Il y a actuellement 586 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

22 Find tapak

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

22 Find tapak

Message le 21 Fév 2013 09:05

Bonjour ,

En voulant télécharger Firefox j'ai également chargé malencontreusement le programme parasite " 22 find tapak" dont je n'arrive pas à me débarrasser , ni en passant par le panneau de configuration ni par Adwcleaner .
J'ai tenté alors de supprimer Firefox ...mais quand je le réinstalle ce parasite de 22 find tapak est toujours collé à firefox .

Comment m'y prendre pour supprimer ce parasite ?

Merci

Pilatus .
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 


Re: 22 Find tapak

Message le 21 Fév 2013 09:44

Bonjour

je déplace dans "sécurité et virus" pour la vermine c'est plus approprié
Avatar de l'utilisateur
EinsteinZero
Moderateur
Moderateur
 
Messages: 18429
Inscription: 27 Déc 2009 16:22
Localisation: Normandie
 

Re: 22 Find tapak

Message le 21 Fév 2013 09:48

Bonjour,

Je suis Raptor14. Je vais prendre en charge ta désinfection sur le forum.

A savoir :
Le temps de désinfection est très variable suivants :

  • Les infections présentes
  • Ta disponibilité
  • Ta rigueur pour suivre les instructions

Quelques conseils :

  • Lis une fois les instructions en entier sans faire de manipulation.
  • Si tu as un doute sur les manipulations à effectuer posent les !
  • Tant que je ne dis pas que la désinfection n'est pas fini c'est qu'elle ne l'ai pas, même si les problèmes ne sont plus présents.
  • Ne fait pas les choses trop vite sinon, si tu dois recommencer c'est une perte de temps

Merci de ne crée d'autre sujet pour ce problème dans un autre forum.

Ne passe pas d'outils de désinfection autre que ce que je te dirais.


Note : Les scripts qui seront rédigés sont uniquement pour ton ordinateur, ils sont strictement personnels !

Fais ceci ;)

  • Télécharges MalwareBytes
  • Procèdes à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
  • Sélectionne Examen complet
  • Cliques sur Rechercher
  • Supprimes tout les éléments trouvés
  • Postes le rapport sur le forum
Image

Puis fais ceci :

    Image Lit bien le tutoriel en entier une fois avant de faire quoi que ce soit, soit attentif aux détails et lit bien ce que l'on te demande c'est important !! Image

    Utilise ce logiciel de diagnostic :

  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau .

    Pour ce faire, clic droit sur Le liens çi dessus puis cliques sur Enregistrer le lien sous :

    Image


    Laisse toi guider lors de l'installation (pense à cocher la case pour créer un raccourci sur le Bureau)

    Lance ZHPDiag une fois l'installation terminé (Sous vista et Seven clic droit exécuter en tant qu'administrateur)

    Image

  • Cliques sur l'icône représentant un tournevis
  • Cliques sur "Tous"
  • Cliques sur l'icône représentant une loupe (« Lancer le diagnostic »)

Image
    ImageATTENTION NE TOUCHES PAS A L'ORDINATEUR PENDANT LE SCAN Image

    Si tu touche au PC le programme va geler comme ceci :


    Image

    • Une fois le scan terminé rends toi sur le bureau un fichier txt à été crée Image

    • Héberge le rapport ZHPDiag.txt sur cjoint.com, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Si tu as des questions n'hésites pas 8)

++ ;)
Avatar de l'utilisateur
Raptor14
PC-Infopraticien
PC-Infopraticien
 
Messages: 2207
Inscription: 13 Juin 2011 19:26
 

Re: 22 Find tapak

Message le 21 Fév 2013 14:01

Bonjour Raptor 14 ,

Merci pour ton aide ...mais la procédure de désinfection m'effraie un peu par sa complexité .
Je constate que 22 find tapak ne se manifeste que si j'installe Firefox ; si je me contente d'internet explorer ....Pas de 22 find .
N'y aurait-il pas simplement un moyen de charger un Firefox qui ne serait pas infecté ?

Pilatus
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 

Re: 22 Find tapak

Message le 21 Fév 2013 15:54

Salut.

N'ais pas peur pour le tuto que Raptor ta écris, il est très complet !

Et j'ai comme une impréssion que ton "22 find" n'est pas uniquement dans Firefox.

Bye
Avatar de l'utilisateur
MisterSparta
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 418
Inscription: 21 Juin 2010 18:40
Localisation: Québec
 

Re: 22 Find tapak

Message le 22 Fév 2013 08:57

Bonjour Raptor 14 ,

Avant de débuter la procédure je me permets de te poser quelques questions certainement très naïves .
1- Pour envoyer le rapport , je vois qu'il faut utiliser le " bbcode{code] votre rapport [code] " ....cela est bien mystérieux . Pratiquement comment doit-on procéder ?
2- Qu'est-ce qu'un fichier txt ?
3- Que signifie précisément " Héberger le rapport ZHP Diag.txt sur cjoint.com " .?

Excuse mon ignorance .

Pilatus .
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 

Re: 22 Find tapak

Message le 22 Fév 2013 11:11

Bonjour,

Je comprends tout a fait le votre crainte je suis passé par là également ;)

Pour répondre à ta question le Bbcode permet d'éviter le fouillis dans un sujet et éviter que les pages d'un sujet soit très longue. Pour te donner une image c'est un peut comme plein de feuilles volantes de papier d'un côté et de l'autre le même dossier et celui çi dans un feuille plastique.

Un .txt est une extension. Une extension c'est ce qui permet à l'ordinateur de savoir avec quel logiciel il doit ouvrir tel ou tel fichier. Je supposes que tu connais Word ? Et bien quand l’extension d'un fichier word est .doc ou .docx.

Dans notre cas c'est un .txt car ce type de fichier et lisible sur n'importe quel ordinateur, systèmes d'exploitations.

Quand je te dis d'héberger le rapport ZHPdiag sur http://www.cjoint.com cela veut dire que tu va indiquer sur le site l'endroit du rapport ZHPDiag de ton ordinateur et tu va le mettre sur une page web. Puis tu posteras le lien pour que je puisse y avoir acces et de ce faite t'aider au mieux. Aucunes informations personnels n'est dans ce rapport. Par exemple mdp, code bancaires, ... C'est absolument sans risque !

Il est vrai que certaines personnes font les manipulations sans poser de questions, mais cela à min avis ne fait absolument pas d'êux des idiots, et je ne penses pas que cela soit du au faite qu'ils soient déséspérer, mais ils se basent simplement sur la confiance ;)
Avatar de l'utilisateur
Raptor14
PC-Infopraticien
PC-Infopraticien
 
Messages: 2207
Inscription: 13 Juin 2011 19:26
 

Re: 22 Find tapak

Message le 22 Fév 2013 14:41

[Je ne sais pas trop si le rapport que j'envoie est expédié sous la bonne forme . En fait je n'ai pas bien compris l'intérêt des bbcodes et sur la façon de les utiliser ... Puis-je quand même continuer la procédure avec ZHD ? ]



Malwarebytes Anti-Malware (Essai) 1.70.0.1100
www.malwarebytes.org

Version de la base de données: v2013.02.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JC :: JC-PC [administrateur]

Protection: Activé

21/02/2013 14:07:43
MBAM-log-2013-02-21 (15-02-59).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 345516
Temps écoulé: 47 minute(s), 12 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B} (Adware.Boxore) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Software\Update\Clients\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}|name (Adware.Boxore) -> Données: BoxoreClient -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (http://www.22find.com/newtab?utm_source ... 1359788341) Bon: (http://www.google.com) -> Aucune action effectuée.

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\JC\Downloads\googlebar.exe (PUP.Offerware) -> Aucune action effectuée.

(fin)
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 

Re: 22 Find tapak

Message le 22 Fév 2013 15:24

Bonjour,

Oui, continue pour ZHPDiag mais lit bien les instructions que j'écris sinon la désinfection sera longue.

Relance Malwares bytes en examen complet et supprime les éléments trouvés comment dit plus haut :

Raptor14 a écrit:
  • Télécharges MalwareBytes
  • Procèdes à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware PRO"
  • Sélectionne Examen complet
  • Cliques sur Rechercher
  • Supprimes tout les éléments trouvés
  • Postes le rapport sur le forum
Image
Avatar de l'utilisateur
Raptor14
PC-Infopraticien
PC-Infopraticien
 
Messages: 2207
Inscription: 13 Juin 2011 19:26
 

Re: 22 Find tapak

Message le 22 Fév 2013 16:43

En voulant télécharger ZHPDiag , je reçois un message me disant que ce programme pourrait endommager l'ordinateur ?
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 

Re: 22 Find tapak

Message le 22 Fév 2013 16:46

Aucun risque, télécharges le ;)
Avatar de l'utilisateur
Raptor14
PC-Infopraticien
PC-Infopraticien
 
Messages: 2207
Inscription: 13 Juin 2011 19:26
 

Re: 22 Find tapak

Message le 22 Fév 2013 16:49

Bonjour

Si tu as téléchargé ZHPDiag >>ici<<, il n'y a normalement pas de risque.... donc pas de soucis :wink:
Avatar de l'utilisateur
EinsteinZero
Moderateur
Moderateur
 
Messages: 18429
Inscription: 27 Déc 2009 16:22
Localisation: Normandie
 

Re: 22 Find tapak

Message le 23 Fév 2013 10:31

Bonjour Raptor ,

Comme tout me semble assez mystérieux , je ne suis pas sûr d'avoir procédé correctement à l'hébergement et à l'envoi .
( En fait , je ne vois pas pourquoi je n'aurais pas pu t'envoyer directement le fichier txt ).
Je croise les doigts et je te remercie pour ta patience .



Rapport de ZHPDiag v1.3.5.113 par Nicolas Coolman, Update du 21/02/2013
Run by JC at 23/02/2013 08:25:50
State : Version à jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 19.0 v19.0 (Defaut)
GCIE: Google Chrome v24.0.1312.57

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 359 GB (79%) free of 454 GB

---\\ Logged in mode
~ Computer Name: JC-PC
~ User Name: JC
~ All Users Names: JC, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\JC\AppData\Roaming\
~ %Desktop% : C:\Users\JC\Desktop\
~ %Favorites% : C:\Users\JC\Favorites\
~ %LocalAppData% : C:\Users\JC\AppData\Local\
~ %StartMenu% : C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 359 Go of 454 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.435E9C764E1EF70058580996452BE6A2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.09/01/2013 - 02:12:03.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2421
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/47
~ Mes Documents (My Documents) : 1/79
~ Mon Bureau (My Desktop) : 1/11833
~ Menu demarrer (Programs) : 1/24
~ Scan Hidden Files in 00mn 13s



