~ Rapport de ZHPDiag v2013.10.4.9 - Nicolas Coolman (04/10/2013) ~ Lancé par Acer (04/10/2013 22:23:39) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16686 MFIE: Mozilla Firefox 23.0.1 (Defaut) GCIE: Google Chrome v30.0.1599.69 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : GCFF6 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Microsoft Security Client FR-FR Language Pack v2.1.1116.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v3.15 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 10 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1013 MB (18% free) System Restore: Activé (Enable) System drive C: has 18 GB (7%) free of 233 GB ---\\ Mode de connexion au système ~ Computer Name: CARLTON-PC ~ User Name: Acer ~ All Users Names: Administrateur, Acer, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Acer\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Acer\AppData\Roaming\ ~ %Desktop% : C:\Users\Acer\Desktop\ ~ %Favorites% : C:\Users\Acer\Favorites\ ~ %LocalAppData% : C:\Users\Acer\AppData\Local\ ~ %StartMenu% : C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 18 Go of 233 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 35 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 03:59:10.) -- C:\Windows\System32\wininet.dll [1767936] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 02:17:56.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 02:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 22:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 22:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/11/2010 - 23:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 22:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 22:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 02:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 02s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/302 ~ Mes musiques (My Musics) : 2/81 ~ Mes Videos (My Videos) : 1/14 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 1/43 ~ Mon Bureau (My Desktop) : 5/307 ~ Menu demarrer (Programs) : 1/41 ~ Hidden Files: Scanned in 00mn 04s ---\\ Processus lancés [MD5.D1930CA970D4250D891F432419E3D6C9] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.1852] [MD5.5A5BF95C7410E96E04C57B06232E9965] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [968272] [PID.1932] [MD5.D0D2289B1F2B4697A33179E5E1DFF5B4] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.504] [MD5.BE2A9AB3C18AF1A712AAF8E86A5F959D] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1872] [MD5.62660ADA5E4C8418E71E7AB1992B3AE4] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1580] [MD5.24F82C8466B6F733360CDB27CB3CB02F] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2064] [MD5.422150F24F148708C9D3A57DF9C7FDD5] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files\Launch Manager\LMworker.exe [305744] [PID.2264] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2496] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.2508] [MD5.D1AB72DB2BEDD2F255D35DA3DA0D4B16] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe [141824] [PID.2528] [MD5.D106AC11E331EA57C22FEE3FAC9F79D2] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2404376] [PID.2900] [MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.2916] [MD5.4D5B132CCDAF222A0A69DFA293C627F7] - (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files\Free Download Manager\fdm.exe [6875136] [PID.2924] [MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\Acer\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.1704] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4976] [MD5.0D3745CA2F064F2D6B6388C6AA5D3BC7] - (.Google Inc. - Google Chrome.) -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe [844752] [PID.4060] [MD5.6BB84262CF78A16DC79D0A5DA441D7D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8042496] [PID.2796] ~ Processes Running: Scanned in 00mn 08s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://isearch.babylon.com =>Toolbar.Babylon G0 - GCSP: Preference [User Data\Default][HomePage] http://www.ask.com G0 - GCSP: Preference [User Data\Default] http://search.babylon.com =>Toolbar.Babylon G2 - GCE: Preference [User Data\Default] [aaaapnjeoabhkpdiinmomghdncekhiib] Ask Toolbar v.7.15.4.24117 (Désactivé) =>Toolbar.Ask G2 - GCE: Preference [User Data\Default] [dednnpigldgdbpgcdpfppmlcnnbjciel] General Crawler v.2.5 (Désactivé) =>PUP.MediaFinder G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.5.1 (Désactivé) =>Toolbar.DeltaSearch G2 - GCE: Preference [User Data\Default] [ieakfmpjhljbpbfpldjkddkjmmgjmgon] WebConnect v.1.0.0 (Activé) =>PUP.WebConnect G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb G2 - GCE: Preference [User Data\Default] [ndkhncnongaclekkbelchmeafffimifj] Giant Savings v.1.25.99, (Activé) =>Adware.VidSaver G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] uTorrentBar_FR v.2.3.7.1 (Désactivé) =>P2P.µTorrent ~ Google Browser: 19 Legitimates Filtered in 03mn 13s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\prefs.js M3 - MFPP: Plugins - [Acer] -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\searchplugins\safeguard-secure-search.xml M0 - MFSP: prefs.js [Acer - 1ypqj7ah.default] http://mysearch.avg.com =>Adware.MyWebSearch M2 - MFEP: prefs.js [Acer - 1ypqj7ah.