~ Rapport de ZHPDiag v2013.10.4.9 - Nicolas Coolman  (04/10/2013)
~ Lancé par Acer (04/10/2013 22:23:39)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v30.0.1599.69

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : GCFF6
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.15 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 10

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (18% free)
System Restore: Activé (Enable)
System drive C: has 18 GB (7%) free of 233 GB

---\\ Mode de connexion au système
~ Computer Name: CARLTON-PC
~ User Name: Acer
~ All Users Names: Administrateur, Acer, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Acer\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Acer\AppData\Roaming\
~ %Desktop% : C:\Users\Acer\Desktop\
~ %Favorites% : C:\Users\Acer\Favorites\
~ %LocalAppData% : C:\Users\Acer\AppData\Local\
~ %StartMenu% : C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 18 Go of 233 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  Out Of Date
~ Security Center: 35 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 03:59:10.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 02:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 02:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 22:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 22:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/11/2010 - 23:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 22:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 22:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 02:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/302
~ Mes musiques (My Musics) : 2/81
~ Mes Videos (My Videos) : 1/14
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/43
~ Mon Bureau (My Desktop) : 5/307
~ Menu demarrer (Programs) : 1/41
~ Hidden Files:  Scanned in 00mn 04s



---\\ Processus lancés
[MD5.D1930CA970D4250D891F432419E3D6C9] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe   [186904] [PID.1852]
[MD5.5A5BF95C7410E96E04C57B06232E9965] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe   [968272] [PID.1932]
[MD5.D0D2289B1F2B4697A33179E5E1DFF5B4] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [141848] [PID.504]
[MD5.BE2A9AB3C18AF1A712AAF8E86A5F959D] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [173592] [PID.1872]
[MD5.62660ADA5E4C8418E71E7AB1992B3AE4] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [150552] [PID.1580]
[MD5.24F82C8466B6F733360CDB27CB3CB02F] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe   [252952] [PID.2064]
[MD5.422150F24F148708C9D3A57DF9C7FDD5] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files\Launch Manager\LMworker.exe   [305744] [PID.2264]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [252848] [PID.2496]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe   [152392] [PID.2508]
[MD5.D1AB72DB2BEDD2F255D35DA3DA0D4B16] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe   [141824] [PID.2528]
[MD5.D106AC11E331EA57C22FEE3FAC9F79D2] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe   [2404376] [PID.2900]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe   [955392] [PID.2916]
[MD5.4D5B132CCDAF222A0A69DFA293C627F7] - (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files\Free Download Manager\fdm.exe   [6875136] [PID.2924]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\Acer\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe   [183096] [PID.1704]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.4976]
[MD5.0D3745CA2F064F2D6B6388C6AA5D3BC7] - (.Google Inc. - Google Chrome.) -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe   [844752] [PID.4060]
[MD5.6BB84262CF78A16DC79D0A5DA441D7D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8042496] [PID.2796]
~ Processes Running:  Scanned in 00mn 08s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://isearch.babylon.com =>Toolbar.Babylon
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.ask.com
G0 - GCSP: Preference [User Data\Default] http://search.babylon.com =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [aaaapnjeoabhkpdiinmomghdncekhiib] Ask Toolbar v.7.15.4.24117 (Désactivé) =>Toolbar.Ask
G2 - GCE: Preference [User Data\Default] [dednnpigldgdbpgcdpfppmlcnnbjciel] General Crawler v.2.5 (Désactivé) =>PUP.MediaFinder
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.5.1 (Désactivé) =>Toolbar.DeltaSearch
G2 - GCE: Preference [User Data\Default] [ieakfmpjhljbpbfpldjkddkjmmgjmgon] WebConnect v.1.0.0 (Activé) =>PUP.WebConnect
G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [ndkhncnongaclekkbelchmeafffimifj] Giant Savings v.1.25.99, (Activé) =>Adware.VidSaver
G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] uTorrentBar_FR v.2.3.7.1 (Désactivé) =>P2P.µTorrent
~ Google Browser: 19 Legitimates Filtered in 03mn 13s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\prefs.js
M3 - MFPP: Plugins - [Acer] -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\searchplugins\safeguard-secure-search.xml
M0 - MFSP: prefs.js [Acer - 1ypqj7ah.default] http://mysearch.avg.com =>Adware.MyWebSearch
M2 - MFEP: prefs.js [Acer - 1ypqj7ah.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.30 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [Acer - 1ypqj7ah.default\crossriderapp4479@crossrider.com] [] Giant Savings v1.0.30 (..) =>Adware.VidSaver
M2 - MFEP: prefs.js [Acer - 1ypqj7ah.default\ossen@yandex.ru] [] VefireTV v1.2 (..)
