixReport.txt, enregistré sur le bureau.

    Le rapport se trouve aussi à cet emplacement => C:ZHPZHPFix.txt

    Reviens dans ta réponse avec le rapport de ZHPFix ;)

Le sujet ‘besoin d’aide’ est fermé à de nouvelles réponses.