---\\ Processus lancés
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.2232]
[MD5.52AA45AC46E2DFE0A1F7EF3717F59BD5] - (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe [269440] [PID.3404]
[MD5.7DD89B2CF4122B46DC9B65DF29E3808C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [17706088] [PID.3416]
[MD5.D86E9B861F686BEBA746BCDF5E5C55DA] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [385024] [PID.3664]
[MD5.20E044420B9A2263E990A2C2DF0983F3] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1157640] [PID.4064]
[MD5.5AEA1DB5490429EEB0989A0CE2A52D5E] - (.NewTech Infosystems, Inc. - Packard Bell MyBackup.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912] [PID.3200]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.3708]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072] [PID.3752]
[MD5.F18E51E0C244E50B43036012900A3C57] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [5693440] [PID.2696]
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1204]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1496]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496] [PID.1904]
[MD5.70E3EB0CEF795D348F05E5A9B115F491] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720] [PID.1948]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.1136]
[MD5.36051C50715D8517D06405C7CC98D14E] - (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\Savdm.exe [155264] [PID.1684]
[MD5.280FFEB925B31B7D637C068D8D33DEBB] - (.Advernet - SavdmMonitor.) -- C:\Program Files (x86)\Savdm\SavdmMonitor.exe [33920] [PID.2248]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2356]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160] [PID.2496]
[MD5.1ACAA67676E9E7BDA5E0C41B6E0DECAF] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184] [PID.2264]
[MD5.916B8954AC3E06DC9E898AFFB41F3FB6] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344] [PID.2952]
~ Scan Processes Running in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\nf0aycru.default\prefs.js (.not file.)
C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js (.not file.)
C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\vnpbt5nq.default\prefs.js
M3 - MFPP: Plugins - [JC] -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\vnpbt5nq.default\searchplugins\wiseconvert-15-customized-web-search.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\22find.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [JC - vnpbt5nq.default] about:home
M2 - MFEP: prefs.js [JC - vnpbt5nq.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v2.0 (.Microsoft.)
M2 - MFEP: prefs.js [JC - vnpbt5nq.default\extension21810@extension21810.com] [] Giant Savings Extension v2.0 (.215 Apps.)
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.22find.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Download and Record Plugin.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbro
O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! WebRep [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Packard Bell MyBackup.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe
O4 - HKUS\S-1-5-18\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe
O4 - HKUS\S-1-5-21-4056774841-4084000601-2717787810-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4056774841-4084000601-2717787810-1000\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe
O4 - HKUS\S-1-5-21-4056774841-4084000601-2717787810-1000\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-4056774841-4084000601-2717787810-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\JC\Desktop\80-646-08 Calcul stochastique I - HEC Montréal.url . (...) -- C:\Users\JC\Desktop\80-646-08 Calcul stochastique I - HEC Montréal.url
O4 - Global Startup: C:\Users\JC\Desktop\9-56 Introduction to Brownian Motion and the Ito Integral, Robert Simione - part2de ledflyd 12 574 vues.url . (...) -- C:\Users\JC\Desktop\9-56 Introduction to Brownian Motion and the Ito I
O4 - Global Startup: C:\Users\JC\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - Global Startup: C:\Users\JC\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner64.exe
O4 - Global Startup: C:\Users\JC\Desktop\Internet Explorer Portail Orange.url . (...) -- C:\Users\JC\Desktop\Internet Explorer Portail Orange.url
O4 - Global Startup: C:\Users\JC\Desktop\Marchés dérivés.url . (...) -- C:\Users\JC\Desktop\Marchés dérivés.url
O4 - Global Startup: C:\Users\JC\Desktop\Peinture cuisine - Raccourci.lnk . (...) -- C:\Users\JC\Desktop\En vrac\Courrier\Peinture cuisine
O4 - Global Startup: C:\Users\JC\Desktop\PMB - Picture Motion Browser.lnk . (.Sony Corporation.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUBrowser.exe
O4 - Global Startup: C:\Users\JC\Desktop\Programme TV - Programme Télé séries, documentaires, téléfilms, films - Télérama.fr.url . (...) -- C:\Users\JC\Desktop\Programme TV - Programme Télé séries, documentaires, téléfilms, films - Télérama.fr.url
O4 - Global Startup: C:\Users\JC\Desktop\watch-v=fEsnMyi5-8k.url . (...) -- C:\Users\JC\Desktop\watch-v=fEsnMyi5-8k.url
O4 - Global Startup: C:\Users\JC\Desktop\watch-v=ny9uQ72moC4.url . (...) -- C:\Users\JC\Desktop\watch-v=ny9uQ72moC4.url
O4 - Global Startup: C:\Users\JC\Desktop\Équation différentielle stochastique - Wikipédia.url . (...) -- C:\Users\JC\Desktop\Équation différentielle stochastique - Wikipédia.url
O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\V9.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{56FC4207-2F2D-4331-9334-4888BA2D3359}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{56FC4207-2F2D-4331-9334-4888BA2D3359}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{56FC4207-2F2D-4331-9334-4888BA2D3359}: DhcpNameServer = 192.168.1.1
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Scan Protocole Additionnel in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated - ePowerSvc.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: GRegService (Greg_Service) . (.Acer Incorporated - Global Registration Service.) - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NTI IScheduleSvc (NTI IScheduleSvc) . (.NewTech Infosystems, Inc. - Backup Manager Module.) - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: (Savdm) . (.Advernet - Savdm.) - C:\Program Files (x86)\Savdm\Savdm.exe
O23 - Service: SavdmMonitor (SavdmMonitor) . (.Advernet - SavdmMonitor.) - C:\Program Files (x86)\Savdm\SavdmMonitor.exe
O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
~ Scan Services in 00mn 11s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.7F19838AC317C34FCED020BE529AF71E] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
[MD5.74660C1E9139D95F4E006E8E49EA4986] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.6A8E0E72D390B95EFE3A7FFA17D5C504] [APT] [RealDownloaderDownloaderScheduledTaskS-1-5-21-4056774841-4084000601-2717787810-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
[MD5.B7D0F1FA8926F0D58B7A000E5DAB4B3E] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-4056774841-4084000601-2717787810-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
[MD5.B7D0F1FA8926F0D58B7A000E5DAB4B3E] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4056774841-4084000601-2717787810-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
[MD5.9A7F1691F76E019C11481B6355125072] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-4056774841-4084000601-2717787810-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
[MD5.9A7F1691F76E019C11481B6355125072] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-4056774841-4084000601-2717787810-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.)
[MD5.D735BA7D6ED4D47E75DE0EB0F8253F20] [APT] [Updater21810.exe] (.FileProperties_CompanyName.) -- C:\Users\JC\AppData\Local\Updater21810\Updater21810.exe
[MD5.00000000000000000000000000000000] [APT] [{A2DAB995-2CF9-4159-A9D4-D681ECB897A4}] (...) -- C:\Users\JC\Desktop\MTW6.7.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{BD0D0BC6-DB0A-4981-B55B-FD15D15EF596}] (...) -- C:\Users\JC\Desktop\MTW6.7.exe (.not file.)
[MD5.7F59E4F51DA9C9C6B29B881D8DD92400] [APT] [Burn Notification] (.Acer.) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe
~ Scan Scheduled Task in 00mn 05s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\Drivers\aswrdr2.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: ATI AVIVO64 Codecs - (.ATI Technologies Inc..) [HKLM][64Bits] -- {7B487697-A041-A601-5CC1-E87A29C42FAA}
O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {287ECFA4-719A-2143-A09B-D6A12DE54E40}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- {A2BCA9F1-566C-4805-97D1-7FDC93386723}
O42 - Logiciel: Adobe Reader XI (11.0.01) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Backup Manager Basic - (.NewTech Infosystems.) [HKLM][64Bits] -- {72B776E5-4530-4C4B-9453-751DF87D9D93}
O42 - Logiciel: Best Removal Tool - (.www.bestremovaltool.com.) [HKLM][64Bits] -- Best Removal Tool_is1
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}
O42 - Logiciel: CheckRun22find_uninstaller - (.CheckSoftware.) [HKLM][64Bits] -- CheckRun22find_uninstaller
O42 - Logiciel: Entraîneur Cérébral Version Intégrale - (.Mindscape.) [HKLM][64Bits] -- {243A1493-A09D-4E43-A58E-D82149B44468}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Identity Card - (.Packard Bell.) [HKLM][64Bits] -- Identity Card
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: Kobo - (.Kobo Inc..) [HKLM][64Bits] -- Kobo
O42 - Logiciel: Launch Manager - (.Packard Bell.) [HKLM][64Bits] -- LManager
O42 - Logiciel: Logiciel de base du périphérique HP Deskjet 3050 J610 series - (.Hewlett-Packard Co..) [HKLM][64Bits] -- {70F37BAB-4F01-4CE6-83D4-8DE1D3BF11CA}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.70.0.1100 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Maple 7 - (.Pas de propriétaire.) [HKLM][64Bits] -- {E5D4D448-01C2-11D5-96D9-0001023B4117}
O42 - Logiciel: MathType 6 - (.Design Science, Inc..) [HKLM][64Bits] -- DSMT6
O42 - Logiciel: Merriam Websters Spell Jam - (.Oberon Media.) [HKLM][64Bits] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM][64Bits] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM][64Bits] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM][64Bits] -- {0214A441-A4AB-43A8-8DEF-2F73C5364673}
O42 - Logiciel: Mozilla Firefox 19.0 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 19.0 (x86 fr)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Mozilla Thunderbird 17.0.3 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Thunderbird 17.0.3 (x86 fr)
O42 - Logiciel: Packard Bell InfoCentre - (.Packard Bell.) [HKLM][64Bits] -- Packard Bell InfoCentre
O42 - Logiciel: Packard Bell MyBackup - (.NewTech Infosystems.) [HKLM][64Bits] -- InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}
O42 - Logiciel: Packard Bell Power Management - (.Packard Bell.) [HKLM][64Bits] -- {3DB0448D-AD82-4923-B305-D001E521A964}
O42 - Logiciel: Packard Bell Recovery Management - (.Acer Incorporated.) [HKLM][64Bits] -- {7F811A54-5A09-4579-90E1-C93498E230D9}
O42 - Logiciel: Packard Bell Registration - (.Packard Bell.) [HKLM][64Bits] -- Packard Bell Registration
O42 - Logiciel: Packard Bell ScreenSaver - (.Packard Bell Incorporated.) [HKLM][64Bits] -- Packard Bell Screensaver
O42 - Logiciel: Packard Bell Updater - (.Packard Bell.) [HKLM][64Bits] -- {EE171732-BEB4-4576-887D-CB62727F01CA}
O42 - Logiciel: RealDownloader - (.RealNetworks, Inc..) [HKLM][64Bits] -- {AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM][64Bits] -- RealPlayer 16.0
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM][64Bits] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {96AE7E41-E34E-47D0-AC07-1091A8127911}
O42 - Logiciel: Savdm - (.Advernet.) [HKLM][64Bits] -- {29633E53-BF13-41B5-9E10-19D7843BD9C3}
O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM][64Bits] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skype™ 6.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: Sony Picture Utility - (.Sony Corporation.) [HKLM][64Bits] -- {D5068583-D569-468B-9755-5FBF5848F46F}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey
O42 - Logiciel: Welcome Center - (.Packard Bell.) [HKLM][64Bits] -- Packard Bell Welcome Center
O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: eDownloader - (.eDownloader.) [HKLM][64Bits] -- eDownloader 1.0.0
O42 - Logiciel: eDownloader - (.eDownloader.) [HKLM][64Bits] -- {8848B3CD-4464-414F-953C-966678634540}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\Acer]
[HKCU\Software\Adobe]