~ Firefox Browser: 21 Legitimates Filtered in 00mn 08s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com =>Toolbar.Babylon
~ IE Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =>PUP.WebConnect
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} . (.bywifi.com - Bywifi: Video Streaming Helper.) -- C:\Program Files\Bywifi\bywifiie.dll =>Spyware.Bywifi
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\Acer\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder
~ BHO: 18 Legitimates Filtered in 00mn 10s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: (no name) - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Anyplace Control - Admin.lnk . (.Anyplace Control Software - Anyplace Control www.anyplace-control.com.)  -- C:\Program Files\Anyplace Control\apc_Admin.exe 
O4 - GS\Desktop [Public]: Hide IP Easy.lnk . (.easy-hideip.com - Hide IP Easy.)  -- C:\Program Files\HideIPEasy\HideIPEasy.exe 
O4 - GS\QuickLaunch [Acer]: Bywifi accélérateur de vidéo.lnk . (.bywifi.com - Bywifi: Video Streaming Accelerator.)  -- C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi
O4 - GS\QuickLaunch [Acer]: Bywifi convertisseur de vidéo.lnk . (...)  -- C:\Program Files\Bywifi\bywifidl.exe =>Spyware.Bywifi
O4 - GS\Desktop [Acer]: Any Video Converter Professional.lnk . (.Any-Video-Converter.com - Any Video Converter.)  -- C:\Program Files\AnvSoft\Any Video Converter Professional\VideoConvPro.exe 
O4 - GS\Desktop [Acer]: video papis.lnk - Clé orpheline
~ Global Startup: 61 Legitimates Filtered in 01mn 33s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Acer]: Outil de notification de cadeaux MSN.lnk . (.Microsoft Corporation - Outil de notification de cadeaux MSN.)  -- C:\Users\Acer\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe 
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe  =>.Oracle Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe 
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe 
O4 - HKCU\..\Run: [Free Download Manager] . (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files\Free Download Manager\fdm.exe 
O4 - HKCU\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe  =>.Google Inc
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe 
O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Free Download Manager] . (.FreeDownloadManager.ORG - Free Download Manager.) -- C:\Program Files\Free Download Manager\fdm.exe 
O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe 
O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe  =>.Google Inc
O4 - HKUS\S-1-5-21-3604163055-63693509-4103124789-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe 
~ Application:  Scanned in 00mn 02s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: NameServer = 213.154.64.13,213.154.95.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B01EC63-F5CA-4C4D-B3C1-2431BFF06956}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{978173B6-0092-4E56-971A-FB2356F038F8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: NameServer = 213.154.64.13,213.154.95.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B01EC63-F5CA-4C4D-B3C1-2431BFF06956}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{978173B6-0092-4E56-971A-FB2356F038F8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: NameServer = 213.154.64.13,213.154.95.126
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B01EC63-F5CA-4C4D-B3C1-2431BFF06956}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD88726-F82D-468E-A941-ABABD0E91247}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{978173B6-0092-4E56-971A-FB2356F038F8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Update WK (Update WK) . (...) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect
O23 - Service:  (vToolbarUpdater17.0.12) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 10 Legitimates Filtered in 00mn 36s



---\\ Tâches planifiées en automatique (O39)
[MD5.6BF3948B63F0757E773A42C18F55A797] [APT] [{9D0E1973-F4AC-4A26-98BA-D969402136DC}] (.Home.) -- C:\Program Files\Pvm\Piano virtuel midi.exe   [319488]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 11s



---\\ Logiciels installés (O42)
O42 - Logiciel: Bywifi 2.8.1 - (.bywifi.com.) [HKLM] -- Bywifi =>Spyware.Bywifi
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =>PUP.WebConnect
~ Logic: 73 Legitimates Filtered in 00mn 16s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Bywifi] =>Spyware.Bywifi
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\UnPas2Adm.exe]
[HKCU\Software\WebConnect] =>PUP.WebConnect
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\boube_488_Encrypte]
~ Key Software: 172 Legitimates Filtered in 00mn 16s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/05/2012 - 07:25:21 - [0,062] ----D C:\Program Files\Auto Shutdown
