Infections résiduelles sur le PC de ma nièce

[MIG3]

re salut a tous

je (re)nettoie le pc de ma nièce

symptomes: plein de pop ups qui s'ouvre,j'ai desinstallé 2 programmes via le panneau de config.

bubble dock

dealprice

passé mbam et nettoyé,rapport:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.09.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
louise :: LOUISE-PC [administrateur]

08/09/2013 18:04:57
mbam-log-2013-09-08 (18-04-57).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 228134
Temps écoulé: 5 minute(s), 26 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 6
HKCR\CrossriderApp0012765.BHO (PUP.Optional.CrossRider.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0012765.BHO.1 (PUP.Optional.CrossRider.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0012765.Sandbox (PUP.Optional.CrossRider.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\CrossriderApp0012765.Sandbox.1 (PUP.Optional.CrossRider.A) -> Mis en quarantaine et supprimé avec succès.
HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Mis en quarantaine et supprimé avec succès.
HKCU\Software\Cr_Installer\12765 (PUP.Optional.CrossRider.A) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Bubble Dock (PUP.Optional.BubbleDock.A) -> Données: "C:\Users\louise\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 2
C:\Users\louise\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\louise\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 7
C:\Users\louise\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\louise\Downloads\David_Bowie_-_The_Next_Day_(Deluxe_Edition)_2013.exe (PUP.BundleInstaller.DW) -> Mis en quarantaine et supprimé avec succès.
C:\Users\louise\Downloads\SoftonicDownloader_pour_apache-openoffice.exe (PUP.Optional.Softonic) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\d5719.msi (PUP.Optional.SweetIM) -> Mis en quarantaine et supprimé avec succès.
C:\Users\louise\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\louise\AppData\Roaming\DealPly\UpdateProc\src.dat (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\louise\AppData\Roaming\DealPly\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Mis en quarantaine et supprimé avec succès.

(fin)

ensuite j'ai fait 2 scans en ligne (bit deffender,trendmicro) =rien

 

le pc marchait a peu pres normalement mais 75 processus dans le gestionnaire des taches

 

j'ai passé adw cleaner et nettoyé,rapport:

 

# AdwCleaner v3.003 - Rapport créé le 10/09/2013 à 18:57:15
# Mis à jour le 07/09/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : louise - LOUISE-PC
# Exécuté depuis : C:\Users\louise\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : Partner Service

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Partner
Dossier Supprimé : C:\Program Files (x86)\FilesFrog Update Checker
Dossier Supprimé : C:\Program Files (x86)\Nosibay
Dossier Supprimé : C:\Program Files (x86)\Savings Wave
Dossier Supprimé : C:\Windows\SysWOW64\WNLT
Dossier Supprimé : C:\Program Files\IB Updater
Dossier Supprimé : C:\Users\louise\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\user.js
Fichier Supprimé : C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage-journal
Fichier Supprimé : C:\Windows\System32\Tasks\Dealply

***** [ Raccourcis ] *****


***** [ Registre ] *****

Valeur Supprimée : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_vuze[1]_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_vuze[1]_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Savings Wave
Clé Supprimée : HKLM\Software\Savings Wave
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (fr)

[ Fichier : C:\Users\louise\AppData\Roaming\Mozilla\Firefox\Profiles\onsdv832.default\prefs.js ]