[HKCU\Software\Affinix]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\RealNetworks]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avast Software]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Compal]
[HKCU\Software\Cyberlink]
[HKCU\Software\DOWNLOADMANAGER]
[HKCU\Software\Design Science]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\Install Options]
[HKCU\Software\Kobo]
[HKCU\Software\Lake]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mindscape]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OEM]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\Skype]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Synaptics]
[HKCU\Software\TeleCharger]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\lnkguard]
[HKLM\Software\<company>]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Acer]
[HKLM\Software\Audible]
[HKLM\Software\Best Removal Tool]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Design Science]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\OemSetup]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Synaptics]
[HKLM\Software\V9Software]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node\ATI Technologies]
[HKLM\Software\Wow6432Node\ATI]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Acer Incorporated]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\Audible]
[HKLM\Software\Wow6432Node\CDDB]
[HKLM\Software\Wow6432Node\Caphyon]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Compal]
[HKLM\Software\Wow6432Node\CyberLink]
[HKLM\Software\Wow6432Node\Design Science]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Hewlett-Packard]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\Install Options]
[HKLM\Software\Wow6432Node\InstallShield]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Lake]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\Macrovision]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\Wow6432Node\Mindscape]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\NewTech Infosystems]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\OEM]
[HKLM\Software\Wow6432Node\Oberon Media]
[HKLM\Software\Wow6432Node\Packard Bell]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\RealNetworks]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Safer Networking Limited]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Software]
[HKLM\Software\Wow6432Node\Sonic]
[HKLM\Software\Wow6432Node\Sony Corporation]
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\V9Software]
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\Waterloo Maple]
[HKLM\Software\Wow6432Node\Xing Technology Corp.]
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\eDownloader]
[HKLM\Software\Wow6432Node\findSoftware]
[HKLM\Software\Wow6432Node\hdcode]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/01/2013 - 09:01:47 - [121,328] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 27/11/2012 - 15:52:03 - [76,848] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 16/02/2013 - 19:14:32 - [338,377] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 02/02/2013 - 08:03:27 - [0,006] ----D C:\Program Files (x86)\Desk 365
O43 - CFD: 22/01/2013 - 17:57:32 - [1,909] ----D C:\Program Files (x86)\Driver Detective
O43 - CFD: 05/01/2013 - 20:52:30 - [356,832] ----D C:\Program Files (x86)\Google
O43 - CFD: 02/12/2012 - 17:42:45 - [0] ----D C:\Program Files (x86)\GUM474C.tmp
O43 - CFD: 02/12/2012 - 17:43:57 - [0] ----D C:\Program Files (x86)\GUMBA68.tmp
O43 - CFD: 02/12/2012 - 17:45:09 - [0] ----D C:\Program Files (x86)\GUMD48D.tmp
O43 - CFD: 24/01/2013 - 09:22:41 - [2,839] ----D C:\Program Files (x86)\HP
O43 - CFD: 11/02/2013 - 07:50:56 - [62,589] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 28/08/2009 - 05:32:21 - [0,063] ----D C:\Program Files (x86)\Intel
O43 - CFD: 13/02/2013 - 17:02:03 - [4,934] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 17/12/2012 - 17:35:09 - [154,774] ----D C:\Program Files (x86)\Kobo
O43 - CFD: 28/08/2009 - 05:35:32 - [4,326] ----D C:\Program Files (x86)\Launch Manager
O43 - CFD: 22/02/2013 - 13:40:05 - [12,170] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 08/01/2013 - 09:47:13 - [87,481] ----D C:\Program Files (x86)\Maple 7
O43 - CFD: 29/12/2012 - 08:12:08 - [18,665] ----D C:\Program Files (x86)\MathType
O43 - CFD: 01/02/2013 - 16:53:13 - [1,078] ----D C:\Program Files (x86)\Microsoft
O43 - CFD: 01/02/2013 - 14:54:59 - [301,343] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 01/02/2013 - 16:53:06 - [1,487] ----D C:\Program Files (x86)\Microsoft Office Outlook Connector
O43 - CFD: 07/02/2013 - 14:47:34 - [36,641] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 01/02/2013 - 16:51:49 - [2,087] ----D C:\Program Files (x86)\Microsoft Sync Framework
O43 - CFD: 29/12/2012 - 08:47:47 - [138,959] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 01/02/2013 - 14:54:29 - [0,316] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 11/02/2013 - 07:51:03 - [82,223] ----D C:\Program Files (x86)\Mindscape
O43 - CFD: 21/02/2013 - 07:29:38 - [45,056] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 23/02/2013 - 07:19:12 - [0,212] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 22/02/2013 - 13:20:52 - [43,367] ----D C:\Program Files (x86)\Mozilla Thunderbird
O43 - CFD: 14/07/2009 - 06:32:38 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 30/11/2012 - 10:47:41 - [0] ----D C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 28/08/2009 - 05:57:23 - [26,575] ----D C:\Program Files (x86)\NewTech Infosystems
O43 - CFD: 27/11/2012 - 15:58:54 - [51,783] ----D C:\Program Files (x86)\Packard Bell
O43 - CFD: 29/01/2013 - 08:25:05 - [32,786] ----D C:\Program Files (x86)\Packard Bell GameZone
O43 - CFD: 01/02/2013 - 13:54:09 - [117,659] ----D C:\Program Files (x86)\Real
O43 - CFD: 20/12/2012 - 08:46:13 - [17,998] ----D C:\Program Files (x86)\RealNetworks
O43 - CFD: 28/08/2009 - 05:34:35 - [12,565] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 06:32:38 - [37,357] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 20/12/2012 - 08:43:30 - [1,868] ----D C:\Program Files (x86)\Savdm
O43 - CFD: 16/02/2013 - 19:14:32 - [46,355] R---D C:\Program Files (x86)\Skype
O43 - CFD: 20/12/2012 - 08:43:16 - [3,221] ----D C:\Program Files (x86)\Software Installer
O43 - CFD: 11/02/2013 - 07:51:40 - [0,051] ----D C:\Program Files (x86)\SoftwarePassport
O43 - CFD: 01/12/2012 - 11:00:05 - [134,822] ----D C:\Program Files (x86)\Sony
O43 - CFD: 08/01/2013 - 19:15:31 - [4,372] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 28/08/2009 - 05:34:54 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 05:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 02/02/2013 - 12:20:23 - [0] ----D C:\Program Files (x86)\Wikikou
O43 - CFD: 28/11/2012 - 00:42:25 - [0,500] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 02/02/2013 - 12:12:55 - [3,444] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 27/11/2012 - 16:06:10 - [0,234] ----D C:\Program Files (x86)\Windows Live SkyDrive
O43 - CFD: 01/02/2013 - 06:48:46 - [5,895] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 01/02/2013 - 06:48:46 - [4,791] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:38 - [11,632] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 01/02/2013 - 06:48:45 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 01/02/2013 - 06:48:46 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 01/02/2013 - 06:48:46 - [5,717] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 23/02/2013 - 08:26:24 - [15,136] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 02/02/2013 - 07:59:56 - [28,816] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 31/01/2013 - 09:02:03 - [18,519] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 28/08/2009 - 06:09:55 - [30,315] ----D C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 01/02/2013 - 14:54:58 - [0,082] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 11/02/2013 - 07:50:57 - [6,560] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 07/02/2013 - 15:37:53 - [183,571] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 29/11/2012 - 15:09:26 - [0] ----D C:\Program Files (x86)\Common Files\Nero
O43 - CFD: 28/08/2009 - 05:35:58 - [0,338] ----D C:\Program Files (x86)\Common Files\Oberon Media
O43 - CFD: 30/11/2012 - 10:39:17 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 16/02/2013 - 19:14:32 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 01/02/2013 - 16:53:06 - [27,841] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 01/02/2013 - 13:54:07 - [0,336] ----D C:\Program Files (x86)\Common Files\xing shared
O43 - CFD: 31/01/2013 - 09:05:05 - [145,737] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:08:56 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 27/11/2012 - 16:01:25 - [0,000] ----D C:\ProgramData\ATI
O43 - CFD: 29/11/2012 - 16:50:07 - [22,138] ----D C:\ProgramData\AVAST Software
O43 - CFD: 28/08/2009 - 05:57:35 - [0,028] ----D C:\ProgramData\BackupManager
O43 - CFD: 27/11/2012 - 15:57:47 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 08/01/2013 - 08:16:56 - [0,020] ----D C:\ProgramData\CyberLink
O43 - CFD: 14/07/2009 - 06:08:56 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:08:56 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 27/11/2012 - 15:57:47 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:08:56 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 02/12/2012 - 17:42:54 - [1,004] ----D C:\ProgramData\Google
O43 - CFD: 02/12/2012 - 10:51:08 - [0,000] ----D C:\ProgramData\Google Updater
O43 - CFD: 17/12/2012 - 15:45:51 - [0,044] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 24/01/2013 - 09:22:42 - [1,328] ----D C:\ProgramData\HP
O43 - CFD: 11/02/2013 - 07:51:44 - [0,000] ----D C:\ProgramData\InstallShield
O43 - CFD: 21/02/2013 - 14:05:59 - [5,796] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 27/11/2012 - 15:57:47 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 08/02/2013 - 08:51:21 - [346,205] -S--D C:\ProgramData\Microsoft
O43 - CFD: 29/12/2012 - 08:48:20 - [0,116] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 27/11/2012 - 15:57:47 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 29/11/2012 - 16:44:55 - [0,012] ----D C:\ProgramData\Mozilla
O43 - CFD: 29/11/2012 - 15:08:57 - [0,002] ----D C:\ProgramData\Nero
O43 - CFD: 29/11/2012 - 15:12:01 - [0,000] ----D C:\ProgramData\Norton
O43 - CFD: 28/08/2009 - 06:10:28 - [9,760] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 28/08/2009 - 06:14:29 - [0,002] ----D C:\ProgramData\OEM
O43 - CFD: 28/08/2009 - 05:59:08 - [0,296] ----D C:\ProgramData\Packard Bell
O43 - CFD: 01/02/2013 - 13:54:04 - [2,450] ----D C:\ProgramData\Real
O43 - CFD: 20/12/2012 - 08:46:08 - [3,298] ----D C:\ProgramData\RealNetworks
O43 - CFD: 16/02/2013 - 19:14:30 - [50,641] ----D C:\ProgramData\Skype
O43 - CFD: 01/12/2012 - 10:58:22 - [0,000] ----D C:\ProgramData\Sony Corporation
O43 - CFD: 08/01/2013 - 19:15:31 - [0,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:08:56 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 05/12/2012 - 16:48:23 - [0,000] ----D C:\ProgramData\Sun
O43 - CFD: 27/11/2012 - 16:12:10 - [0,051] ----D C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - 06:08:56 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 31/01/2013 - 09:04:14 - [1,535] ----D C:\Users\JC\AppData\Roaming\Adobe
O43 - CFD: 27/11/2012 - 16:01:25 - [0] ----D C:\Users\JC\AppData\Roaming\ATI
O43 - CFD: 07/01/2013 - 07:42:22 - [0,002] ----D C:\Users\JC\AppData\Roaming\CyberLink
O43 - CFD: 18/12/2012 - 16:13:07 - [0,134] ----D C:\Users\JC\AppData\Roaming\Design Science
O43 - CFD: 02/02/2013 - 08:03:07 - [15,150] ----D C:\Users\JC\AppData\Roaming\Desk 365
O43 - CFD: 29/11/2012 - 15:02:53 - [0,000] ----D C:\Users\JC\AppData\Roaming\Google
O43 - CFD: 27/11/2012 - 16:00:45 - [0] ----D C:\Users\JC\AppData\Roaming\Identities
O43 - CFD: 01/12/2012 - 10:50:40 - [0] ----D C:\Users\JC\AppData\Roaming\InstallShield
O43 - CFD: 27/11/2012 - 16:01:19 - [0,002] ----D C:\Users\JC\AppData\Roaming\Macromedia
O43 - CFD: 21/02/2013 - 14:06:04 - [0,012] ----D C:\Users\JC\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 08:44:38 - [0] ----D C:\Users\JC\AppData\Roaming\Media Center Programs
O43 - CFD: 13/02/2013 - 16:48:16 - [17,869] -S--D C:\Users\JC\AppData\Roaming\Microsoft
O43 - CFD: 02/12/2012 - 07:11:39 - [27,692] ----D C:\Users\JC\AppData\Roaming\Mozilla
O43 - CFD: 29/11/2012 - 15:04:32 - [0,000] ----D C:\Users\JC\AppData\Roaming\Nero
O43 - CFD: 29/11/2012 - 15:04:20 - [0,000] ----D C:\Users\JC\AppData\Roaming\Packard Bell
