start CloseProcesses: CreateRestorePoint: C:\Users\Valérie\AppData\Roaming\cacaoweb\cacaoweb.exeHKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Run: [cacaoweb] => C:\Users\Valérie\AppData\Roaming\cacaoweb\cacaoweb.exe [564016 2016-02-15] () AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Pas de fichier AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => Pas de fichier AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => Pas de fichier ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Pas de fichier CHR HKU\S-1-5-21-3178140741-1008856957-888535845-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3178140741-1008856957-888535845-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FR&userid=5b1e498e-73d2-4a8b-92af-67df7b43ed59&searchtype=ds&q={searchTerms}&installDate=18/09/2013 HKU\S-1-5-21-3178140741-1008856957-888535845-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FR&userid=5b1e498e-73d2-4a8b-92af-67df7b43ed59&searchtype=ds&q={searchTerms}&installDate=18/09/2013 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0D0FtBtD0DtBtA0CtD0AtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=1799323337&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0D0FtBtD0DtBtA0CtD0AtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=1799323337&ir= SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {3611888E-AA72-AAF7-C5F0-703FC16C08C5} URL = SearchScopes: HKLM-x32 -> {402CB98E-16F8-4BA6-99D3-88730230B4D3 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0D0FtBtD0DtBtA0CtD0AtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=1799323337&ir= SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-3178140741-1008856957-888535845-1002 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-3178140741-1008856957-888535845-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB453BFBC-36DE-490C-9A43-116A19BE6E73&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3178140741-1008856957-888535845-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=F6C372B7C311EAAC&affID=127850&tsp=5228 SearchScopes: HKU\S-1-5-21-3178140741-1008856957-888535845-1002 -> {402CB98E-16F8-4BA6-99D3-88730230B4D3 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0D0FtBtD0DtBtA0CtD0AtN0D0Tzu0CyDtDyCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=1799323337&ir= SearchScopes: HKU\S-1-5-21-3178140741-1008856957-888535845-1002 -> {402CB98E-16F8-4BA6-99D3-88730230B4D3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3121204&CUI=UN25990630361103427&UM=2 SearchScopes: HKU\S-1-5-21-3178140741-1008856957-888535845-1002 -> {4A7DD6B0-36D4-437F-9F87-A4E7D0FF3F92} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=^F4&apn_dtid=^YYYYYY^YY^FR&apn_uid=62ff11ad-c9f0-4a04-ad03-e05b521a70e5&apn_sauid=4DA9CE30-F3CC-46C9-8C36-A06871984AE6 BHO: Pas de nom -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Pas de fichier BHO-x32: Pas de nom -> {18DBB6CE-3148-4FEC-B481-103CB3290427} -> Pas de fichier BHO-x32: Pas de nom -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Pas de fichier BHO-x32: Smiley Bar for Facebook -> {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} -> C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll => Pas de fichier BHO-x32: Pas de nom -> {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} -> Pas de fichier Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier Toolbar: HKLM-x32 - Pas de nom - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - Pas de fichier FF Plugin HKU\S-1-5-21-3178140741-1008856957-888535845-1002: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Valérie\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll [2013-12-24] (Bebo Media Ltd) FF HKLM-x32\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\Valérie\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks FF Extension: Smiley Bar for Facebook - C:\Users\Valérie\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013-05-12] [non signé] FF HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\Valérie\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks FF HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Firefox\Extensions: [happylyrics@hpyproductions.net] - C:\Program Files (x86)\HappyLyrics\FF => non trouvé(e) FF HKU\S-1-5-21-3178140741-1008856957-888535845-1002\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Valérie\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Valérie\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-04-25] [non signé] CHR Extension: (Smiley Bar for Facebook) - C:\Users\Valérie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog [2016-02-07] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION CHR HKU\S-1-5-21-3178140741-1008856957-888535845-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [alldghmcoihalmikpdpfbhlfjpkehdpk] - C:\Users\Valérie\AppData\Local\CRE\alldghmcoihalmikpdpfbhlfjpkehdpk.crx CHR HKLM-x32\...