Ligne Supprimée : user_pref("extensions.crossrider.bic", "13ec815e0ccd4b4366e175f8b195a40c");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.InstallationThankYouPage", true);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.InstallationTime", 1369156039);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.searchUserConifrmation", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setHomepage", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setNewTab", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.InstallationUserSettings.setSearch", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.active", true);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.addressbar", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.addressbarenhanced", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.backgroundjs", "\n\n//\n");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.backgroundver", 42);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.can_run_bg_code", true);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.certdomaininstaller", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.changeprevious", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.value", "1369156039");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.value", "1369156039");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.expiration", "Tue Sep 10 2013 18:59:14 GMT+0200");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7Bif%28appAPI.installer%26%26%5C%22function%5C%22%3D%3Dtypeof%20appAPI.installer.getInstalledSof[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_blocklist.expiration", "Tue Sep 10 2013 18:59:14 GMT+0200");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.expiration", "Sun Sep 15 2013 17:35:14 GMT+0200");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.value", "%22FR%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.value", "1378831971");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.value", "%221378247164%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.value", "%221%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_delay.value", "24");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_disclosure.value", "1369760988");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_list.expiration", "Wed Sep 11 2013 00:37:49 GMT+0200");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22182142%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22182142%26subid%3D%26pid%3D1401%2[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.value", "%221368544050%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.value", "%2214019%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.value", "1369157344763");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.value", "%221291%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.value", "%22195954%22");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.value", "1369157330008");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.description", "Savings Wave");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.domain", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.enablesearch", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.homepage", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.iframe", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22656B58EDC4B84091AE914EB1C8A44BE7IE%22%2C%22installer_verifier%22%3A%22b2975c80048a0e[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.value", "69");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.value", "0");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.value", "%7B%7D");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.expiration", "Wed Sep 11 2013 00:36:54 GMT+0200");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.value", "true");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.value", "%7B%7D");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1291,baseCDN:\"savingswave-a.akamaihd.[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.manifesturl", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.name", "Savings Wave");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.newtab", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.opensearch", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.name", "base");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.ver", 6);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Obje[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.ver", 16);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.name", "GPL Background (BG)");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.ver", 39);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.g[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.name", "CrossriderAppUtils");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.ver", 3);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.name", "CrossriderUtils");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.ver", ;
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.name", "FFAppAPIWrapper");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.ver", 9);

Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.name", "jQuery");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.ver", 4);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.name", "debug");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.ver", 4);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.name", "resources");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.ver", 4);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.name", "initializer");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.ver", 3);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.name", "jquery_1_7_1");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.ver", 4);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.name", "resources_background");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.ver", 3);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.name", "appApiMessage");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.ver", 2);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.name", "appApiValidation");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.ver", 3);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.name", "CrossriderInfo");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.ver", 3);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.name", "omniCommands");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.ver", 2);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.pluginsversion", 63);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.publisher", "Innovative Apps");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.searchstatus", 0);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.setnewtab", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.thankyou", "");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.updateinterval", 360);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.12765.ver", 69);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.adsOldValue", -1);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.apps", "12765");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.bic", "13ec815e0ccd4b4366e175f8b195a40c");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.cid", 12765);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.firstrun", false);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.hadappinstalled", true);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.installationdate", 1369156477);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.lastcheck", 22980517);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.lastcheckitem", 22980535);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.modetype", "production");
Ligne Supprimée : user_pref("extensions.crossriderapp12765.reportInstall", true);
Ligne Supprimée : user_pref("extensions.crossriderapp12765.statsDailyCounter", 42);
Ligne Supprimée : user_pref("extensions.enabledAddons", "bubbledock%40nosibay.com:1.0.0.130,crossriderapp12765%40crossrider.com:0.91.66,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");

-\\ Google Chrome v

[ Fichier : C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : search_url
Supprimée : keyword

*************************

AdwCleaner[R0].txt - [22950 octets] - [10/09/2013 18:55:56]
AdwCleaner[s0].txt - [23079 octets] - [10/09/2013 18:57:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23140 octets] ##########

ucs a fixer

je poste le rapport zhp diag je pense qu'il ya pas mal de truc a fixer mais je ne me lance pas tou.s seul.ec-tection

 

et merci d'avance

 

ps:infection via des liens google (ceux du haut)

 

 

~ Rapport de ZHPDiag v2013.9.10.19 - Nicolas Coolman (10/09/2013)
~ Lancé par louise (10/09/2013 19:09:09)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 23.0.1

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows® 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.00 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (59%) free of 116 GB