O43 - CFD: 01/02/2013 - 19:16:30 - [2,391] ----D C:\Users\JC\AppData\Roaming\Real
O43 - CFD: 20/12/2012 - 08:46:47 - [0,029] ----D C:\Users\JC\AppData\Roaming\RealNetworks
O43 - CFD: 23/02/2013 - 08:20:24 - [4,056] ----D C:\Users\JC\AppData\Roaming\Skype
O43 - CFD: 01/12/2012 - 11:11:49 - [0,610] ----D C:\Users\JC\AppData\Roaming\Sony Corporation
O43 - CFD: 29/11/2012 - 16:45:06 - [258,126] ----D C:\Users\JC\AppData\Roaming\Thunderbird
O43 - CFD: 01/02/2013 - 16:58:46 - [0] ----D C:\Users\JC\AppData\Roaming\Windows Live Writer
O43 - CFD: 31/01/2013 - 08:44:00 - [39,377] ----D C:\Users\JC\AppData\Local\Adobe
O43 - CFD: 27/11/2012 - 15:58:06 - [0] ----D C:\Users\JC\AppData\Local\Application Data
O43 - CFD: 02/12/2012 - 08:34:28 - [0] ----D C:\Users\JC\AppData\Local\Apps
O43 - CFD: 27/11/2012 - 16:01:25 - [0,058] ----D C:\Users\JC\AppData\Local\ATI
O43 - CFD: 02/12/2012 - 08:34:44 - [0] ----D C:\Users\JC\AppData\Local\Deployment
O43 - CFD: 15/02/2013 - 11:18:50 - [0,295] ----D C:\Users\JC\AppData\Local\Diagnostics
O43 - CFD: 21/02/2013 - 13:36:42 - [2,514] ----D C:\Users\JC\AppData\Local\Google
O43 - CFD: 27/11/2012 - 15:58:06 - [0] ----D C:\Users\JC\AppData\Local\Historique
O43 - CFD: 09/01/2013 - 14:02:17 - [0,061] ----D C:\Users\JC\AppData\Local\HP
O43 - CFD: 17/12/2012 - 17:35:20 - [0,081] ----D C:\Users\JC\AppData\Local\Kobo
O43 - CFD: 14/01/2013 - 16:12:58 - [0] ----D C:\Users\JC\AppData\Local\Macromedia
O43 - CFD: 08/02/2013 - 08:51:21 - [426,387] ----D C:\Users\JC\AppData\Local\Microsoft
O43 - CFD: 27/11/2012 - 16:15:04 - [0] ----D C:\Users\JC\AppData\Local\Microsoft Help
O43 - CFD: 02/12/2012 - 07:11:39 - [39,961] ----D C:\Users\JC\AppData\Local\Mozilla
O43 - CFD: 29/11/2012 - 15:04:19 - [0,018] ----D C:\Users\JC\AppData\Local\Packard Bell
O43 - CFD: 21/02/2013 - 14:05:30 - [0] ----D C:\Users\JC\AppData\Local\Programs
O43 - CFD: 20/12/2012 - 08:42:26 - [0,254] ----D C:\Users\JC\AppData\Local\savdm
O43 - CFD: 23/02/2013 - 08:23:37 - [67,121] ----D C:\Users\JC\AppData\Local\Temp
O43 - CFD: 27/11/2012 - 15:58:06 - [0] ----D C:\Users\JC\AppData\Local\Temporary Internet Files
O43 - CFD: 08/01/2013 - 19:07:07 - [3,007] ----D C:\Users\JC\AppData\Local\Thunderbird
O43 - CFD: 14/01/2013 - 16:12:08 - [0,197] ----D C:\Users\JC\AppData\Local\Updater21810
O43 - CFD: 11/02/2013 - 07:54:45 - [0,323] ----D C:\Users\JC\AppData\Local\VirtualStore
O43 - CFD: 02/12/2012 - 11:25:47 - [0] ----D C:\Users\JC\AppData\Local\Windows Live
O43 - CFD: 01/02/2013 - 16:58:48 - [0,621] ----D C:\Users\JC\AppData\Local\Windows Live Writer
O43 - CFD: 06/01/2013 - 19:20:58 - [0,000] ----D C:\Users\JC\AppData\Local\yesmessenger
O43 - CFD: 14/07/2009 - 05:54:32 - [0,014] R---D C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 01/02/2013 - 06:58:40 - [0,000] R---D C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14/07/2009 - 05:49:38 - [0,001] R---D C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 01/02/2013 - 06:58:40 - [0,004] R---D C:\Users\JC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 09s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F0AF3672BC3E7743F96FD38F35D89102] - 23/02/2013 - 07:24:16 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1927322]
O44 - LFC:[MD5.F1F6654D16C2AF15ADEA3B828ABBD343] - 23/02/2013 - 07:19:19 ---A- . (...) -- C:\Windows\setupact.log [2464]
O44 - LFC:[MD5.A3837DD993222D9C12CB40B02A057B25] - 23/02/2013 - 07:19:18 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.A270D6CAF3D6F7E92E0C02DAC5E905EE] - 21/02/2013 - 08:44:58 ---A- . (...) -- C:\AdwCleaner[S6].txt [6328]
O44 - LFC:[MD5.A68EAD5EBCB4E78FA0A8F0DF93B96EE8] - 21/02/2013 - 08:44:15 ---A- . (...) -- C:\AdwCleaner[R7].txt [9417]
O44 - LFC:[MD5.0276C453E671DCB57DEECAC662D08F75] - 19/02/2013 - 13:22:44 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.81CAD0000219F6C20EDA963A01E9495A] - 19/02/2013 - 13:22:44 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106388]
O44 - LFC:[MD5.6906CD90080F207D4BA6BA54CC8AE4F9] - 19/02/2013 - 13:22:44 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130754]
O44 - LFC:[MD5.522AF9A777329C6F27988E330CE6F691] - 19/02/2013 - 13:22:44 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [616008]
O44 - LFC:[MD5.0156834A9E772527ACCE588CCC14B0E1] - 19/02/2013 - 13:22:44 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704480]
O44 - LFC:[MD5.FAEBB39408C77037D6091C63BCF06CCE] - 13/02/2013 - 17:03:57 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [412424]
O44 - LFC:[MD5.7C40F82BBC3A40744BC4435B252C7075] - 13/02/2013 - 16:59:49 ---A- . (...) -- C:\Windows\win.ini [499]
O44 - LFC:[MD5.87E3F66C0EE5A4F7691EC2D6DA113022] - 11/02/2013 - 07:54:45 ---A- . (...) -- C:\Windows\Times New Roman [103]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/02/2013 - 11:08:41 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.11F0931436C939ACD7EBA7DBD6F07636] - 02/02/2013 - 08:58:45 ---A- . (...) -- C:\AdwCleaner[S5].txt [14330]
O44 - LFC:[MD5.1A7CE030C94DBE0E89F6D461CDACF38A] - 02/02/2013 - 08:57:20 ---A- . (...) -- C:\AdwCleaner[R6].txt [14141]
O44 - LFC:[MD5.E689DD3BF2746375600E17CAE6C2909C] - 02/02/2013 - 08:56:08 ---A- . (...) -- C:\AdwCleaner[R5].txt [14080]
O44 - LFC:[MD5.53B16BF12E0E516838778A0F2B18F075] - 02/02/2013 - 08:30:25 ---A- . (...) -- C:\AdwCleaner[S4].txt [11602]
O44 - LFC:[MD5.599B1F475192D0102107797D7AA857F8] - 02/02/2013 - 08:29:31 ---A- . (...) -- C:\AdwCleaner[R4].txt [11435]
O44 - LFC:[MD5.0D717E894A8668AAF336372712C9AE92] - 02/02/2013 - 08:28:56 ---A- . (...) -- C:\AdwCleaner[R3].txt [11374]
O44 - LFC:[MD5.9CC069B57C25704D40308AFBF0C9DEF6] - 02/02/2013 - 08:21:05 ---A- . (...) -- C:\AdwCleaner[S3].txt [22989]
O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 01/02/2013 - 14:56:58 ---A- . (...) -- C:\Windows\ODBC.INI [382]
O44 - LFC:[MD5.03E60BDFF835AB3232655C3CB01D17C6] - 25/01/2013 - 10:22:58 ---A- . (...) -- C:\AdwCleaner[S2].txt [49102]
O44 - LFC:[MD5.3E97857F4B121329D3E63022FD3C33C6] - 25/01/2013 - 10:22:15 ---A- . (...) -- C:\AdwCleaner[R2].txt [48964]
~ Scan Files in 00mn 27s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.10A383CF435697515B5AFF51E874DBAF] - 02/02/2013 - 09:02:57 ---A- - C:\Windows\Prefetch\AgCx_SC4.db
O45 - LFCP:[MD5.1959AD8B0487B2B16EE3A5D90153937A] - 17/02/2013 - 14:54:54 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.6C64E3464E75B1CABE3F4FC2F672BE12] - 20/02/2013 - 15:37:41 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.349671E9B4CC58246E9ADBEDB7E453E0] - 21/02/2013 - 13:31:57 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-359C61A4.pf
O45 - LFCP:[MD5.F3C30E9AF08BF7B6387ECA2841442F91] - 21/02/2013 - 15:04:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-63B92852.pf
O45 - LFCP:[MD5.C3111FA7F850362D584BCC980E731400] - 21/02/2013 - 21:07:51 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-BD8A4C8F.pf
O45 - LFCP:[MD5.12A03BFF1B6C1291A9A147651237F7B2] - 21/02/2013 - 21:08:01 ---A- - C:\Windows\Prefetch\EPOWEREVENT.EXE-FE56A707.pf
O45 - LFCP:[MD5.171DFD2D695B8B67AB30B968FC36E36C] - 21/02/2013 - 21:08:07 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf
O45 - LFCP:[MD5.BF4CEA4449AFA7362760E998295E1F26] - 21/02/2013 - 21:08:36 ---A- - C:\Windows\Prefetch\AVASTEMUPDATE.EXE-BE6307C0.pf
O45 - LFCP:[MD5.482E198B22EC5370856C4D4BABBC55DE] - 21/02/2013 - 22:49:49 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F7382B2A.pf
O45 - LFCP:[MD5.0C852E096CAC29DD5D2BE0A7466ADAA2] - 21/02/2013 - 22:49:49 ---A- - C:\Windows\Prefetch\SPUVOLUMEWATCHER.EXE-AA1FB02E.pf
O45 - LFCP:[MD5.C3E739253719037ADA6EEC782B11831A] - 21/02/2013 - 22:49:49 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-4ED41433.pf
O45 - LFCP:[MD5.682E4384C450D9576D2D5B5B150453EF] - 21/02/2013 - 22:49:49 ---A- - C:\Windows\Prefetch\UPDATER.EXE-A8C477C0.pf
O45 - LFCP:[MD5.97FA25943B191208DAE932137F11108E] - 21/02/2013 - 22:49:49 ---A- - C:\Windows\Prefetch\UPDATERSERVICE.EXE-EC463760.pf
O45 - LFCP:[MD5.D408EE3810EA72426AF302780E28556B] - 21/02/2013 - 23:46:48 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-661188F3.pf
O45 - LFCP:[MD5.28951BC3043A493B93431CE0A50D8AEA] - 21/02/2013 - 23:46:51 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-6E1A6101.pf
O45 - LFCP:[MD5.4858AB5ABE935F98C9AE39C0CE053E43] - 21/02/2013 - 23:48:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-549AD0B4.pf
O45 - LFCP:[MD5.54332D4F3E0D98588ACDECC29E60B83A] - 22/02/2013 - 07:50:28 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F6F1EDC3.pf
O45 - LFCP:[MD5.EF5C119C7B9A2FC3248A9C3D48C35912] - 22/02/2013 - 07:50:28 ---A- - C:\Windows\Prefetch\SKYPE.EXE-A716A034.pf
O45 - LFCP:[MD5.0FA9B06FEE9021383FB9B6A38CDDDDEF] - 22/02/2013 - 07:50:34 ---A- - C:\Windows\Prefetch\CLISTART.EXE-091A18CD.pf
O45 - LFCP:[MD5.3E9450C5001FD28F06F1ACF74A85ACAC] - 22/02/2013 - 07:50:39 ---A- - C:\Windows\Prefetch\LMANAGER.EXE-2C9803DF.pf
O45 - LFCP:[MD5.602B9E308C5F4468D77C2BE6CDE9B2A4] - 22/02/2013 - 07:50:39 ---A- - C:\Windows\Prefetch\SYNTPHELPER.EXE-C8D211B9.pf
O45 - LFCP:[MD5.543DECE6B05A4152F854E5F4CE446714] - 22/02/2013 - 07:50:40 ---A- - C:\Windows\Prefetch\AVASTUI.EXE-19622E35.pf
O45 - LFCP:[MD5.E68ED9DF1642734376B2312952AEC533] - 22/02/2013 - 07:50:40 ---A- - C:\Windows\Prefetch\BACKUPMANAGERTRAY.EXE-2344B646.pf
O45 - LFCP:[MD5.A5DBC8BC55CBFCC4FEE57DE031C22675] - 22/02/2013 - 07:55:31 ---A- - C:\Windows\Prefetch\MPAS-FE_BD.EXE-9B1F21DB.pf
O45 - LFCP:[MD5.0E90E32C45BE99B83A8F905B5CC52FDD] - 22/02/2013 - 07:55:35 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-A24681A4.pf
O45 - LFCP:[MD5.67DD84E9DC4E71A7EDDEED4FC1FBE3F2] - 22/02/2013 - 08:59:23 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-D9DCD0F3.pf
O45 - LFCP:[MD5.0BC56A2467F53277FCA2E67EF65A410E] - 22/02/2013 - 08:59:32 ---A- - C:\Windows\Prefetch\UNINS000.EXE-2ADD59EC.pf
O45 - LFCP:[MD5.93A6E1B7F3263BD7D08903BEFE1A91A7] - 22/02/2013 - 08:59:36 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-851C5C91.pf
O45 - LFCP:[MD5.A65340AD2D0DE4EFB918954B8AE28654] - 22/02/2013 - 08:59:37 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-BDBC7420.pf
O45 - LFCP:[MD5.1447991ADFA2963D258642A0801B1C8D] - 22/02/2013 - 09:01:18 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100(1).TMP-A32ADB1D.pf
O45 - LFCP:[MD5.43097DC47E64929CEF45FF0640075E58] - 22/02/2013 - 09:01:22 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100(1).EXE-2920BEF0.pf
O45 - LFCP:[MD5.305B716F9C0EFC0FB9C086D48A4B0FD4] - 22/02/2013 - 09:01:22 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100(1).TMP-EF5686E6.pf
O45 - LFCP:[MD5.BA94183D0B7BCFA924260E1EA7ABEC83] - 22/02/2013 - 09:02:50 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0D53616E.pf
O45 - LFCP:[MD5.88B48C0F971194CA1BDEF66CB609A9C4] - 22/02/2013 - 12:06:09 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-6FD72002.pf
O45 - LFCP:[MD5.8A8E6BD72B7E6BE9D7C0A8D42E41E761] - 22/02/2013 - 13:20:28 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-51CCB287.pf
O45 - LFCP:[MD5.8F5BCF69A867339BC0437CC57E4853B8] - 22/02/2013 - 13:20:30 ---A- - C:\Windows\Prefetch\UPDATER.EXE-D05695BA.pf
O45 - LFCP:[MD5.D5C8E7AF6FA45F6D85153EE8F50768E9] - 22/02/2013 - 13:20:33 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf
O45 - LFCP:[MD5.1CF441B44E3CA2CE6EE95633CD2F9D2C] - 22/02/2013 - 13:20:33 ---A- - C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf
O45 - LFCP:[MD5.377757389FD318A873C7910151611950] - 22/02/2013 - 13:20:53 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-9596E406.pf
O45 - LFCP:[MD5.7BD49CFA03CA12BC53BEB0B6D476A555] - 22/02/2013 - 13:20:53 ---A- - C:\Windows\Prefetch\UPDATER.EXE-60419403.pf
O45 - LFCP:[MD5.491DEE153ABB8B2AD520C03E4FDF6896] - 22/02/2013 - 13:20:54 ---A- - C:\Windows\Prefetch\HELPER.EXE-95FAC403.pf
O45 - LFCP:[MD5.3565B384747B1085FF826EBF1B72E769] - 22/02/2013 - 13:20:54 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_TMP.EXE-6A746806.pf
O45 - LFCP:[MD5.E9BE12E5679F312342353AB859432A41] - 22/02/2013 - 13:20:55 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-217D0E1A.pf
O45 - LFCP:[MD5.E403E38C7890886922BBE026E9E668D2] - 22/02/2013 - 13:39:50 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100.TMP-095AF8BE.pf
O45 - LFCP:[MD5.EF9C0A884FA1FC1A5340D21D4EFA9BF0] - 22/02/2013 - 13:39:54 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100.EXE-CBD23085.pf
O45 - LFCP:[MD5.81BEB13F93AE3FAFF4FF02AF06F8F942] - 22/02/2013 - 13:39:54 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100.TMP-95535EF6.pf
O45 - LFCP:[MD5.6C3D0BAF270AD2A983D043E8765459B3] - 22/02/2013 - 13:40:02 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-B31EC963.pf
