Répondre à : besoin d’aide 2016-09-08T13:04:40+00:00
cedric
Participant
Nombre d'articles : 9

voila la deuxieme partie !!! merci —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossrider.bic”, “140bbc8eeb3c77c65a8a6a5913d26eae”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.InstallationThankYouPage”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.InstallationTime”, 1377540042); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.active”, true); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.addressbar”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.addressbarenhanced”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.backgroundjs”, “nn//n”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.backgroundver”, 40); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.can_run_bg_code”, true); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.certdomaininstaller”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.changeprevious”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.InstallationTime.value”, “1377540042”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_aoi.value”, “1377540042”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.expiration”, “Mon Aug 26 2013 20:05:56 GMT+0200”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_arbitrary_code.value”, “%22%28function%28%29%7BappAPI.db.get%28%5C%22_G[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_blocklist.value”, “%22nonexistantdomain.com%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration”, “Mon Sep 02 2013 20:00:55 GMT+0200”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_country_code.value”, “%22FR%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_crr.value”, “1377540131”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value”, “%221372074977%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value”, “%221%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value”, “%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_installtime.value”, “%221372074977%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value”, “%2214019%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value”, “1377540098372”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_product_id.value”, “%221340%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value”, “%22345737%22”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.dbtest.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.cookie.dbtest.value”, “1377540054706”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.description”, “Supreme Savings”); =>PUP.RewardsArcade
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.domain”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.enablesearch”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.homepage”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.iframe”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value”, “%7B%22installer_bic%22%3Anull%2C%22install[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value”, “56”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value”, “1”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_meta.value”, “%7B%7D”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration”, “Tue Aug 27 2013 02:00:53 GMT+0200”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value”, “true”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.Resources_queue.value”, “%7B%7D”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.installer.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.internaldb.installer.value”, “%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.js”, “nnif(“undefined”!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.manifesturl”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.name”, “Supreme Savings”); =>PUP.RewardsArcade
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.newtab”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.opensearch”, “”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1.code”, “appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1.ver”, 6); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000014.code”, “Array.prototype.indexOf||(Array.prototype.indexOf=fu[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000014.name”, “GPL Plugin (Loader)”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver”, 16); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000015.code”, “var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver”, 39); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_13.code”, “(function(a){a.selectedText=function(e,c){function d(){if[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_13.ver”, 3); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_14.code”, “if(typeof(appAPI)===”undefined”){appAPI={};}var CR__bIs[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_14.name”, “CrossriderUtils”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_14.ver”, 8); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_16.code”, “if((typeof isBackground===”undefined”||isBackground!==t[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_16.name”, “FFAppAPIWrapper”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_16.ver”, 9); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_17.code”, “if(typeof window!==”undefined”){n/*!n * jQuery JavaSc[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_17.ver”, 4); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_21.code”, “var CrossriderDebugManager=(function(h){var f={appId:appA[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_21.name”, “debug”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_21.ver”, 4); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_22.code”, “(function(a){appAPI.queueManager={queue:[],register:funct[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_22.ver”, 4); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_28.code”, “var CrossriderInitializerPlugin=(function(e){var c={appId[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_28.name”, “initializer”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_28.ver”, 3); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_4.code”, “var jQuery = $jquery_171 = $jquery = null;nnif (document[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_4.name”, “jquery_1_7_1”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_4.ver”, 4); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_47.code”, “(function(){appAPI.ready=function(a){appAPI.resources.isR[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_47.ver”, 3); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_64.code”, “(function(){var j=”__CR_EMPTY_CHANNEL__”;var d=function[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_64.name”, “appApiMessage”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_64.ver”, 2); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_72.code”, “if(appAPI.__should_activate_validation__===true){(functio[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_72.name”, “appApiValidation”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_72.ver”, 3); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_78.code”, “if(typeof jQuery!==”undefined”&&(jQuery)&&typeof naviga[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_78.name”, “CrossriderInfo”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_78.ver”, 3); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_98.code”, “(function(){var b=”cr_”+appAPI.appID+”internalMessage[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_98.name”, “omniCommands”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins.plugin_98.ver”, 2); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins_lists.plugins_0”, “4,14,78,16,64,47,72,98,1000015”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins_lists.plugins_1”, “17,14,78,13,16,64,4,1,21,22,72,98,1000014,28”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.plugins_lists.plugins_5”, “4,14,78,13,16,64,47,72”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.pluginsurl”, “https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/19962/plugins/091/ff/plugi[…] =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.pluginsversion”, 51); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.publisher”, “Innovative Apps”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.searchstatus”, 0); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.setnewtab”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.thankyou”, “http://crossrider.com/thank_you/19962”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.updateinterval”, 360); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.19962.ver”, 56); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.apps”, “19962”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.bic”, “140bbc8eeb3c77c65a8a6a5913d26eae”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.cid”, 19962); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.firstrun”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.hadappinstalled”, true); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.installationdate”, 1377540042); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.lastcheck”, 22959001); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.lastcheckitem”, 22959021); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.modetype”, “production”); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.reportInstall”, true); =>PUP.CrossRider
O69 – SBI: prefs.js [Bretagne – o0k85q7f.default] user_pref(“extensions.crossriderapp19962.statsDailyCounter”, 1); =>PUP.CrossRider
O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (@ieframe.dll,-12512) – http://search.live.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.269D66BE95976ABC08FC6A2864873B06] [SPRF][10/06/2012] (…) — C:Documents and SettingsBretagneApplication Datawklnhst.dat [140]
[MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][26/08/2013] (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
[MD5.4754539F6D178B84DE28DBCBE7CDA23A] [SPRF][12/04/2013] (…) — C:Documents and SettingsBretagneBureauavira_free_antivirus.exe [2092792]
[MD5.9941443D6A4C2DAE26582731B61444D4] [SPRF][12/04/2013] (.Piriform Ltd – CCleaner Installer.) — C:Documents and SettingsBretagneBureauccsetup400.exe [4316280] =>Piriform Ltd
[MD5.2DFB1094CD2578E7A760D04DDA2651A1] [SPRF][12/03/2011] (…) — C:Program FilesQlogigra20.exe [12733237]
~ Files: 10 Legitimates Filtered in 00mn 06s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “DF42B2AC01EE9B240B94AA0862E8E712” . (.Boxore Client.) — C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore
~ Update Products: 58 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.42E11F7095F9D26DE9C014B19B558142] [WIS][16/08/2013] (.Boxore OU – Boxore Client Installer.) — C:WindowsInstaller333bed3.msi [474624] =>Adware.Boxore
~ WIS: 58 Legitimates Filtered in 00mn 09s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 20/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 02/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 02/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SS – | Auto 11/08/2012 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 11/08/2012 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 27/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
SS – | Demand 19/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SR – | Auto 06/08/2009 66792 | (SRS_WOWXT_Service) . (.SRS Labs, Inc..) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
~ Services: Scanned in 00mn 12s