---\\ Mode de connexion au système
~ Computer Name: LOUISE-PC
~ User Name: louise
~ All Users Names: louise, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\louise\AppData\Roaming\
~ %Desktop% : C:\Users\louise\Desktop\
~ %Favorites% : C:\Users\louise\Favorites\
~ %LocalAppData% : C:\Users\louise\AppData\Local\
~ %StartMenu% : C:\Users\louise\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 69 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 285 Go of 330 Go)
E:\ CD-ROM drive (Free 0 Go of 0 Go)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/274
~ Mes Favoris (My Favorites) : 1/42
~ Mes Documents (My Documents) : 1/362
~ Mon Bureau (My Desktop) : 1/52
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.1364]
[MD5.868E3486E7EC522330344152A5535783] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.1452]
[MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.1440]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.2800]
[MD5.D36DA0A5C531353C5FF5E29242649257] - (.Boingo Wireless, Inc. - Boingo Wi-Fi.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe [365936] [PID.2936]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.340]
[MD5.3ECCDD3FE310DD8F82D085447089ADB0] - (.ASUSTek Computer Inc. - ADSMTray.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952] [PID.4332]
[MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3054136] [PID.4404]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.4476]
[MD5.2C6AC6ECAA1D97FF9F75D3400D173C5F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7928320] [PID.1772]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1332]
[MD5.63F1212FFE13E62CA1E8D8EE19ABD9A7] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1380]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1404]
[MD5.3FD8DC2C9735C2AA70155102CFB93EDA] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 7.0 (component).) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312] [PID.1980]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1808]
[MD5.C811032EBB2C2E9FACFC364599E91BE3] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [174720] [PID.2180]
[MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2308]
[MD5.6E4B604025382DF1C205BC7436A6B1C5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe [239720] [PID.2388]
[MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.2616]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.3000]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113208] [PID.972]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.3232]
[MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.3508]
[MD5.C0BF554D2277F7A4C735D475ADE2E3B2] - (.ASUSTek Computer Inc. - ADSMSrv.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280] [PID.4348]
[MD5.739DB668DBD812285ECC553E64A5E212] - (.Pas de propriétaire - spmgr Module.) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496] [PID.4396]
[MD5.C5A75EB48E2344ABDC162BDA79E16841] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384] [PID.4220]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [user Data\Default] http://www.google.com
G2 - GCE: Preference [user Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>Toolbar.BubbleDock
G2 - GCE: Preference [user Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.66 (Activé) =>PUP.CrossRider
~ Google Browser: 13 Legitimates Filtered in 00mn 17s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [louise - onsdv832.default\crossriderapp12765@crossrider.com] [] Savings Wave v (..) =>PUP.CrossRider
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Canon Easy-PhotoPrint EX.lnk . (.CANON INC. - Canon Easy-PhotoPrint EX.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.exe
O4 - GS\Desktop [Public]: FinePixViewer.lnk . (.FUJI PHOTO FILM CO.,LTD. - FinePixViewer Ver.5.1.) -- C:\Program Files\FinePixViewer\FinePixViewer.exe
O4 - GS\Desktop [Public]: TuneUp Companion.lnk . (.TuneUp Media, Inc. - TuneUpApp.) -- C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
O4 - GS\Desktop [Public]: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe
O4 - GS\QuickLaunch [louise]: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe
O4 - GS\Desktop [louise]: Ma musique - Raccourci.lnk . (...) -- D:\Music
O4 - GS\Desktop [louise]: Mes documents - Raccourci.lnk . (...) -- D:\Documents
O4 - GS\Desktop [louise]: Mes images - Raccourci.lnk . (...) -- D:\Pictures
O4 - GS\Desktop [louise]: Tcpview - Raccourci.lnk . (.Sysinternals - www.sysinternals.com - TCP/UDP endpoint viewer.) -- C:\Users\louise\Downloads\TCPView\Tcpview.exe
~ Global Startup: 49 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [boingo Wi-Fi] . (...) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{42DCFBA2-F636-4A38-ADA8-B3D9829A23FC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{42DCFBA2-F636-4A38-ADA8-B3D9829A23FC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{42DCFBA2-F636-4A38-ADA8-B3D9829A23FC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Net4Switch] (...) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 05s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\???????????????]
[HKLM\Software\Wow6432Node\IncrediMail]
~ Key Software: 180 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/02/2013 - 19:47:36 - [0] ----D C:\Program Files (x86)\GUM2838.tmp
O43 - CFD: 27/11/2010 - 11:23:49 - [0,051] ----D C:\Program Files (x86)\REGSHAVE
O43 - CFD: 04/07/2013 - 21:41:26 - [0] ----D C:\Users\louise\AppData\Local\Updater12765 =>PUP.CrossRider
~ Program Folder: 159 Legitimates Filtered in 00mn 17s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 10/09/2013 - 17:23:46 ---A- . (...) -- C:\Windows\SysNative\acovcnt.exe [45056]
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 10/09/2013 - 17:23:46 RSHAD . (...) -- C:\Windows\System32\acovcnt.exe [45056]
~ Files: 66 Legitimates Filtered in 00mn 11s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{91be9514-2cc2-11e2-87ff-20cf305920cc}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AmIcoSinglun64 [Key] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O53 - SMSR:HKLM\...\startupreg\REGSHAVE [Key] . (.FUJI PHOTO FILM CO., LTD. - Shaving Registry.) -- C:\Program Files (x86)\REGSHAVE\REGSHAVE.exe
~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.5573AA70993A2BB81525B1C704B88763] - 09/05/2013 - 09:59:07 . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
O58 - SDL:[MD5.4372398A6AE42586EB1C6533DD3B575D] - 25/11/2001 - 12:11:54 ----- . (.FUJI PHOTO FILM CO.,LTD. - USB PC Camera.) -- C:\Windows\SysWOW64\drivers\VC4CB104.SYS [81924]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 03/08/2007 - Pas de propriétaire (ghaio) .(...) - LEGACY_GHAIO
~ Legacy: 84 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossrider.bic", "14108d53e0fbb20511fcb75557ac7f2e"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.InstallationThankYouPage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.InstallationTime", 1378832695); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.backgroundver", 42); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.value", "1378832695"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.value", "1378832695"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.expiration", "Tue Sep 10 2013 19:10:20 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7Bif%28appAPI.installer%26[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.expiration", "Tue Sep 17 2013 19:05:19 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.value", "%22FR%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.value", "1378832741"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.value", "%221378247146%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.value", "%221378247146%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.value", "1378832728089"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.value", "%221291%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.value", "%22358545%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.value", "1378832718506"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.description", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22install[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.value", "69"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.value", "0"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.expiration", "Wed Sep 11 2013 01:04:57 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.name", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.ver", 6); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.name", "GPL Background (BG)"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.ver", ; =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.ver", 9); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.name", "resources"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/12765/plugins/091/ff/plugi[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.pluginsversion", 63); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.publisher", "Innovative Apps"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.ver", 69); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.apps", "12765"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.bic", "14108d53e0fbb20511fcb75557ac7f2e"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.cid", 12765); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.installationdate", 1378832695); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.lastcheck", 22980545); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.lastcheckitem", 22980546); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.statsDailyCounter", 1); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [sPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [sPRF][07/09/2013] (...) -- C:\Users\louise\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [sPRF][10/09/2013] (...) -- C:\Users\louise\AppData\Local\Temp\uttC8AB.tmp.bat [77]
[MD5.71831947B6A4FF6B0C0DFF33A840349D] [sPRF][24/05/2013] (...) -- C:\Users\louise\AppData\Roaming\wklnhst.dat [6238]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 16/09/2008 169312 | (AdobeActiveFileMonitor7.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SS - | Demand 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 10/11/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 27/11/2010 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 08/09/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 10/10/2009 392296 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Demand 03/08/2007 125496 | (spmgr) . (...) - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
SR - | Auto 10/10/2009 239720 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Windows\SysWOW64\nvSCPAPISvr.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s