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.30 (..) =>PUP.CacaoWeb M2 - MFEP: prefs.js [Acer - 1ypqj7ah.default\crossriderapp4479@crossrider.com] [] Giant Savings v1.0.30 (..) =>Adware.VidSaver M2 - MFEP: prefs.js [Acer - 1ypqj7ah.default\ossen@yandex.ru] [] VefireTV v1.2 (..) ~ Firefox Browser: 21 Legitimates Filtered in 00mn 08s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com =>Toolbar.Babylon ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 03s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =>PUP.WebConnect O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} . (.bywifi.com - Bywifi: Video Streaming Helper.) -- C:\Program Files\Bywifi\bywifiie.dll =>Spyware.Bywifi O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\Acer\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder ~ BHO: 18 Legitimates Filtered in 00mn 10s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar: (no name) - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Anyplace Control - Admin.lnk . (.Anyplace Control Software - Anyplace Control www.anyplace-control.com.) -- C:\Program Files\Anyplace Control\apc_Admin.exe O4 - GS\Desktop [Public]: Hide IP Easy.lnk . (.easy-hideip.com - Hide IP Easy.) -- C:\Program Files\HideIPEasy\HideIPEasy.exe O4 - GS\QuickLaunch [Acer]: Bywifi accélérateur de vidéo.lnk . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi O4 - GS\QuickLaunch [Acer]: Bywifi convertisseur de vidéo.lnk . (...) -- C:\Program Files\Bywifi\bywifidl.exe =>Spyware.Bywifi O4 - GS\Desktop [Acer]: Any Video Converter Professional.lnk . (.Any-Video-Converter.com - Any Video Converter.) -- C:\Program Files\AnvSoft\Any Video Converter Professional\VideoConvPro.exe O4 - GS\Desktop [Acer]: video papis.lnk - Clé orpheline ~ Global Startup: 61 Legitimates Filtered in 01mn 33s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Acer]: Outil de notification de cadeaux MSN.lnk . (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\Acer\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Free Download Manager] . (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files\Free Download Manager\fdm.exe O4 - HKCU\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Free Download Manager] . (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files\Free Download Manager\fdm.exe O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe ~ Application: Scanned in 00mn 02s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: NameServer = 213.154.64.13,213.154.95.126 O17 - HKLM\System\CCS\Services\Tcpip\..\{3B01EC63-F5CA-4C4D-B3C1-2431BFF06956}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{978173B6-0092-4E56-971A-FB2356F038F8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: NameServer = 213.154.64.13,213.154.95.126 O17 - HKLM\System\CS1\Services\Tcpip\..\{3B01EC63-F5CA-4C4D-B3C1-2431BFF06956}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{978173B6-0092-4E56-971A-FB2356F038F8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: NameServer = 213.154.64.13,213.154.95.126 O17 - HKLM\System\CS2\Services\Tcpip\..\{3B01EC63-F5CA-4C4D-B3C1-2431BFF06956}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{978173B6-0092-4E56-971A-FB2356F038F8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Update WK (Update WK) . (...) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect O23 - Service: (vToolbarUpdater17.0.12) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: 10 Legitimates Filtered in 00mn 36s ---\\ Tâches planifiées en automatique (O39) [MD5.6BF3948B63F0757E773A42C18F55A797] [APT] [{9D0E1973-F4AC-4A26-98BA-D969402136DC}] (.Home.) -- C:\Program Files\Pvm\Piano virtuel midi.exe [319488] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 11s ---\\ Logiciels installés (O42) O42 - Logiciel: Bywifi 2.8.1 - (.bywifi.com.) [HKLM] -- Bywifi =>Spyware.Bywifi O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =>PUP.WebConnect ~ Logic: 73 Legitimates Filtered in 00mn 16s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Bywifi] =>Spyware.Bywifi [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Cr_Installer] =>PUP.CrossRider [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\MediaFinder] =>PUP.MediaFinder [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\UnPas2Adm.exe] [HKCU\Software\WebConnect] =>PUP.WebConnect [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\Conduit] =>Toolbar.Conduit [HKLM\Software\boube_488_Encrypte] ~ Key Software: 172 Legitimates Filtered in 00mn 16s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 31/05/2012 - 07:25:21 - [0,062] ----D C:\Program Files\Auto Shutdown O43 - CFD: 02/07/2012 - 14:17:09 - [29,963] ----D C:\Program Files\Bywifi =>Spyware.Bywifi O43 - CFD: 09/12/2012 - 19:00:42 - [0,004] ----D C:\Program Files\Happy Note O43 - CFD: 29/09/2013 - 13:44:33 - [2,420] ----D C:\Program Files\WebConnect =>PUP.WebConnect O43 - CFD: 16/05/2012 - 16:47:47 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 27/02/2013 - 18:34:38 - [0] ----D C:\ProgramData\boost_interprocess O43 - CFD: 19/10/2012 - 02:34:40 - [0,541] -S--D C:\ProgramData\MPK O43 - CFD: 20/08/2013 - 16:36:40 - [1,444] ----D C:\Users\Acer\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 16/05/2012 - 16:47:47 - [0,009] ----D C:\Users\Acer\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 04/10/2013 - 