O43 - CFD: 02/07/2012 - 14:17:09 - [29,963] ----D C:\Program Files\Bywifi =>Spyware.Bywifi
O43 - CFD: 09/12/2012 - 19:00:42 - [0,004] ----D C:\Program Files\Happy Note
O43 - CFD: 29/09/2013 - 13:44:33 - [2,420] ----D C:\Program Files\WebConnect =>PUP.WebConnect
O43 - CFD: 16/05/2012 - 16:47:47 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 27/02/2013 - 18:34:38 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 19/10/2012 - 02:34:40 - [0,541] -S--D C:\ProgramData\MPK
O43 - CFD: 20/08/2013 - 16:36:40 - [1,444] ----D C:\Users\Acer\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 16/05/2012 - 16:47:47 - [0,009] ----D C:\Users\Acer\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 04/10/2013 - 16:39:19 - [0,447] ----D C:\Users\Acer\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 24/06/2012 - 13:17:06 - [0,926] ----D C:\Users\Acer\AppData\Roaming\Hod_Uninstall
O43 - CFD: 26/08/2012 - 13:58:43 - [0,424] ----D C:\Users\Acer\AppData\Roaming\Media Finder =>PUP.MediaFinder
O43 - CFD: 12/01/2013 - 13:04:18 - [0] ----D C:\Users\Acer\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 14/06/2012 - 22:13:14 - [0,164] ----D C:\Users\Acer\AppData\Local\APN
O43 - CFD: 16/05/2012 - 16:47:50 - [6,188] ----D C:\Users\Acer\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 23/01/2013 - 17:54:30 - [0] ----D C:\Users\Acer\AppData\Local\Giant Savings =>Adware.VidSaver
O43 - CFD: 23/01/2013 - 17:54:38 - [0,197] ----D C:\Users\Acer\AppData\Local\Updater4479 =>PUP.CrossRider
O43 - CFD: 29/06/2012 - 14:41:01 - [0] ----D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bywifi =>Spyware.Bywifi
~ 336 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 546 Legitimates Filtered in 02mn 28s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.483EE995D80D5C0A4435D1A37C4ABA50] - 04/10/2013 - 22:28:57 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [17056]
O44 - LFC:[MD5.483EE995D80D5C0A4435D1A37C4ABA50] - 04/10/2013 - 22:28:57 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [17056]
~ Files: 14 Legitimates Filtered in 01mn 51s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\bywifi  [Key] . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files\Bywifi\bywifi.exe =>Spyware.Bywifi
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogOff"=0
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("avg.install.newtab", true);
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossrider.bic", "139f56091ca112f950f91baac0d3a772"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348436509); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.active", true); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.addressbar", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.backgroundver", 43); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.changeprevious", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348436509"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348436509"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1361136459"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Sun Oct 06 2013 14:47:38 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22SN%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1380639526"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221378614382%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348513247112"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2285442%22"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348499411459"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%22host%22%3A%22academy.musicla[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're sh[...] =>Adware.VidSaver
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.domain", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.enablesearch", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.fbremoteurl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.group", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.homepage", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.iframe", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maro[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%220E8BE0232AFC4A92[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "99"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Mar[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (Maroc)")[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.star[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.manifesturl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings"); =>Adware.VidSaver