—\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by Bretagne at 27/08/2013 18:43:36

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x86BCFAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s

—\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Bretagne at 27/08/2013 18:43:38

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : v2.12865 – (24/08/2013)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 17

[HKLMSoftwareGoogleChromeExtensionshlddcjcfgdjclmkhhddocoendieiooag] =>Adware.AddLyrics^
[HKLMSoftwareGoogleChromeExtensionsihkeoookbpemkdccdccdmacnidhooohk] =>PUP.RewardsArcade^
[HKLMSoftwareGoogleChromeExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf] =>Adware.AddLyrics^
[HKLMSoftwareGoogleChromeExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj] =>Toolbar.DeltaSearch^
[HKLMSoftwareGoogleChromeExtensionspxpohikckhbcljgombipcdoinkaedlfa] =>Spyware.SmartDisplay^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{b6f4d32a-8066-470a-b12e-14cf2675282d}] =>Adware.AddLyrics^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{42974caa-fd59-4421-ad43-cf5e6a6bbd56}] =>Adware.AddLyrics^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLMSoftwareASKInstaller] =>Toolbar.AskBarDis
[HKLMSOFTWARESOFTWAREUPDATECLIENTS{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
[HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcrossriderapp19962@crossrider.com =>PUP.RewardsArcade^
C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider^
C:Program FilesSoftware =>Adware.Boxore
C:Documents and SettingsBretagneLocal SettingsApplication DataSoftware =>Adware.Boxore
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionshlddcjcfgdjclmkhhddocoendieiooag =>Adware.AddLyrics^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmmiopbgcekanlhpjkonogoljpfmhpkhf =>Adware.AddLyrics^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnohfdhapjjlndfgjnmdlcabloeembdkj =>Toolbar.DeltaSearch^
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspxpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay^
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit^
C:Program FilesMozilla FireFoxsearchpluginsbabylon.xml =>Toolbar.Babylon^
C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
C:WINDOWSTasksLyrics Plus Update.job =>Adware.AddLyrics^
C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore^
C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade^
C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade^
C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics^
C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics^
C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics^
C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore^
C:WindowsInstaller333bed3.msi =>Adware.Boxore^
~ Additionnel Scan: 226016 Items scanned in 00mn 48s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com28000037-pup-rewardsarcade” onclick=”window.open(this.href);return false; =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ http://nicolascoolman.webs.com27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
~ MSI: 9 link(s) detected in 00mn 48s

~ 1711 Legitimates filtered by white list
End of the scan (778 lines in 09mn 08s)(0)
ore pour la procedure ! alors voila le rapport zhpdiag !