O45 - LFCP:[MD5.DD1AFE42C97FC36D971F5EDFA5E249BC] - 22/02/2013 - 13:40:04 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-03D3FB87.pf
O45 - LFCP:[MD5.0F02AB2393B050F3D5EE84617A267AD8] - 22/02/2013 - 13:40:57 ---A- - C:\Windows\Prefetch\MBAM.EXE-493D9B94.pf
O45 - LFCP:[MD5.0124354E3CCF2B4BC02322ACCA1D1C0F] - 22/02/2013 - 13:50:04 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B6001A63.pf
O45 - LFCP:[MD5.7E82000795E99AF421FBA49DC58C4D8E] - 22/02/2013 - 14:25:38 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-B2A8626D.pf
O45 - LFCP:[MD5.5BDEF7FC5CEDF86C6D268D6E45D20A6D] - 22/02/2013 - 14:33:32 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-28E13EB9.pf
O45 - LFCP:[MD5.FE0B32BD1FE2E8D62A0ED5AB42D6F062] - 22/02/2013 - 15:07:36 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-8F477773.pf
O45 - LFCP:[MD5.6CDCB4469EB3603E26E90059899000D8] - 22/02/2013 - 15:08:14 ---A- - C:\Windows\Prefetch\SNDVOL.EXE-425BC49B.pf
O45 - LFCP:[MD5.7AA5B5B552D004EF195CEA83040E49F1] - 22/02/2013 - 15:08:19 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-F9223367.pf
O45 - LFCP:[MD5.6A3C670D19854EDD1926B912A798357D] - 22/02/2013 - 15:50:53 ---A- - C:\Windows\Prefetch\EHSCHED.EXE-467C570D.pf
O45 - LFCP:[MD5.913A3F63F6354A1A502B9884F5ADA21A] - 22/02/2013 - 15:50:54 ---A- - C:\Windows\Prefetch\EHMSAS.EXE-EE8C853E.pf
O45 - LFCP:[MD5.E8F9CB0E87F452140A2CDE8DA3E8166B] - 22/02/2013 - 15:50:54 ---A- - C:\Windows\Prefetch\EHTRAY.EXE-C0111622.pf
O45 - LFCP:[MD5.F9469957D88582E15F3A2AF4EBBC1742] - 22/02/2013 - 15:51:27 ---A- - C:\Windows\Prefetch\MCGLIDHOST.EXE-D116A317.pf
O45 - LFCP:[MD5.3856808814015F72B3B5C1CE9F04A1A8] - 22/02/2013 - 15:51:30 ---A- - C:\Windows\Prefetch\EHRECVR.EXE-62A89F4C.pf
O45 - LFCP:[MD5.81D3B133227B6257C076663979846808] - 22/02/2013 - 15:51:32 ---A- - C:\Windows\Prefetch\DW20.EXE-128E8FBA.pf
O45 - LFCP:[MD5.A45A99F62A2E251CC6B3D20974F07E40] - 22/02/2013 - 15:51:39 ---A- - C:\Windows\Prefetch\EHREC.EXE-979B7E74.pf
O45 - LFCP:[MD5.06FE906A00B2CF9F79363FF7416DEDC1] - 22/02/2013 - 18:56:47 ---A- - C:\Windows\Prefetch\SPUANNOUNCE.EXE-D97F709B.pf
O45 - LFCP:[MD5.8F059F9DD60904B53BB38918AF2FDF9A] - 22/02/2013 - 18:56:51 ---A- - C:\Windows\Prefetch\SPUBROWSER.EXE-D4FDF1A4.pf
O45 - LFCP:[MD5.7337E1F37F0A0F3485CD0060C48F0A6E] - 22/02/2013 - 18:57:33 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-3C4E5BEC.pf
O45 - LFCP:[MD5.D145023BFDD4500BE71B3D56DF7CF711] - 22/02/2013 - 18:58:36 ---A- - C:\Windows\Prefetch\INSTANCEFINDERDLG.EXE-C129E212.pf
O45 - LFCP:[MD5.932D42AC2AC65B617DC28767CBE15C5C] - 22/02/2013 - 18:58:37 ---A- - C:\Windows\Prefetch\EXTRAC32.EXE-3E65BF05.pf
O45 - LFCP:[MD5.655921E519745877CDE26B3067AA03F8] - 22/02/2013 - 18:58:46 ---A- - C:\Windows\Prefetch\HP DESKJET 3050 J610 SERIES.E-6E633154.pf
O45 - LFCP:[MD5.02E06793E8AFE2B2CE2E84F8ECFDF2C4] - 22/02/2013 - 18:58:46 ---A- - C:\Windows\Prefetch\MSHTA.EXE-392EB492.pf
O45 - LFCP:[MD5.61E8D6994EF233C434A62F73E695C550] - 22/02/2013 - 18:58:47 ---A- - C:\Windows\Prefetch\CMD.EXE-8138604F.pf
O45 - LFCP:[MD5.CF76230AA79F6F6F362F563B43031820] - 22/02/2013 - 19:31:00 ---A- - C:\Windows\Prefetch\SC.EXE-6C4D4413.pf
O45 - LFCP:[MD5.3125E52B8F6F965450C470424734AD67] - 22/02/2013 - 19:31:04 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.7CD9A8BF2A533F7A2BFC9C7AE025C0E4] - 22/02/2013 - 19:31:12 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-3D9E8D72.pf
O45 - LFCP:[MD5.8C92D90ECC105536076D09DA24BE3B96] - 22/02/2013 - 19:31:14 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-67EC2DA7.pf
O45 - LFCP:[MD5.BEE833EC909CDAE875672F044599A430] - 22/02/2013 - 19:46:24 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4056774841-4084000601-2717787810-1000.db
O45 - LFCP:[MD5.D26565B70BE885EA70C79F65EDA4CE16] - 22/02/2013 - 19:46:24 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4056774841-4084000601-2717787810-1000.db
O45 - LFCP:[MD5.9E3AF6C285A67A36DF2ED3CDAA4F5D51] - 22/02/2013 - 19:49:44 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-46C8A002.pf
O45 - LFCP:[MD5.BEE8844213588384ED0FF840A3FE360B] - 22/02/2013 - 19:49:53 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-8FFB1633.pf
O45 - LFCP:[MD5.3B3D520DCB50C79A61034D7B1BA47BD0] - 22/02/2013 - 21:20:02 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-F639BD7E.pf
O45 - LFCP:[MD5.41BB372546CCBA871FD0682F1CEAC8B1] - 22/02/2013 - 21:20:07 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.5831BA2EDB612FA2AF0F809F8F90141C] - 22/02/2013 - 21:20:07 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.2F763EB0B1298FCCF20DA8F0B9E71988] - 22/02/2013 - 21:20:15 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf
O45 - LFCP:[MD5.84048A6EFC6A6D9BD25C3D60E47F7748] - 22/02/2013 - 21:20:47 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.C1184DD30BA13FEC1AA4BE7D698F1AB2] - 23/02/2013 - 07:20:34 ---A- - C:\Windows\Prefetch\EPOWERTRAY.EXE-856809ED.pf
O45 - LFCP:[MD5.49A6EAAC175020BF0691E0B2F23AB4CD] - 23/02/2013 - 07:20:34 ---A- - C:\Windows\Prefetch\MBAMGUI.EXE-DE4DD695.pf
O45 - LFCP:[MD5.666E103A3BD44C146C9BE831BFCCB2A4] - 23/02/2013 - 07:20:34 ---A- - C:\Windows\Prefetch\RAVCPL64.EXE-4BB80510.pf
O45 - LFCP:[MD5.79FD6AF57D36A18A258347E962C4F8B3] - 23/02/2013 - 07:20:34 ---A- - C:\Windows\Prefetch\READER_SL.EXE-FA6634D0.pf
O45 - LFCP:[MD5.896F77C8EF4EFB70A91D15C0F5142953] - 23/02/2013 - 07:20:34 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-FB4EF753.pf
O45 - LFCP:[MD5.092742893140315FA771C91F7D743934] - 23/02/2013 - 07:20:34 ---A- - C:\Windows\Prefetch\SYNTPENH.EXE-8A564A20.pf
O45 - LFCP:[MD5.CD6B3C2AB4D03718477673163FC0A2B3] - 23/02/2013 - 07:20:38 ---A- - C:\Windows\Prefetch\MOM.EXE-F911D5BC.pf
O45 - LFCP:[MD5.1D9432DA78BAE3C7DCAE12668EEF2F04] - 23/02/2013 - 07:20:56 ---A- - C:\Windows\Prefetch\AVAST.SETUP-0144B743.pf
O45 - LFCP:[MD5.456E2F7D49069EB3E704A2D1D02B56F1] - 23/02/2013 - 07:21:00 ---A- - C:\Windows\Prefetch\CCC.EXE-6C5FA59C.pf
O45 - LFCP:[MD5.CD5D343DF00CA5EEFA3B99B5112AF231] - 23/02/2013 - 07:21:11 ---A- - C:\Windows\Prefetch\SAVDMTASK.EXE-F083EAC3.pf
O45 - LFCP:[MD5.F4A41FDF85EFD882571822C2B22DBFE3] - 23/02/2013 - 07:22:10 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf
O45 - LFCP:[MD5.E818AE8778FD9C97F6490218F82BB9B4] - 23/02/2013 - 07:22:11 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-16B291C4.pf
O45 - LFCP:[MD5.C8001BBB03ADF4019FA2971091029FDE] - 23/02/2013 - 07:22:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F31BDE28.pf
O45 - LFCP:[MD5.A5D5597B6B561DDCE2999E73859DA9A6] - 23/02/2013 - 07:22:25 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-4048402C.pf
O45 - LFCP:[MD5.AC34D90BF3880B96854E4A8A872D97EA] - 23/02/2013 - 07:23:16 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
O45 - LFCP:[MD5.D607EFAA1EDB5885D1A475EFBCCB13EE] - 23/02/2013 - 07:23:28 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf
O45 - LFCP:[MD5.EDABFE54824109C7A899F3D499265853] - 23/02/2013 - 07:23:50 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf
O45 - LFCP:[MD5.32E4ADE1E473AFD92834154D63E8C754] - 23/02/2013 - 07:27:54 ---A- - C:\Windows\Prefetch\GOOGLEUPDATEONDEMAND.EXE-F7209BE6.pf
O45 - LFCP:[MD5.F3B51B17BB522AF6B0608313AF2F1E35] - 23/02/2013 - 07:27:55 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARMANAGER_94DDE1ED-2089C148.pf
O45 - LFCP:[MD5.56EED69BDD8647846CB7BC6A116D2584] - 23/02/2013 - 07:28:04 ---A- - C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-A6285BB5.pf
O45 - LFCP:[MD5.20BE3C4B600F137491CBF0955175EFC4] - 23/02/2013 - 07:28:05 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf
O45 - LFCP:[MD5.7C679FD6634B1C923CD4CB41795D79AA] - 23/02/2013 - 07:32:25 ---A- - C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf
O45 - LFCP:[MD5.87507487C461DC020E3BC03601A041FC] - 23/02/2013 - 07:32:34 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D2A040D5.pf
O45 - LFCP:[MD5.5DEF047CA82270C9410A576A30C0A2D0] - 23/02/2013 - 07:34:49 ---A- - C:\Windows\Prefetch\CSC.EXE-F8803EEA.pf
O45 - LFCP:[MD5.B72C3326D162670178364C179B0540DD] - 23/02/2013 - 07:34:49 ---A- - C:\Windows\Prefetch\CVTRES.EXE-CB8485B0.pf
O45 - LFCP:[MD5.29E98B6EF38C99BD92D6B9DF720B91BA] - 23/02/2013 - 07:57:01 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf
O45 - LFCP:[MD5.C3411950B85215F6CC44B3F1BCE5CF71] - 23/02/2013 - 07:57:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-35FA9C06.pf
O45 - LFCP:[MD5.468D26A5F0FC7754130A894BB1F3D047] - 23/02/2013 - 08:00:35 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.637DF34D7DE2F5208BCCD5BCE7A58FA3] - 23/02/2013 - 08:00:35 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.B1F22FA85C5549515C41490DBFCE39EE] - 23/02/2013 - 08:00:35 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.5264CED2729C5AD08C7568D131D41545] - 23/02/2013 - 08:00:35 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.4BD67B1524A94D1C2E3E3D30BB63098D] - 23/02/2013 - 08:16:52 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf
O45 - LFCP:[MD5.AE6D29F1F8CF7856C33F31B3245B379F] - 23/02/2013 - 08:18:00 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf
O45 - LFCP:[MD5.F985737912EAF394D37578A67B064114] - 23/02/2013 - 08:18:01 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf
O45 - LFCP:[MD5.FA36324F7F67A6EAA91C082ECBFB5A61] - 23/02/2013 - 08:18:01 ---A- - C:\Windows\Prefetch\RECORDINGMANAGER.EXE-238ED026.pf
O45 - LFCP:[MD5.01C7687ECBF428C65C4CE89EE8249C83] - 23/02/2013 - 08:18:53 ---A- - C:\Windows\Prefetch\THUNDERBIRD.EXE-69F6F4B4.pf
O45 - LFCP:[MD5.EDBDE3B89307AB9704F36777605EE992] - 23/02/2013 - 08:19:55 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-A20D8364.pf
O45 - LFCP:[MD5.46D89AA6F5E8983E8D34B7B0C665357F] - 23/02/2013 - 08:19:58 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-82707D6A.pf
O45 - LFCP:[MD5.435FECF603613648DB4B79677ACB7BDB] - 23/02/2013 - 08:19:59 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-E09E26CD.pf
O45 - LFCP:[MD5.ED4A062A62E93255E004028038FD45D9] - 23/02/2013 - 08:23:34 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf
O45 - LFCP:[MD5.08E0CF712F9104398A43E37D5AC9D8A9] - 23/02/2013 - 08:23:37 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
O45 - LFCP:[MD5.A2D00FF1C6E4F30D33F51CF0D156C157] - 23/02/2013 - 08:23:38 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf
O45 - LFCP:[MD5.3A919EF7CEB4FF091BC17924E43814AD] - 23/02/2013 - 08:24:19 ---A- - C:\Windows\Prefetch\CONSENT.EXE-40419367.pf
O45 - LFCP:[MD5.94603114BC70BF3BD47E0623643081C9] - 23/02/2013 - 08:24:30 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-C2B15C05.pf
O45 - LFCP:[MD5.E8664766611A53A037B10BEF93A9890A] - 23/02/2013 - 08:24:31 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-A0F5E092.pf
O45 - LFCP:[MD5.F9632CC5951D0B1876CCD0FC5694D922] - 23/02/2013 - 08:24:57 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-257D8644.pf
O45 - LFCP:[MD5.2E27A5688732EE6C0F07956452AB750C] - 23/02/2013 - 08:25:02 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf
O45 - LFCP:[MD5.27130D31C97F34C36326C7F5DDE7EE71] - 23/02/2013 - 08:25:08 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-6A1D0894.pf
O45 - LFCP:[MD5.34EBA2D78E0A17E2689A398930B1C57A] - 23/02/2013 - 08:25:28 ---A- - C:\Windows\Prefetch\REALPLAY.EXE-7803716D.pf
O45 - LFCP:[MD5.D118CBE7CE3EF0E10FCF2C790950AD10] - 23/02/2013 - 08:26:00 ---A- - C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf
O45 - LFCP:[MD5.B217D1C3843A4076FE372399FE5A406C] - 23/02/2013 - 08:26:01 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-FCD9ABA9.pf
O45 - LFCP:[MD5.82F6DA355938EEB4CBD5D5E3CA9E0C70] - 23/02/2013 - 08:26:01 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-39F97B2D.pf
O45 - LFCP:[MD5.642235519723909AFC2E6B5B06DE80BC] - 23/02/2013 - 08:26:02 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-96070FE0.pf
O45 - LFCP:[MD5.40E317ED28D49DF5DDB8A9A9057FF7BB] - 23/02/2013 - 08:26:23 ---A- - C:\Windows\Prefetch\PV.EXE-0748338F.pf
O45 - LFCP:[MD5.A32E6CE3EDF7FB3DDDC906A0666665BA] - 23/02/2013 - 08:26:28 ---A- - C:\Windows\Prefetch\CMD.EXE-6D6290C5.pf
O45 - LFCP:[MD5.EA52A83B896CDCFB81899B161D1C9D64] - 23/02/2013 - 08:26:28 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-3DCC0576.pf
O45 - LFCP:[MD5.4A61887575D9A200D3182DED779C87DB] - 23/02/2013 - 08:26:41 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-DC1676CD.pf
~ Scan Prefetcher in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{6ef9d125-38a1-11e2-99b8-806e6f6e6963}\AutoRun\command. (...) -- D:\Eautorun.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53) (None)