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.newtab", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.opensearch", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if([...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 6); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=func[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 16); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},r[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 39); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(w[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIE[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 8); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==tru[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 9); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScri[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:functio[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:a[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document &[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isRea[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function([...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigato[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 3); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 2); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/091/ff/plugins.[...] =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.pluginsversion", 70); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.searchstatus", 0); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.setnewtab", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.settingsurl", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.thankyou", ""); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.updateinterval", 360); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.4479.ver", 99); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.adsOldValue", -1); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.apps", "4479"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.bic", "139f56091ca112f950f91baac0d3a772"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.cid", 4479); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.hadappinstalled", true); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.installationdate", 1348441510); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.lastcheck", 23010659); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.lastcheckitem", 23010659); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.modetype", "production"); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.reportInstall", true); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.statsDailyCounter", 99); =>PUP.CrossRider
O69 - SBI: prefs.js [Acer - 1ypqj7ah.default] user_pref("extensions.crossriderapp4479.updating", true); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FB6095B1-6E99-4244-AA6E-65F6C2E90FA9} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
~ Keys:  Scanned in 00mn 10s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.5611140E8CC5927D371C27EA1F9E71A6] [SPRF][04/10/2013] (...) -- C:\Users\Acer\Desktop\adwcleaner.exe   [1045226]
[MD5.5A0EA36A22384CA00AB57603349386D3] [SPRF][04/10/2013] (...) -- C:\Users\Acer\Desktop\cacaoweb.exe   [452608]  =>PUP.CacaoWeb
[MD5.3BF53B05F1D86595A8E47A6091DEA69A] [SPRF][04/10/2013] (...) -- C:\Users\Acer\Desktop\RogueKiller.exe   [950272]
~ Files: 10 Legitimates Filtered in 00mn 46s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{E5C73A9D-C5F7-4041-9B5C-36EB775AA01C}" |In - Public - P6 - TRUE | .(...) -- E:\pes2011\pes2011.exe (.not file.)
O87 - FAEL: "{71B7C261-1BAD-4711-9251-3A38170F81DE}" |In - Public - P17 - TRUE | .(...) -- E:\pes2011\pes2011.exe (.not file.)
O87 - FAEL: "TCP Query User{2643DED6-7457-4AF8-AF6E-F123479E991C}C:\program files\bywifi\bywifi.exe" | In - Public - P6 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi
O87 - FAEL: "UDP Query User{25093969-6D1B-44DE-A528-A3850DAC36EA}C:\program files\bywifi\bywifi.exe" | In - Public - P17 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi
O87 - FAEL: "TCP Query User{978B5FEB-8953-425C-9427-AA13AAC1B780}C:\program files\bywifi\bywifi.exe" | In - Private - P6 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi
O87 - FAEL: "UDP Query User{8AB8FDFE-E4AB-4A71-A0B7-2CC527EBB7EB}C:\program files\bywifi\bywifi.exe" | In - Private - P17 - TRUE | .(.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\program files\bywifi\bywifi.exe =>Spyware.Bywifi