16:39:19 - [0,447] ----D C:\Users\Acer\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 24/06/2012 - 13:17:06 - [0,926] ----D C:\Users\Acer\AppData\Roaming\Hod_Uninstall O43 - CFD: 26/08/2012 - 13:58:43 - [0,424] ----D C:\Users\Acer\AppData\Roaming\Media Finder =>PUP.MediaFinder O43 - CFD: 12/01/2013 - 13:04:18 - [0] ----D C:\Users\Acer\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 14/06/2012 - 22:13:14 - [0,164] ----D C:\Users\Acer\AppData\Local\APN O43 - CFD: 16/05/2012 - 16:47:50 - [6,188] ----D C:\Users\Acer\AppData\Local\Babylon =>Toolbar.Babylon O43 - CFD: 23/01/2013 - 17:54:30 - [0] ----D C:\Users\Acer\AppData\Local\Giant Savings =>Adware.VidSaver O43 - CFD: 23/01/2013 - 17:54:38 - [0,197] ----D C:\Users\Acer\AppData\Local\Updater4479 =>PUP.CrossRider O43 - CFD: 29/06/2012 - 14:41:01 - [0] ----D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bywifi =>Spyware.Bywifi ~ 336 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 546 Legitimates Filtered in 02mn 28s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.483EE995D80D5C0A4435D1A37C4ABA50] - 04/10/2013 - 22:28:57 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17056] O44 - LFC:[MD5.483EE995D80D5C0A4435D1A37C4ABA50] - 04/10/2013 - 22:28:57 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17056] ~ Files: 14 Legitimates Filtered in 01mn 51s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\bywifi [Key] . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi ~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoChangeStartMenu"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogOff"=0 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: 16 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("avg.install.newtab", true); O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossrider.bic", "139f56091ca112f950f91baac0d3a772"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348436509); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.active", true); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.addressbar", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.backgroundver", 43); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.changeprevious", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348436509"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348436509"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1361136459"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Sun Oct 06 2013 14:47:38 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22SN%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1380639526"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221378614382%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348513247112"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2285442%22"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348499411459"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%22host%22%3A%22academy.musicla[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're sh[...] =>Adware.VidSaver O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.domain", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.enablesearch", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.fbremoteurl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.group", 0); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.homepage", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.iframe", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maro[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%220E8BE0232AFC4A92[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "99"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Mar[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.star[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.manifesturl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings"); =>Adware.VidSaver O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.newtab", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.opensearch", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if([...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 6); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=func[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},r[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(w[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIE[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 8); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==tru[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 9); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScri[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 4); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:functio[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 4); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:a[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document &[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isRea[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function([...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigato[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 3); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 2); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/091/ff/plugins.