---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.D5BCB77BE83CF99F508943945D46343D] - 26/03/2009 - 04:16:08 ---A- . (.Dritek System Inc. - Dritek 64-bit PS/2 Keyboard Filter Driver.) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys [25608]
~ Scan Drivers in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC:Last File Created 01/10/2747 - 03:50:44 ---A- C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1\background.html [39]
O61 - LFC:Last File Created 01/10/2747 - 03:50:44 ---A- C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1\manifest.json [487]
O61 - LFC:Last File Created 01/10/2747 - 03:50:44 ---A- C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1\popup.html [58]
O61 - LFC:Last File Created 01/10/2747 - 03:50:44 ---A- C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1\popup.js [226]
O61 - LFC:Last File Created 20/02/2013 - 15:38:55 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\4\A6\50600d01 [31102]
O61 - LFC:Last File Created 21/02/2013 - 07:29:14 ---A- C:\Users\JC\Downloads\Firefox Setup 19.0.exe [20722920]
O61 - LFC:Last File Created 21/02/2013 - 08:36:57 ---A- C:\Users\JC\Downloads\adwcleaner-2-009-en-win-setup.exe [1213984]
O61 - LFC:Last File Created 21/02/2013 - 08:37:51 ---A- C:\Users\JC\Downloads\adwcleaner-2-009-en-win.exe [480125]
O61 - LFC:Last File Created 21/02/2013 - 08:44:44 ---A- C:\Users\JC\AppData\Local\Temp\WER4CB8.tmp.resp.erc.xml [0]
O61 - LFC:Last File Created 21/02/2013 - 08:44:58 ---A- C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Preferences [30898]
O61 - LFC:Last File Created 21/02/2013 - 09:08:41 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\keyval.db [40960]
O61 - LFC:Last File Created 21/02/2013 - 09:08:41 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\keyval.db-journal [33344]
O61 - LFC:Last File Created 21/02/2013 - 10:19:43 ---A- C:\Users\JC\Downloads\adwcleaner0.exe [587671]
O61 - LFC:Last File Created 21/02/2013 - 13:36:42 ---A- C:\Users\JC\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337]
O61 - LFC:Last File Created 21/02/2013 - 13:36:42 ---A- C:\Users\JC\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505]
O61 - LFC:Last File Created 21/02/2013 - 15:03:05 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBAM-log-2013-02-21 (15-02-59).txt [3170]
O61 - LFC:Last File Created 21/02/2013 - 15:03:33 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBAM-log-2013-02-21 (15-03-26).txt [3170]
O61 - LFC:Last File Created 21/02/2013 - 21:08:06 ---A- C:\Users\JC\AppData\Roaming\Real\RealPlayer\RealPlayer\ErrorLogs\log1.dmp [30827]
O61 - LFC:Last File Created 21/02/2013 - 21:10:34 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\5\57\72F00d01 [31102]
O61 - LFC:Last File Created 22/02/2013 - 11:02:06 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\2\A0\FD924d01 [63519]
O61 - LFC:Last File Created 22/02/2013 - 11:13:45 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\abook.mab [40107]
O61 - LFC:Last File Created 22/02/2013 - 11:22:19 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\directoryTree.json [34]
O61 - LFC:Last File Created 22/02/2013 - 11:23:17 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\history.mab [18368]
O61 - LFC:Last File Created 22/02/2013 - 13:20:54 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Crash Reports\InstallTime20130215132702 [10]
O61 - LFC:Last File Created 22/02/2013 - 13:20:58 ---A- C:\Users\JC\AppData\Local\Thunderbird\Mozilla Thunderbird\active-update.xml [57]
O61 - LFC:Last File Created 22/02/2013 - 13:20:58 ---A- C:\Users\JC\AppData\Local\Thunderbird\Mozilla Thunderbird\updates.xml [3066]
O61 - LFC:Last File Created 22/02/2013 - 13:20:58 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\extensions.sqlite [458752]
O61 - LFC:Last File Created 22/02/2013 - 13:28:09 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\addons.sqlite [524288]
O61 - LFC:Last File Created 22/02/2013 - 14:25:37 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0728018542.data [750]
O61 - LFC:Last File Created 22/02/2013 - 14:25:37 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\7290036049.data [811]
O61 - LFC:Last File Created 22/02/2013 - 14:25:38 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0728018542.quar [354]
O61 - LFC:Last File Created 22/02/2013 - 14:25:38 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3349941729.data [1085]
O61 - LFC:Last File Created 22/02/2013 - 14:26:24 ---A- C:\Users\JC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2013-02-22 (13-42-34).txt [3282]
O61 - LFC:Last File Created 22/02/2013 - 15:07:31 -SHA- C:\Users\JC\AppData\Local\Temp\acrord32_sbx\Cookies\index.dat [16384]
O61 - LFC:Last File Created 22/02/2013 - 15:07:31 -SHA- C:\Users\JC\AppData\Local\Temp\acrord32_sbx\Fichiers Internet temporaires\Content.IE5\index.dat [32768]
O61 - LFC:Last File Created 22/02/2013 - 15:07:31 -SHA- C:\Users\JC\AppData\Local\Temp\acrord32_sbx\History\History.IE5\index.dat [16384]
O61 - LFC:Last File Created 22/02/2013 - 15:10:57 ---A- C:\Users\JC\AppData\Roaming\Adobe\Acrobat\11.0\JSCache\GlobSettings [24]
O61 - LFC:Last File Created 22/02/2013 - 15:25:23 ---A- C:\Users\JC\AppData\Roaming\Adobe\Acrobat\11.0\TMDocs.sav [36]
O61 - LFC:Last File Created 22/02/2013 - 15:25:23 ---A- C:\Users\JC\AppData\Roaming\Adobe\Acrobat\11.0\TMGrpPrm.sav [54]
O61 - LFC:Last File Created 22/02/2013 - 15:38:02 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\startupCache\startupCache.4.little [1228958]
O61 - LFC:Last File Created 22/02/2013 - 21:20:38 --HA- C:\Users\JC\AppData\Local\IconCache.db [2126476]
O61 - LFC:Last File Created 22/02/2013 - 21:20:39 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\httpfe\cookies.dat [2]
O61 - LFC:Last File Created 23/02/2013 - 07:20:23 ---A- C:\Users\JC\AppData\Local\savdm\config.dat [802]
O61 - LFC:Last File Created 23/02/2013 - 07:20:25 ---A- C:\Users\JC\AppData\Roaming\Skype\shared_dynco\dc.db [1806336]
O61 - LFC:Last File Created 23/02/2013 - 07:20:25 ---A- C:\Users\JC\AppData\Roaming\Skype\shared_dynco\dc.db-journal [1129112]
O61 - LFC:Last File Created 23/02/2013 - 07:20:29 ---A- C:\Users\JC\AppData\Roaming\Skype\DbTemp\temp-aVQ23EyDs74zCNBalBeBPoEU [20480]
O61 - LFC:Last File Created 23/02/2013 - 07:20:33 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\eas.db [49152]
O61 - LFC:Last File Created 23/02/2013 - 07:20:33 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\eas.db-journal [37448]
O61 - LFC:Last File Created 23/02/2013 - 07:20:36 ---A- C:\Users\JC\AppData\Local\savdm\domains.dat [265810]
O61 - LFC:Last File Created 23/02/2013 - 07:20:38 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\main.db [356352]
O61 - LFC:Last File Created 23/02/2013 - 07:20:38 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\main.db-journal [45656]
O61 - LFC:Last File Created 23/02/2013 - 07:20:51 ---A- C:\Users\JC\AppData\Local\ATI\ACE\Manifest.Bin [27796]
O61 - LFC:Last File Created 23/02/2013 - 07:20:51 ---A- C:\Users\JC\AppData\Local\ATI\ACE\Manifest.xml [20186]
O61 - LFC:Last File Created 23/02/2013 - 07:21:06 ---A- C:\Users\JC\AppData\Roaming\Skype\DbTemp\temp-DLrlohzriXDeGGCxupEraVdv [8720]
O61 - LFC:Last File Created 23/02/2013 - 07:25:30 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\bistats.db [81920]
O61 - LFC:Last File Created 23/02/2013 - 07:25:30 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\bistats.db-journal [37448]
O61 - LFC:Last File Created 23/02/2013 - 07:26:16 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\1\3A\F3014d01 [31102]
O61 - LFC:Last File Created 23/02/2013 - 07:26:16 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\blocklist.xml [31102]
O61 - LFC:Last File Created 23/02/2013 - 07:27:00 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\Mail\pop.orange.fr\Inbox [92966724]
O61 - LFC:Last File Created 23/02/2013 - 07:27:00 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\Mail\pop.orange.fr\Trash [6164631]
O61 - LFC:Last File Created 23/02/2013 - 07:27:15 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\Mail\pop.orange.fr\Trash.msf [35447]
O61 - LFC:Last File Created 23/02/2013 - 07:27:15 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\permissions.sqlite [65536]
O61 - LFC:Last File Created 23/02/2013 - 07:45:17 ---A- C:\Users\JC\AppData\Local\Google\Toolbar DNS data\data [115]
O61 - LFC:Last File Created 23/02/2013 - 07:45:31 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\3\E4\8BAB6d01 [63519]
O61 - LFC:Last File Created 23/02/2013 - 07:46:29 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\global-messages-db.sqlite [2228224]
O61 - LFC:Last File Created 23/02/2013 - 08:10:38 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\_CACHE_001_ [115444]
O61 - LFC:Last File Created 23/02/2013 - 08:10:38 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\_CACHE_002_ [701787]
O61 - LFC:Last File Created 23/02/2013 - 08:18:43 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\parent.lock [0]
O61 - LFC:Last File Created 23/02/2013 - 08:18:45 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\Mail\pop.orange.fr\popstate.dat [541]
O61 - LFC:Last File Created 23/02/2013 - 08:20:24 ---A- C:\Users\JC\AppData\Roaming\Skype\shared.xml [67783]
O61 - LFC:Last File Created 23/02/2013 - 08:20:24 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\config.xml [7322]
O61 - LFC:Last File Created 23/02/2013 - 08:23:37 ---A- C:\Users\JC\AppData\Local\Google\Toolbar\broker_metrics.xml [23908]
O61 - LFC:Last File Created 23/02/2013 - 08:23:38 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\folderTree.json [219]
O61 - LFC:Last File Created 23/02/2013 - 08:23:38 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\session.json [702]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\_CACHE_003_ [350346]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\Cache\_CACHE_MAP_ [16660]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Local\Thunderbird\Profiles\nmy04j9m.default\_CACHE_CLEAN_ [1]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Skype\volrelatif13\dc.db [81920]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\Mail\pop.orange.fr\Inbox.msf [35874]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\cert8.db [65536]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\key3.db [16384]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\localstore.rdf [21420]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\panacea.dat [3873]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\prefs.js [9901]
O61 - LFC:Last File Created 23/02/2013 - 08:23:39 ---A- C:\Users\JC\AppData\Roaming\Thunderbird\Profiles\nmy04j9m.default\virtualFolders.dat [10]
O61 - LFC:Last File Created 23/02/2013 - 08:25:43 ---A- C:\Users\JC\AppData\Local\ATI\ACE\Profiles.xml [12896]
~ Scan Files in 00mn 53s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.3.5 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 28/12/2011 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 30/10/2012 - C:\Windows\System32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - 30/10/2012 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 15/10/2012 - C:\Windows\system32\Drivers\aswrdr2.sys (aswRdr) .(.AVAST Software - avast! WFP Redirect Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - 30/10/2012 - C:\Windows\System32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - 30/10/2012 - C:\Windows\System32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - 30/10/2012 - C:\Windows\System32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\cng.sys (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dxgkrnl.sys (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - 14/12/2012 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\nwifi.sys (NativeWifiP) .(.Microsoft Corporation - Pilote de miniport WiFi natif.) - LEGACY_NATIVEWIFIP
O64 - Services: CurCS - 22/08/2012 - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR
O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6
O64 - Services: CurCS - 29/04/2009 - C:\Windows\System32\DRIVERS\XAudio64.sys (XAudio) .(.Conexant Systems, Inc. - Modem Audio Device Driver.) - LEGACY_XAUDIO
~ Scan Services in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.22find.com
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.22find.com
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossrider.bic", "13c399eadaca252d837c39168080d628");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1361432877);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.active", true);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.addressbar", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.backgroundver", 32);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.changeprevious", false);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1361432877");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1361432877");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Thu Feb 21 2013 13:36:57 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B%5C%22CH%5C%22%3D%3DappA[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Thu Feb 21 2013 13:36:57 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Feb 28 2013 08:48:41 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22FR%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1361449915");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221361395626%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221361395762%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%2214019%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.value", "1361433165387");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221171%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22147016%22");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1361432921129");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're [...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.domain", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.enablesearch", false);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.fbremoteurl", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.group", 0);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.homepage", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.iframe", false);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "48");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Thu Feb 21 2013 14:47:59 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.manifesturl", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.newtab", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.opensearch", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 33);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=tr[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 2);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 1);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.name", "appApiValidation");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 1);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21810/plugins/088/ff/plu[...]
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.pluginsversion", 42);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.searchstatus", 0);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.setnewtab", false);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.settingsurl", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.thankyou", "");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.updateinterval", 360);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.ver", 48);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.apps", "21810");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.bic", "13c399eadaca252d837c39168080d628");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.cid", 21810);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.firstrun", false);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.hadappinstalled", true);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.installationdate", 1361432877);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.lastcheck", 22690548);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.lastcheckitem", 22690832);
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.modetype", "production");
O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.reportInstall", true);
O69 - SBI: SearchScopes [HKCU] {17CB86F4-7F58-460A-AEF0-26CFCC5F5DCB} [DefaultScope] - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {3AB04E1D-F14E-4E7F-B378-CC16974C3A6C} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Scan Keys in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [853504]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [2428952]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [70656]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [100864]
~ Scan Services in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.62B7C506B092D460898F3296DA94B728] [SPRF][18/07/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe [36136]
[MD5.85A7153A6D79C8DA99087134225CE064] [SPRF][17/01/2013] (.SoftStud - SoftStud.) -- C:\Users\JC\AppData\Local\Temp\22find_mlv.exe [622696]
[MD5.5116DB8B204EB3B2FBDDA6B095E50B1E] [SPRF][02/02/2013] (...) -- C:\Users\JC\AppData\Local\Temp\HomePage22find.exe [744837]
[MD5.7EC6C8E88BECD3C40AE35AAD1DF6EB0A] [SPRF][15/01/2013] (.RealNetworks, Inc. - RealDownloader Application.) -- C:\Users\JC\AppData\Local\Temp\stubhelper.dll [90624]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.68CDC33D31F1952C80A915677D7B7796] [SPRF][09/08/2004] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [327680]
~ Scan Files in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "{930137F1-19B6-451E-84AF-552D62B4EF03}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O87 - FAEL: "TCP Query User{24ECE8B7-F672-45A3-AB25-E4ECDEA0D519}C:\program files (x86)\real\realplayer\realplay.exe" | In - Public - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files (x86)\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{818ADCE4-8E8C-4E66-998D-CA49B3D432A5}C:\program files (x86)\real\realplayer\realplay.exe" | In - Public - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files (x86)\real\realplayer\realplay.exe
O87 - FAEL: "TCP Query User{029E156A-CFEE-457B-8EB6-C375A58EE613}C:\program files (x86)\maple 7\bin.wnt\mserver.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\maple 7\bin.wnt\mserver.exe
O87 - FAEL: "UDP Query User{E45276C7-B7F5-4D2B-B723-57F4B64DCE5A}C:\program files (x86)\maple 7\bin.wnt\mserver.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\maple 7\bin.wnt\mserver.exe
O87 - FAEL: "{4A743182-3CED-4205-A1D2-3C59BC90C2D0}" | In - None - P17 - TRUE | .(.Hewlett-Packard Co. - DeviceSetup.exe.) -- C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
O87 - FAEL: "{3E1A4F98-B0B6-43AA-8496-7A861CE5789F}" | In - None - P17 - TRUE | .(.Hewlett-Packard Co. - HPNetworkCommunicator.) -- C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
O87 - FAEL: "{E38FF403-5D50-43AC-B33B-309B16980E23}" | In - None - P17 - TRUE | .(.Hewlett-Packard Co. - HPNetworkCommunicatorCom.) -- C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
~ Scan Firewall in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.10828 - (21/02/2013)
Clés trouvées (Keys found) : 81
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8848B3CD-4464-414F-953C-966678634540}] =>PUP.SoftwareEngine
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29633E53-BF13-41B5-9E10-19D7843BD9C3}] =>Hijacker.Proxy
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Classes\Installer\Features\DC3B84884644F41459C3696687365404] =>PUP.SoftwareEngine
[HKLM\Software\Classes\Installer\Products\DC3B84884644F41459C3696687365404] =>PUP.SoftwareEngine
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC3B84884644F41459C3696687365404] =>PUP.SoftwareEngine
[HKLM\Software\Wow6432Node\Classes\Installer\Features\DC3B84884644F41459C3696687365404] =>PUP.SoftwareEngine
[HKLM\Software\Wow6432Node\Classes\Installer\Products\DC3B84884644F41459C3696687365404] =>PUP.SoftwareEngine
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CheckRun22find_uninstaller] =>Hijacker.22find
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
C:\Program Files (x86)\Savdm =>Hijacker.Proxy
C:\Users\JC\AppData\Local\Savdm =>Hijacker.Proxy
C:\Users\JC\AppData\Local\Updater21810 =>Adware.VidSaver
C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\vnpbt5nq.default\Extensions\extension21810@extension21810.com =>Adware.VidSaver
~ Scan Additionnel in 00mn 15s