O87 - FAEL: "TCP Query User{B23D997E-BA2B-48C1-A889-B5A2BD7B3A6E}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{C74BCC9D-5A1D-44E8-804B-DC91D9DE60B5}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O87 - FAEL: "TCP Query User{C4616AAE-0859-4427-97D9-A29F1A9C1C54}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{827073E6-9914-4908-84BB-C7B0941A9521}C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O87 - FAEL: "TCP Query User{386223C0-9E1C-4C7B-A565-A393EB5D3C8F}C:\users\acer\desktop\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\acer\desktop\cacaoweb.exe =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{EF2ED94E-A821-4511-B11D-6E4FF9C097C5}C:\users\acer\desktop\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\acer\desktop\cacaoweb.exe =>PUP.CacaoWeb
~ Firewall: 182 Legitimates Filtered in 00mn 16s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 20/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11/01/2013 544184 |  (APC-Host) . (.Anyplace Control Software.) - C:\Program Files\Anyplace Control\apc_host.exe
SR - | Auto 21/12/2012 57008 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 22/06/2010 321104 |  (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files\Launch Manager\dsiwmis.exe
SS - | Demand 16/04/2011 73520 |  (EWSASERV) . (.ElcomSoft Co. Ltd..) - C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe
SS - | Auto 18/04/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/04/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 13/10/2009 354840 |  (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Demand 20/02/2013 553288 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 17/08/2013 117656 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28/02/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 17/08/2013 199976 |  (Update WK) . (...) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect
SR - | Auto 02/10/2013 1734680 |  (vToolbarUpdater17.0.12) . (.AVG Secure Search.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 41s



---\\ Scan Additionnel (O88)
Database Version : 12937 - (04/10/2013)
Clés trouvées (Keys found) : 79
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 25
Fichiers trouvés  (Files found) : 20

[HKLM\Software\Google\Chrome\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib]   =>Toolbar.Ask^
[HKLM\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel]   =>PUP.MediaFinder^
[HKLM\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]   =>Toolbar.DeltaSearch^
[HKLM\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon]   =>PUP.WebConnect^
[HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab]   =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj]   =>Adware.VidSaver^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}]   =>PUP.WebConnect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}]   =>Spyware.Bywifi^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]   =>PUP.MediaFinder^
[HKLM\SYSTEM\CurrentControlSet\Services\Update WK]   =>PUP.WebConnect^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12]   =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bywifi]   =>Spyware.Bywifi^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect]   =>PUP.WebConnect^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\bywifi]   =>Spyware.Bywifi^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09E90109-A9AA-4980-BCEF-76F8D924E902}]   =>Spyware.Bywifi
[HKLM\Software\Microsoft\Internet Explorer\extensions\{09E90109-A9AA-4980-BCEF-76F8D924E902}]   =>Spyware.Bywifi
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}]   =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}]   =>Spyware.Bywifi
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}]   =>Spyware.Bywifi
[HKLM\Software\Classes\CLSID\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}]   =>Spyware.Bywifi
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]   =>Trojan.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]   =>Trojan.Agent
[HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]   =>Trojan.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\ScriptHelper.EXE]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1]   =>Toolbar.AVGSearch
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib]   =>Toolbar.Conduit
[HKCU\Software\Bywifi]   =>Spyware.Bywifi
[HKLM\Software\Bywifi]   =>Spyware.Bywifi
[HKCU\Software\cacaoweb]   =>PUP.CacaoWeb
[HKCU\Software\Cr_Installer]   =>PUP.CrossRider
[HKCU\Software\MediaFinder]   =>PUP.MediaFinder
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder]   =>PUP.MediaFinder
[HKLM\Software\Classes\gencrawler_gc.GenCrawler]   =>PUP.MediaFinder
[HKCU\Software\Classes\MF]   =>PUP.MediaFinder
[HKLM\Software\Classes\MF]   =>PUP.MediaFinder
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar]   =>Toolbar.AVGSafeGuard
[HKCU\Software\AVG SafeGuard toolbar]   =>Toolbar.AVGSafeGuard
[HKLM\Software\AVG SafeGuard toolbar]   =>Toolbar.AVGSafeGuard