[...] =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.pluginsversion", 70); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.searchstatus", 0); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.setnewtab", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.settingsurl", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.thankyou", ""); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.updateinterval", 360); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.ver", 99); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.adsOldValue", -1); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.apps", "4479"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.bic", "139f56091ca112f950f91baac0d3a772"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.cid", 4479); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.firstrun", false); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.hadappinstalled", true); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.installationdate", 1348441510); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.lastcheck", 23010659); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.lastcheckitem", 23010659); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.modetype", "production"); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.reportInstall", true); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.statsDailyCounter", 99); =>PUP.CrossRider O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.updating", true); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {FB6095B1-6E99-4244-AA6E-65F6C2E90FA9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask ~ Keys: Scanned in 00mn 10s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.5611140E8CC5927D371C27EA1F9E71A6] [SPRF][04/10/2013] (...) -- C:\Users\Acer\Desktop\adwcleaner.exe [1045226] [MD5.5A0EA36A22384CA00AB57603349386D3] [SPRF][04/10/2013] (...) -- C:\Users\Acer\Desktop\cacaoweb.exe [452608] =>PUP.CacaoWeb [MD5.3BF53B05F1D86595A8E47A6091DEA69A] [SPRF][04/10/2013] (...) -- C:\Users\Acer\Desktop\RogueKiller.exe [950272] ~ Files: 10 Legitimates Filtered in 00mn 46s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{E5C73A9D-C5F7-4041-9B5C-36EB775AA01C}" |In - Public - P6 - TRUE | .(...) -- E:\pes2011\pes2011.exe (.not file.) O87 - FAEL: "{71B7C261-1BAD-4711-9251-3A38170F81DE}" |In - Public - P17 - TRUE | .(...) -- E:\pes2011\pes2011.exe (.not file.) O87 - FAEL: "TCP Query User{2643DED6-7457-4AF8-AF6E-F123479E991C}C:\program files\bywifi\bywifi.exe" | In - Public - P6 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi O87 - FAEL: "UDP Query User{25093969-6D1B-44DE-A528-A3850DAC36EA}C:\program files\bywifi\bywifi.exe" | In - Public - P17 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi O87 - FAEL: "TCP Query User{978B5FEB-8953-425C-9427-AA13AAC1B780}C:\program files\bywifi\bywifi.exe" | In - Private - P6 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi O87 - FAEL: "UDP Query User{8AB8FDFE-E4AB-4A71-A0B7-2CC527EBB7EB}C:\program files\bywifi\bywifi.exe" | In - Private - P17 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi O87 - FAEL: "TCP Query User{B23D997E-BA2B-48C1-A889-B5A2BD7B3A6E}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{C74BCC9D-5A1D-44E8-804B-DC91D9DE60B5}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "TCP Query User{C4616AAE-0859-4427-97D9-A29F1A9C1C54}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{827073E6-9914-4908-84BB-C7B0941A9521}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "TCP Query User{386223C0-9E1C-4C7B-A565-A393EB5D3C8F}C:\users\acer\desktop\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\acer\desktop\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{EF2ED94E-A821-4511-B11D-6E4FF9C097C5}C:\users\acer\desktop\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\acer\desktop\cacaoweb.exe =>PUP.CacaoWeb ~ Firewall: 182 Legitimates Filtered in 00mn 16s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 20/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 11/01/2013 544184 | (APC-Host) . (.Anyplace Control Software.) - C:\Program Files\Anyplace Control\apc_host.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 22/06/2010 321104 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files\Launch Manager\dsiwmis.exe SS - | Demand 16/04/2011 73520 | (EWSASERV) . (.ElcomSoft Co. Ltd..) - C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe SS - | Auto 18/04/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 18/04/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 13/10/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe SR - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 17/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 17/08/2013 199976 | (Update WK) . (...) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect SR - | Auto 02/10/2013 1734680 | (vToolbarUpdater17.0.12) . (.AVG Secure Search.