---\\ Recherche détournement de DNS routeur (O89) (None)

---\\ Product Upgrade Codes (O90)
O90 - PUC: "000021090200C0400000000000F01FEC" . (.Module de compatibilité pour Microsoft Office System 2007.) -- c:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
O90 - PUC: "000021592210C0400000000000F01FEC" . (.Microsoft Office Outlook Connector.) -- C:\Windows\Installer\{95120000-0122-040C-0000-0000000FF1CE}\olc_setup.exe
O90 - PUC: "04DE0F7511F8AA149B62A4660D1D9ACC" . (.Microsoft Office Live Add-in 1.3.) -- C:\Windows\Installer\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}\ProductIcon
O90 - PUC: "144A4120BA4A8A34D8FEF2375C636437" . (.Microsoft Works.) -- c:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\MSWorks.exe
O90 - PUC: "1E056E2981A0227202843155930DB41A" . (.ccc-core-static.) -- C:\Windows\Installer\{92E650E1-0A18-2722-2048-135539D04BA1}\ARPPRODUCTICON.exe
O90 - PUC: "27DD380FB428D7B3BD77F3124B1B476D" . (.Catalyst Control Center Graphics Previews Vista.) -- C:\Windows\Installer\{F083DD72-824B-3B7D-DB77-3F21B4B174D6}\ARPPRODUCTICON.exe
O90 - PUC: "33F13F0AF98213163C425555C490818F" . (.Catalyst Control Center Graphics Full New.) -- C:\Windows\Installer\{A0F31F33-289F-6131-C324-55554C0918F8}\ARPPRODUCTICON.exe
O90 - PUC: "4ACBE7FAFAF98CD4D8907658B48BD443" . (.RealDownloader.) -- C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\AddRemoveProgramsIcon
O90 - PUC: "5E677B270354B4C4493557D18FD7D939" . (.Backup Manager Basic.) -- C:\Windows\Installer\{72B776E5-4530-4C4B-9453-751DF87D9D93}\ARPPRODUCTICON.exe
O90 - PUC: "5FA38AF1102C54E4BBDB978EBADA5EE3" . (.Catalyst Control Center - Branding.) -- C:\Windows\Installer\{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}\ARPPRODUCTICON.exe
O90 - PUC: "62E4D8C743A783027836D2862963AC38" . (.ATI Catalyst Install Manager.) -- C:\Windows\Installer\{7C8D4E26-7A34-2038-8763-2D689236CA83}\ARPPRODUCTICON.exe
O90 - PUC: "68AB67CA7DA76301B744BA0000000010" . (.Adobe Reader XI (11.0.01) - Français.) -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco
O90 - PUC: "796784B7140A106AC51C8EA7924CF2AA" . (.ATI AVIVO64 Codecs.) -- C:\Windows\Installer\{7B487697-A041-A601-5CC1-E87A29C42FAA}\ARPPRODUCTICON.exe
O90 - PUC: "B04550D9D95539EC5CFF227AB442191E" . (.ccc-utility64.) -- C:\Windows\Installer\{9D05540B-559D-CE93-C5FF-22A74B2491E1}\ARPPRODUCTICON.exe
O90 - PUC: "B1BF86FEF34BA1C517ACBFA5BA7C5B52" . (.Catalyst Control Center Graphics Light.) -- C:\Windows\Installer\{EF68FB1B-B43F-5C1A-71CA-FB5AABC7B525}\ARPPRODUCTICON.exe
O90 - PUC: "BAB73F0710F46EC4384DD81E3DFB11AC" . (.Logiciel de base du périphérique HP Deskjet 3050 J610 series.) -- C:\Windows\Installer\{70F37BAB-4F01-4CE6-83D4-8DE1D3BF11CA}\ARP_Icon
O90 - PUC: "C040110900063D11C8EF10054038389C" . (.Microsoft Office Professional Edition 2003.) -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe,6
O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
O90 - PUC: "DC3B84884644F41459C3696687365404" . (.eDownloader.) -- C:\Windows\Installer\{8848B3CD-4464-414F-953C-966678634540}\softwareinstaller.exe
O90 - PUC: "DDB6C50237B7ED245850A990F3532A83" . (.Outil de téléchargement Windows Live.) -- C:\Windows\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}\RichUpload.ico
O90 - PUC: "DEA097B976E4A595C00AE10DC895D33D" . (.Catalyst Control Center Localization All.) -- C:\Windows\Installer\{9B790AED-4E67-595A-0CA0-1ED08C593DD3}\ARPPRODUCTICON.exe
O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.2.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
O90 - PUC: "E8490082E3B64ACCC7EC622618D01AC2" . (.Catalyst Control Center Core Implementation.) -- C:\Windows\Installer\{2800948E-6B3E-CCA4-7CCE-2662810DA12C}\ARPPRODUCTICON.exe
O90 - PUC: "F78DC9C5B78961A67B5DD9A3466C8989" . (.Catalyst Control Center Graphics Full Existing.) -- C:\Windows\Installer\{5C9CD87F-987B-6A16-B7D5-9D3A64C69898}\ARPPRODUCTICON.exe
~ Scan Files in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 06/08/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SR - | Auto 04/06/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
SS - | Auto 02/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 16/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/08/2009 62720 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
SR - | Auto 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 18/12/2012 155264 | (Savdm) . (.Advernet.) - C:\Program Files (x86)\Savdm\Savdm.exe
SR - | Auto 18/12/2012 33920 | (SavdmMonitor) . (.Advernet.) - C:\Program Files (x86)\Savdm\SavdmMonitor.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Scan Services in 00mn 01s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ Scan MBR in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by JC at 23/02/2013 08:29:13