\Chrome\Extension: [ealchnonpofjocgofjpopjdoegbbkofj] - C:\Program Files (x86)\HappyLyrics\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Valérie\AppData\Roaming\PlusWinks\pluswinks.crx [2013-03-20] 2016-02-20 14:27 - 2013-03-02 21:26 - 00000000 ____D C:\Users\Valérie\AppData\Roaming\cacaoweb 2013-09-15 08:58 - 2014-02-14 17:12 - 0000150 _____ () C:\Users\Valérie\AppData\Roaming\WB.CFG QuickShare (HKLM-x32\...\{CC1C2EE8-8E03-4D79-9758-C208D4438A3E}) (Version: 1.146.60.12450 - Linkury Inc.) <==== ATTENTION Updater Service (HKLM-x32\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION VideoPerformer (HKLM-x32\...\VideoPerformer) (Version: - PerformerSoft LLC) <==== ATTENTION Task: {0CA37B73-B92A-4EC3-8EEF-C78F98EC44AA} - \WIN-statsSystem -> Pas de fichier <==== ATTENTION Task: {562B3F86-0225-426C-AC93-2B6E5C74C2E7} - System32\Tasks\SoftwareUpdateTaskMachineCore => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION Task: {70381EC4-5BD7-48DD-8CC9-282C018C0867} - System32\Tasks\SoftwareUpdateTaskMachineUA => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION Task: {F5E7F39E-07DE-4A71-A0F5-5F3CBF48FD6E} - System32\Tasks\OptimizerPro1UpdaterTask{2F4F0A00-1AD2-4B7F-92F1-D6936BDFA39A} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION Task: C:\windows\Tasks\OptimizerPro1UpdaterTask{2F4F0A00-1AD2-4B7F-92F1-D6936BDFA39A}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== ATTENTION Task: C:\windows\Tasks\SoftwareUpdateTaskMachineCore.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION Task: C:\windows\Tasks\SoftwareUpdateTaskMachineUA.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION 2013-03-02 21:26 - 2016-02-15 23:25 - 00564016 _____ () C:\Users\Valérie\AppData\Roaming\cacaoweb\cacaoweb.exe AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C AlternateDataStreams: C:\ProgramData\Temp:0B9DC6BB AlternateDataStreams: C:\ProgramData\Temp:242E63C5 AlternateDataStreams: C:\ProgramData\Temp:2A6DC3A2 AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:32289BE8 AlternateDataStreams: C:\ProgramData\Temp:322D2CD3 AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D AlternateDataStreams: C:\ProgramData\Temp:498B5975 AlternateDataStreams: C:\ProgramData\Temp:4F7FE589 AlternateDataStreams: C:\ProgramData\Temp:5539129F AlternateDataStreams: C:\ProgramData\Temp:5A9F1AE5 AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 AlternateDataStreams: C:\ProgramData\Temp:63C48B80 AlternateDataStreams: C:\ProgramData\Temp:6915E961 AlternateDataStreams: C:\ProgramData\Temp:6D65CED0 AlternateDataStreams: C:\ProgramData\Temp:77B64C59 AlternateDataStreams: C:\ProgramData\Temp:87E3D720 AlternateDataStreams: C:\ProgramData\Temp:8AC20936 AlternateDataStreams: C:\ProgramData\Temp:97B3B270 AlternateDataStreams: C:\ProgramData\Temp:98BD93BF AlternateDataStreams: C:\ProgramData\Temp:993185CB AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0 AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC AlternateDataStreams: C:\ProgramData\Temp:B1FBA7E1 AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 AlternateDataStreams: C:\ProgramData\Temp:D4D38596 AlternateDataStreams: C:\ProgramData\Temp:E402E439 AlternateDataStreams: C:\ProgramData\Temp:E4E83517 AlternateDataStreams: C:\ProgramData\Temp:E517FE76 AlternateDataStreams: C:\ProgramData\Temp:E8B61305 AlternateDataStreams: C:\ProgramData\Temp:F6C0CA66 AlternateDataStreams: C:\ProgramData\Temp:FE1665C7FirewallRules: [TCP Query User{7B7100C2-B57D-48A9-B9BA-762F6B08758A}C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [UDP Query User{A974582D-6DF2-41F5-A91A-4A48D75CC1C1}C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [TCP Query User{55225FED-E2E5-4B9C-901B-16A5D6FE14D0}C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [UDP Query User{AC2518BB-DB98-4485-B52E-A197B944C49E}C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\valérie\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [{9A997605-8911-44F8-9B86-A6C9E2A26A31}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe EmptyTemp: end