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\]   =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions]   =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}]   =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}]   =>PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}]   =>PUP.WebConnect
[HKLM\Software\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}]   =>PUP.WebConnect
[HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}]   =>PUP.WebConnect
[HKLM\Software\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}]   =>PUP.WebConnect
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]   =>Adware.BrowseFox
[HKLM\Software\Classes\CrossriderApp0004479.BHO]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg   =>Toolbar.Google^
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\cacaoweb@cacaoweb.org   =>PUP.CacaoWeb^
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\crossriderapp4479@crossrider.com   =>Adware.VidSaver^
C:\Program Files\Bywifi   =>Spyware.Bywifi^
C:\Program Files\WebConnect   =>PUP.WebConnect^
C:\ProgramData\Babylon   =>Toolbar.Babylon^
C:\Users\Acer\AppData\Roaming\BabSolution   =>Hijacker.BabSolution^
C:\Users\Acer\AppData\Roaming\Babylon   =>Toolbar.Babylon^
C:\Users\Acer\AppData\Roaming\cacaoweb   =>PUP.CacaoWeb^
C:\Users\Acer\AppData\Roaming\Media Finder   =>PUP.MediaFinder^
C:\Users\Acer\AppData\Roaming\OpenCandy   =>Adware.OpenCandy^
C:\Users\Acer\AppData\Local\Babylon   =>Toolbar.Babylon^
C:\Users\Acer\AppData\Local\Giant Savings   =>Adware.VidSaver^
C:\Users\Acer\AppData\Local\Updater4479   =>PUP.CrossRider^
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bywifi   =>Spyware.Bywifi^
C:\Program Files\Common Files\AVG Secure Search   =>Toolbar.AVGSearch
C:\ProgramData\MPK   =>Keylogger.Agent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bywifi   =>Spyware.Bywifi
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder   =>PUP.MediaFinder
C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com   =>PUP.MediaFinder
C:\Users\Acer\AppData\LocalLow\BabylonToolbar   =>Toolbar.Babylon
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj   =>Adware.VidSaver
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel   =>PUP.MediaFinder
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde   =>Toolbar.DeltaSearch
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab   =>PUP.CacaoWeb
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\1ypqj7ah.default\Extensions\cacaoweb@cacaoweb.org   =>PUP.CacaoWeb
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib   =>Toolbar.Ask^
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon   =>PUP.WebConnect^
C:\Program Files\WebConnect\WebConnectbho.dll   =>PUP.WebConnect^
C:\Program Files\Bywifi\bywifiie.dll   =>Spyware.Bywifi^
C:\Users\Acer\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll   =>PUP.MediaFinder^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll   =>Toolbar.Google^
C:\Program Files\Bywifi\bywifi.exe   =>Spyware.Bywifi^
C:\Program Files\Bywifi\bywifidl.exe   =>Spyware.Bywifi^
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe   =>Toolbar.Google^
C:\Program Files\WebConnect\updateWebConnect.exe   =>PUP.WebConnect^
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe   =>Toolbar.AVGSearch^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\WebConnect]   =>PUP.WebConnect^
[HKLM\Software\Babylon]   =>Toolbar.Babylon^
[HKLM\Software\Conduit]   =>Toolbar.Conduit^
C:\Users\Acer\Desktop\cacaoweb.exe   =>PUP.CacaoWeb^
C:\program files\bywifi\bywifi.exe   =>Spyware.Bywifi^
C:\users\acer\appdata\roaming\cacaoweb\cacaoweb.exe   =>PUP.CacaoWeb^
C:\users\acer\desktop\cacaoweb.exe   =>PUP.CacaoWeb^
~ Additionnel Scan: 306863 Items scanned in 05mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask   =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder   =>PUP.MediaFinder
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect   =>PUP.WebConnect
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb   =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver   =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch   =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26628015-spyware-bywifi   =>Spyware.Bywifi
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google   =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider   =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore   =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy   =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits   =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox   =>Adware.BrowseFox
~ MSI: 18 link(s) detected in 05mn 09s



~ 1382 Legitimates filtered by white list
End of the scan (768 lines in 28mn 38s)(0)