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 04s



End of the scan (1575 lines in 03mn 22s)(0)
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 

Re: 22 Find tapak

Message le 23 Fév 2013 13:33

Bonjour,

Fais ceci :

C'est très important de bien lire avant de faire cette fois çi !


  • Lances ZHPFix sur ton bureau.
    Image Sous windows 7/8 et vista faire clic droit sur ZHPFix exécuter en tant qu'administrateur. Image

  • Copie les lignes ci dessous :

    Code: Tout sélectionner
    [MD5.52AA45AC46E2DFE0A1F7EF3717F59BD5] - (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe [269440] [PID.3404]   
    [MD5.36051C50715D8517D06405C7CC98D14E] - (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\Savdm.exe [155264] [PID.1684]   
    [MD5.280FFEB925B31B7D637C068D8D33DEBB] - (.Advernet - SavdmMonitor.) -- C:\Program Files (x86)\Savdm\SavdmMonitor.exe [33920] [PID.2248]   
    M3 - MFPP: Plugins - [JC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\22find.xml
    M2 - MFEP: prefs.js [JC - vnpbt5nq.default\extension21810@extension21810.com] [] Giant Savings Extension v2.0 (.215 Apps.)
    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com
    R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.22find.com
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
    O4 - HKCU\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe   
    O4 - HKUS\S-1-5-18\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe   
    O4 - HKUS\S-1-5-19\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe   
    O4 - HKUS\S-1-5-20\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe   
    O4 - HKUS\S-1-5-21-4056774841-4084000601-2717787810-1000\..\Run: [systray] . (.Advernet - Savdm.) -- C:\Program Files (x86)\Savdm\DWCSysTray.exe   
    O4 - Global Startup: C:\Users\JC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    O23 - Service: (Savdm) . (.Advernet - Savdm.) - C:\Program Files (x86)\Savdm\Savdm.exe   
    O23 - Service: SavdmMonitor (SavdmMonitor) . (.Advernet - SavdmMonitor.) - C:\Program Files (x86)\Savdm\SavdmMonitor.exe   
    [MD5.D735BA7D6ED4D47E75DE0EB0F8253F20] [APT] [Updater21810.exe] (.FileProperties_CompanyName.) -- C:\Users\JC\AppData\Local\Updater21810\Updater21810.exe   
    O42 - Logiciel: CheckRun22find_uninstaller - (.CheckSoftware.) [HKLM][64Bits] -- CheckRun22find_uninstaller
    O42 - Logiciel: Savdm - (.Advernet.) [HKLM][64Bits] -- {29633E53-BF13-41B5-9E10-19D7843BD9C3}   
    O42 - Logiciel: eDownloader - (.eDownloader.) [HKLM][64Bits] -- eDownloader 1.0.0   
    O42 - Logiciel: eDownloader - (.eDownloader.) [HKLM][64Bits] -- {8848B3CD-4464-414F-953C-966678634540}   
    [HKLM\Software\Wow6432Node\eDownloader]   
    O43 - CFD: 20/12/2012 - 08:43:30 - [1,868] ----D C:\Program Files (x86)\Savdm   
    O43 - CFD: 20/12/2012 - 08:42:26 - [0,254] ----D C:\Users\JC\AppData\Local\savdm   
    O43 - CFD: 14/01/2013 - 16:12:08 - [0,197] ----D C:\Users\JC\AppData\Local\Updater21810   
    O61 - LFC:Last File Created 23/02/2013 - 07:20:23 ---A- C:\Users\JC\AppData\Local\savdm\config.dat [802]   
    O61 - LFC:Last File Created 23/02/2013 - 07:20:36 ---A- C:\Users\JC\AppData\Local\savdm\domains.dat [265810]   
    O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.22find.com
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.22find.com
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossrider.bic", "13c399eadaca252d837c39168080d628");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1361432877);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.active", true);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.addressbar", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.backgroundver", 32);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.changeprevious", false);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1361432877");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1361432877");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Thu Feb 21 2013 13:36:57 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B%5C%22CH%5C%22%3D%3DappA[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Thu Feb 21 2013 13:36:57 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Feb 28 2013 08:48:41 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22FR%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1361449915");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221361395626%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221361395762%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%2214019%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.value", "1361433165387");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221171%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22147016%22");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1361432921129");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons display instantly while you're [...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.domain", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.enablesearch", false);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.fbremoteurl", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.group", 0);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.homepage", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.iframe", false);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "48");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Thu Feb 21 2013 14:47:59 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.manifesturl", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.newtab", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.opensearch", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 33);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=tr[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 2);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 1);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.name", "appApiValidation");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 1);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.pluginsurl", "http://app-static.crossrider.com/plugin/apps/21810/plugins/088/ff/plu[...]
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.pluginsversion", 42);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.searchstatus", 0);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.setnewtab", false);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.settingsurl", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.thankyou", "");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.updateinterval", 360);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.21810.ver", 48);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.apps", "21810");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.bic", "13c399eadaca252d837c39168080d628");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.cid", 21810);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.firstrun", false);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.hadappinstalled", true);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.installationdate", 1361432877);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.lastcheck", 22690548);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.lastcheckitem", 22690832);
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.modetype", "production");
    O69 - SBI: prefs.js [JC - vnpbt5nq.default] user_pref("extensions.crossriderapp21810.reportInstall", true);
    [MD5.85A7153A6D79C8DA99087134225CE064] [SPRF][17/01/2013] (.SoftStud - SoftStud.) -- C:\Users\JC\AppData\Local\Temp\22find_mlv.exe [622696]
    [MD5.5116DB8B204EB3B2FBDDA6B095E50B1E] [SPRF][02/02/2013] (...) -- C:\Users\JC\AppData\Local\Temp\HomePage22find.exe [744837]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B]   
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8848B3CD-4464-414F-953C-966678634540}]   
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29633E53-BF13-41B5-9E10-19D7843BD9C3}]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B]   
    [HKLM\Software\Classes\Installer\Features\DC3B84884644F41459C3696687365404]   
    [HKLM\Software\Classes\Installer\Products\DC3B84884644F41459C3696687365404]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC3B84884644F41459C3696687365404]   
    [HKLM\Software\Wow6432Node\Classes\Installer\Features\DC3B84884644F41459C3696687365404]   
    [HKLM\Software\Wow6432Node\Classes\Installer\Products\DC3B84884644F41459C3696687365404]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420]   
    [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CheckRun22find_uninstaller]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]   
    C:\Program Files (x86)\Savdm   
    C:\Users\JC\AppData\Local\Savdm   
    C:\Users\JC\AppData\Local\Updater21810   
    C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\vnpbt5nq.default\Extensions\extension21810@extension21810.com   
    O90 - PUC: "DC3B84884644F41459C3696687365404" . (.eDownloader.) -- C:\Windows\Installer\{8848B3CD-4464-414F-953C-966678634540}\softwareinstaller.exe   
    SR - | Auto 18/12/2012 155264 | (Savdm) . (.Advernet.) - C:\Program Files (x86)\Savdm\Savdm.exe   
    SR - | Auto 18/12/2012 33920 | (SavdmMonitor) . (.Advernet.) - C:\Program Files (x86)\Savdm\SavdmMonitor.exe   
    C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\nf0aycru.default\prefs.js (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{A2DAB995-2CF9-4159-A9D4-D681ECB897A4}] (...) -- C:\Users\JC\Desktop\MTW6.7.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{BD0D0BC6-DB0A-4981-B55B-FD15D15EF596}] (...) -- C:\Users\JC\Desktop\MTW6.7.exe (.not file.)
    O51 - MPSK:{6ef9d125-38a1-11e2-99b8-806e6f6e6963}\AutoRun\command. (...) -- D:\Eautorun.exe (.not file.)
    O61 - LFC:Last File Created 22/02/2013 - 15:07:31 -SHA- C:\Users\JC\AppData\Local\Temp\acrord32_sbx\Cookies\index.dat [16384]
    O61 - LFC:Last File Created 22/02/2013 - 15:07:31 -SHA- C:\Users\JC\AppData\Local\Temp\acrord32_sbx\Fichiers Internet temporaires\Content.IE5\index.dat [32768]
    O61 - LFC:Last File Created 22/02/2013 - 15:07:31 -SHA- C:\Users\JC\AppData\Local\Temp\acrord32_sbx\History\History.IE5\index.dat [16384]
    O90 - PUC: "BAB73F0710F46EC4384DD81E3DFB11AC" . (.Logiciel de base du périphérique HP Deskjet 3050 J610 series.) -- C:\Windows\Installer\{70F37BAB-4F01-4CE6-83D4-8DE1D3BF11CA}\ARP_Icon
    [MD5.62B7C506B092D460898F3296DA94B728] [SPRF][18/07/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe [36136]
    C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js (.not file.)
    M3 - MFPP: Plugins - [JC] -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\vnpbt5nq.default\searchplugins\wiseconvert-15-customized-web-search.xml
    [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.)   
    O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}   
    O61 - LFC:Last File Created 21/02/2013 - 13:36:42 ---A- C:\Users\JC\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337]   
    O61 - LFC:Last File Created 21/02/2013 - 13:36:42 ---A- C:\Users\JC\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505]   
    O61 - LFC:Last File Created 23/02/2013 - 08:23:37 ---A- C:\Users\JC\AppData\Local\Google\Toolbar\broker_metrics.xml [23908]   
    O69 - SBI: SearchScopes [HKCU] {17CB86F4-7F58-460A-AEF0-26CFCC5F5DCB} [DefaultScope] - (Ask Search) - http://websearch.ask.com
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js (.not file.)
    M3 - MFPP: Plugins - [JC] -- C:\Users\JC\AppData\Roaming\Mozilla\Firefox\Profiles\vnpbt5nq.default\searchplugins\wiseconvert-15-customized-web-search.xml
    [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.)   
    O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}   
    O61 - LFC:Last File Created 21/02/2013 - 13:36:42 ---A- C:\Users\JC\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337]   
    O61 - LFC:Last File Created 21/02/2013 - 13:36:42 ---A- C:\Users\JC\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505]   
    O61 - LFC:Last File Created 23/02/2013 - 08:23:37 ---A- C:\Users\JC\AppData\Local\Google\Toolbar\broker_metrics.xml [23908]   
    O69 - SBI: SearchScopes [HKCU] {17CB86F4-7F58-460A-AEF0-26CFCC5F5DCB} [DefaultScope] - (Ask Search) - http://websearch.ask.com
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   



    FirewallRaz
    EmptyFlash
    Emptytemp
    ProxyFix

  • Dans ZHPFix clic sur l'îcone : "coller le presse-papier"
  • Puis Clic sur "GO"

    Image

  • Confirmes les nettoyages des données en cliquant sur "Oui"

Un rapport sera créé sur ton bureau ZHPFixReport héberges le rapports sur http://www.cjoint.com et postes le sur le forum ;)

Puis fais ceci :

  • Télécharges ESET SCAN Online
  • Coches "OUI, j'accepte les condiftions d'utilisation"
  • Clic sur Démarrer
  • Laisse cocher la case "Supprimer menaces détectés"
    Patiente le temps du scan.
    Note : Tout les éléments néfastes seront supprimés automatiquement
  • Si aucune menace n'est détectée dit le moi simplement dans ton rapport.
  • Dans le cas ou tu as des infections sur ton pc génère le rapport en cliquant sur "liste des menaces détectées" puis Exporter dans ...
  • Poste le rapport sur le forum entre les balises :

    Code: Tout sélectionner
    [code]Rapport de ESET SCAN[/code]

Bonne journée

EDIT : As tu fais ce que je t'ai dis concernant Malwarebytes ?
Avatar de l'utilisateur
Raptor14
PC-Infopraticien
PC-Infopraticien
 
Messages: 2207
Inscription: 13 Juin 2011 19:26
 

Re: 22 Find tapak

Message le 23 Fév 2013 14:42

Quand je copie les lignes "ci-dessous" (en faisant "tout selectionner" et un copié/collé )je n'obtiens sur la page de ZHPFix que l'inscription : [MD5.
.... est-ce possible ?
pilatus
Apprenti(e)
Apprenti(e)
 
Messages: 39
Inscription: 13 Jan 2013 08:26
 

Suivante


Sujets similaires

Message [Résolu] Makefile - cannot find the file specified
Bonsoir! Ce soir j'étais en train de programmer, la routine, et j'ai tenté le makefile pour une fois (j'aurais peut-être pô dû ).Pour entrer dans le vif du sujet, j'ai mon main.c, son header main.h et mon makefile dans le même répertoire, mais le makefile renvoie toujours quelque chose du genre: m ...
Réponses: 22

Message 22 find tapak portal à l'aide 2
Bonsoir, ayant eu le même problème que vous, j'ai suivi votre méthode et cela a fonctionné !!!! Merci merci beaucoup !!!
Réponses: 3

Message 22 find tapak portal à l'aide [Résolu]
Bonjour! Je suis nouveau sur ce site...J'ai téléchargé sans le vouloir (sans faire assez attention) un sale truc et je n'ai pas l'air d'être le seul, 22 find tapak portal...J'ai un premier rapport d'adwcleaner que je poste ici, je sais qu'il faut commencer par là, mais ensuite je ne sais pas quoi fa ...
Réponses: 11

Message 22 find Tapak Portal .... please help !
Bonjour, Je viens à peine de configurer mon pc portable..que le voilà déjà "infecté" par un microbe tenace !J'ai téléchargé la version d'essai du dernier Suite office 365, et paf ! (oui j'avoue, j'ai dû cliquer sur ok ok ok sans lire les petites lignes....et voilà, pire que les banquiers ! ...
Réponses: 24

Message /usr/bin/ld: cannot find -lcuda
Bonjour tout le monde,j'essaye d'installer un logiciel qui doit utilisé cuda, quand je lance l'installation j'ai l'erreur suivant :/usr/bin/ld: cannot find -lcudaJ'ai déjà essayé plein de chose que j'ai trouvé sur le net mais sans résultats.Est ce que quelqu'un peut m'aider?MerciAlaninho
Réponses: 2

Message Message : can't find registry record ?
Bonjour,Je possède un logiciel nommé MUSIC STUDIO.Il était encore installé sur mon PC il y a quelques jours, quand j'ai du le d'installer par erreur aujourd'hui.C'est donc tout naturellement, que j'ai voulu le réinstaller sur celui-ci et là problème !Lorsque que je l'installe, au moment où il doit i ...
Réponses: 3


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 8 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.