---\\ Scan Additionnel (O88)
Database Version : 12895 - (10/09/2013)
Clés trouvées (Keys found) : 22
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp] =>Toolbar.BubbleDock^
[HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm] =>PUP.CrossRider^
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
C:\Users\louise\AppData\Roaming\Mozilla\Firefox\Profiles\onsdv832.default\crossriderapp12765@crossrider.com =>PUP.CrossRider^
C:\Users\louise\AppData\Local\Updater12765 =>PUP.CrossRider^
C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm =>PUP.CrossRider
C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp =>Toolbar.BubbleDock^
~ Additionnel Scan: 286627 Items scanned in 01mn 03s



---\\ Récapitulatif des détections trouvées sur votre station
~
~
~
~
~ MSI: 4 link(s) detected in 01mn 03s



~ 1074 Legitimates filtered by white list
End of the scan (527 lines in 03mn 02s)(0)

 

 

 

 

 

 

 

 

 

[MIG3]

oups désolé j'ai oublié qu'il fallait desormais poster les rapports sur un hebergeur,si vous pouvez me rappeler comment faire.

encore pardon

[Dylav]

Bonjour Mig,

Zébulon n'héberge pas de documents. Ainsi, les documents que tu désires joindre à ton message doivent être confiés à un hébergeur.