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe =>Toolbar.AVGSearch SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 41s ---\\ Scan Additionnel (O88) Database Version : 12937 - (04/10/2013) Clés trouvées (Keys found) : 79 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 25 Fichiers trouvés (Files found) : 20 [HKLM\Software\Google\Chrome\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib] =>Toolbar.Ask^ [HKLM\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel] =>PUP.MediaFinder^ [HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^ [HKLM\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon] =>PUP.WebConnect^ [HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^ [HKLM\Software\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj] =>Adware.VidSaver^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}] =>Spyware.Bywifi^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>PUP.MediaFinder^ [HKLM\SYSTEM\CurrentControlSet\Services\Update WK] =>PUP.WebConnect^ [HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12] =>Toolbar.AVGSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bywifi] =>Spyware.Bywifi^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect] =>PUP.WebConnect^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\bywifi] =>Spyware.Bywifi^ [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09E90109-A9AA-4980-BCEF-76F8D924E902}] =>Spyware.Bywifi [HKLM\Software\Microsoft\Internet Explorer\extensions\{09E90109-A9AA-4980-BCEF-76F8D924E902}] =>Spyware.Bywifi [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}] =>Spyware.Bywifi [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}] =>Spyware.Bywifi [HKLM\Software\Classes\CLSID\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}] =>Spyware.Bywifi [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch [HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit [HKCU\Software\Bywifi] =>Spyware.Bywifi [HKLM\Software\Bywifi] =>Spyware.Bywifi [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\Cr_Installer] =>PUP.CrossRider [HKCU\Software\MediaFinder] =>PUP.MediaFinder [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder [HKLM\Software\Classes\gencrawler_gc.GenCrawler] =>PUP.MediaFinder [HKCU\Software\Classes\MF] =>PUP.MediaFinder [HKLM\Software\Classes\MF] =>PUP.MediaFinder [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect [HKLM\Software\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}] =>PUP.WebConnect [HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =>PUP.WebConnect [HKLM\Software\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}] =>PUP.WebConnect [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKLM\Software\Classes\CrossriderApp0004479.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0004479.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0004479.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0004479.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^ C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\cacaoweb@cacaoweb.org =>PUP.CacaoWeb^ C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\crossriderapp4479@crossrider.com =>Adware.VidSaver^ C:\Program Files\Bywifi =>Spyware.Bywifi^ C:\Program Files\WebConnect =>PUP.WebConnect^ C:\ProgramData\Babylon =>Toolbar.Babylon^ C:\Users\Acer\AppData\Roaming\BabSolution =>Hijacker.BabSolution^ C:\Users\Acer\AppData\Roaming\Babylon =>Toolbar.Babylon^ C:\Users\Acer\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^ C:\Users\Acer\AppData\Roaming\Media Finder =>PUP.MediaFinder^ C:\Users\Acer\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\Acer\AppData\Local\Babylon =>Toolbar.Babylon^ C:\Users\Acer\AppData\Local\Giant Savings =>Adware.VidSaver^ C:\Users\Acer\AppData\Local\Updater4479 =>PUP.CrossRider^ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bywifi =>Spyware.Bywifi^ C:\Program Files\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\MPK =>Keylogger.Agent C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bywifi =>Spyware.Bywifi C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder =>PUP.MediaFinder C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder C:\Users\Acer\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj =>Adware.VidSaver C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\Extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib =>Toolbar.Ask^ C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon =>PUP.WebConnect^ C:\Program Files\WebConnect\WebConnectbho.dll =>PUP.WebConnect^ C:\Program Files\Bywifi\bywifiie.dll =>Spyware.Bywifi^ C:\Users\Acer\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder^ C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi^ C:\Program Files\Bywifi\bywifidl.exe =>Spyware.Bywifi^ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^ C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect^ C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe =>Toolbar.AVGSearch^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\WebConnect] =>PUP.WebConnect^ [HKLM\Software\Babylon] =>Toolbar.Babylon^ [HKLM\Software\Conduit] =>Toolbar.Conduit^ C:\Users\Acer\Desktop\cacaoweb.exe =>PUP.CacaoWeb^ C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi^ C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^ C:\users\acer\desktop\cacaoweb.exe =>PUP.CacaoWeb^ ~ Additionnel Scan: 306863 Items scanned in 05mn 00s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder =>PUP.MediaFinder ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect =>PUP.WebConnect ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26628015-spyware-bywifi =>Spyware.Bywifi ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox ~ MSI: 18 link(s) detected in 05mn 09s ~ 1382 Legitimates filtered by white list End of the scan (768 lines in 28mn 38s)(0)