Si ce n'est déjà fait, tu enregistres ton document sur ton disque dur.
Ensuite, tu te rends sur le site d'un hébergeur, comme par exemple



Tu cliques sur le bouton « Parcourir » pour localiser ton document, puis sur .
Enfin, tu récupères l'adresse de ton document,



que tu copies/colles dans ton message sur le forum.
Nota : le bouton « Copier le lien » ne fonctionne pas sous Firefox, il faut le capturer manuellement par clic droit / copier l'adresse du lien.

[pear]

Bonjour,

 

Vous devez trouver les 2 icônes Zhpdiag, Zhpfix. sur le bureau

ou sinon dans le dossier où vous avez installé Zhpdiag (Program files ->Zhpdiag ->Zhpfix)
Cliquer sur l'icône Zhpfix
Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur
Copiez/Collez les lignes vertes dans le cadre ci dessous:
pour cela;
Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas
Ctrl+c mettre le tout en mémoire
Cliquer Configurer
Puis Personnalisation rouge,en bas à gauche
Cliquer OK dans la fenêtre Avertissements
Ctrl+v pour inscrire le texte dans la fenêrtre vide qui s'ouvre
[

Script Zhpfix

G2 - GCE: Preference [user Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.66 (Activé) =>PUP.CrossRider
M2 - MFEP: prefs.js [louise - onsdv832.default\crossriderapp12765@crossrider.com] [] Savings Wave v (..) =>PUP.CrossRider
O43 - CFD: 04/07/2013 - 21:41:26 - [0] ----D C:\Users\louise\AppData\Local\Updater12765 =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossrider.bic", "14108d53e0fbb20511fcb75557ac7f2e"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.InstallationThankYouPage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.InstallationTime", 1378832695); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.backgroundver", 42); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.InstallationTime.value", "1378832695"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_aoi.value", "1378832695"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.expiration", "Tue Sep 10 2013 19:10:20 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7Bif%28appAPI.installer%26[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.expiration", "Tue Sep 17 2013 19:05:19 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_country_code.value", "%22FR%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_crr.value", "1378832741"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_currenttime.value", "%221378247146%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_installtime.value", "%221378247146%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_pc_20120828.value", "1378832728089"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_product_id.value", "%221291%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie._GPL_zoneid.value", "%22358545%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.cookie.dbtest.value", "1378832718506"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.description", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22install[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_appVer.value", "69"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_lastVersion.value", "0"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.expiration", "Wed Sep 11 2013 01:04:57 GMT+0200"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_nextCheck.value", "true"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.st[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.name", "Savings Wave"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;i[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1.ver", 6); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=fu[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{}[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.name", "GPL Background (BG)"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_13.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIs[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_14.ver", ; =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==t[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_16.ver", 9); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaSc[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_17.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appA[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_21.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:funct[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.name", "resources"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_22.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_28.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_4.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isR[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_47.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_64.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_72.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof naviga[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_78.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins.plugin_98.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.pluginsurl", "https://w9u6a2p6.ssl...ns/091/ff/plugi[...] =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.pluginsversion", 63); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.publisher", "Innovative Apps"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.12765.ver", 69); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.apps", "12765"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.bic", "14108d53e0fbb20511fcb75557ac7f2e"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.cid", 12765); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.installationdate", 1378832695); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.lastcheck", 22980545); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.lastcheckitem", 22980546); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [louise - onsdv832.default] user_pref("extensions.crossriderapp12765.statsDailyCounter", 1); =>PUP.CrossRider
[HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm] =>PUP.CrossRider^
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
C:\Users\louise\AppData\Roaming\Mozilla\Firefox\Profiles\onsdv832.default\crossriderapp12765@crossrider.com =>PUP.CrossRider^
C:\Users\louise\AppData\Local\Updater12765 =>PUP.CrossRider^
C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm =>PUP.CrossRider
[HKLM\Software\Wow6432Node\IncrediMail] => Messaging.Incredimail
O43 - CFD: 15/02/2013 - 19:47:36 - [0] ----D C:\Program Files (x86)\GUM2838.tmp => Google Inc - Google Update Manager
[MD5.3BF79E6868B44D3ADB2796BA99521891] [sPRF][07/09/2013] (...) -- C:\Users\louise\AppData\Local\Temp\Quarantine.exe [344583] => Temporary file not necessary
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [sPRF][10/09/2013] (...) -- C:\Users\louise\AppData\Local\Temp\uttC8AB.tmp.bat [77] => Temporary file not necessary
G2 - GCE: Preference [user Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>Toolbar.BubbleDock
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline => Toolbar.Avast
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline => Toolbar.Google
[HKLM\Software\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp] =>Toolbar.BubbleDock^
C:\Users\louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp =>Toolbar.BubbleDock^


EmptyTemp
EmptyClsid
Proxyfix
FirewallRaz
SysRestore



Cliquer sur "Go" |2]

Redémarrer pour achever le nettoyage.

Copier-coller,dans la réponse, le contenu du rapport ZHPFixReport.txt qui s'affiche .
Si besoin; il est enregistré sous C:\ZHP\ZHPFixReport.txt

Il faut nettoyer les raccourcis (icones) de lancement des navigateurs.
clic droit->propriétés sur les icones de raccourcis de lancement des navigateurs
Dans le champ cible, après le chemin du navigateur WEB se trouve une adresse HTTP ajoutée pour ouvrir un autre site au démarrage du navigateur,
supprimer cette adresse http.

Shortcut Cleaner
C'est un utilitaire qui va scanner votre ordinateur pour les raccourcis Windows qui ont été détournés par des logiciels indésirables ou malveillants.
S'il trouve des raccourcis défectueux, il va automatiquement les nettoyer pour qu'ils n'ouvrent pas les programmes indésirables.
Reinitialiser-son-navigateur

[MIG3]

merci beaucoup pour votre aide,mais probleme,quand j'éxécute zhpfix,il se lance,mais en cliquant configuration je n'ai pas le bouton rouge en bas car je n'ai pas le bas de la fenetre meme en essayant de la faire glisser vers le haut

jai reinstallé mais c pareil

 

que dois je faire?

[pear]

Si pour une raison quelconque vous n'avez pas accès à Personnalisation rouge,en bas à gauche
Cliquez sur Importer
Cliquez sur la petite fenêtre "Exemple"
Dans L'espace vide Ctrl+v pour inscrire le texte dans la fenêrtre vide qui s'ouvre

[MIG3]

en cliquant sur importer (du bloc note) je n'ai pas de fenetre remais la copie du script que je viens de faire,donc rien a mettre tout y est déja,et apres? je n'ai pas de bouton go.

[pear]

Je crois qu'il y a maldone.

Dans le bloc notes, vous faites ctrl a pour sélectionner le texte, puis ctrl c pour le mettre en mémoire.

Vous allez alors dans zhpfix

 

Cliquez sur Importer
Cliquez sur la petite fenêtre "Exemple"
Dans L'espace vide Ctrl+v pour inscrire le texte dans la fenêrtre vide qui s'ouvre

[MIG3]

non il n'y a pas maldonne,j'arrive a recopier le script dansla fenetre qui s'ouvre en cliquant sur importer,et une fois le script copié que dois je faire? je n'ai aucun bouton "go" ou autre

 

désolé je me suis déja servi de cet utilitaire sur ce pc,il y a 1 an et je n'avais pas eu de problème avec la version de l'époque

 

comprend pas!!

[pear]

Je viens de vérifier.

Quand on clique OK [/b] dans la fenêtre Avertissements

Le bouton Go apparait en bas, à gauche

 

Copiez/Collez les lignes vertes dans le cadre ci dessous:
pour cela;
Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas
Ctrl+c mettre le tout en mémoire
Cliquer Importer
Cliquer OK dans la fenêtre Avertissements
Ctrl+v pour inscrire le texte dans la fenêrtre vide qui s'ouvre
[