start CloseProcesses: Hosts: CreateRestorePoint: (Nosibay) C:\Users\derrien\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (Pokki) C:\Users\derrien\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki) C:\Users\derrien\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\derrien\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\derrien\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe HKLM-x32\...\Run: [mbot_en_037050241] => [X] HKLM-x32\...\Run: [sun3] => [X] HKU\S-1-5-21-361793254-2370995334-3555378747-1001\...\Run: [Bubble Dock] => "C:\Users\derrien\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup HKU\S-1-5-21-361793254-2370995334-3555378747-1001\...\Run: [WindApp] => "C:\Users\derrien\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup HKU\S-1-5-21-361793254-2370995334-3555378747-1001\...\Run: [Selection Tools] => C:\Users\derrien\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [3260144 2016-01-04] (Nosibay) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-361793254-2370995334-3555378747-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-361793254-2370995334-3555378747-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-361793254-2370995334-3555378747-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_clu_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0E0A0DzyyB0CyB0A0E0DyDyC0F0A0FtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0AyD0ByC0CtA0AtG0EtB0D0EtGyB0EyEtAtG0A0F0DyBtGtC0DyE0CyDzzyDzz0FyD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0CtC0EyEyBtDtDtG0ByD0EtCtGyE0D0A0FtG0ByEtA0DtG0CzyzzyCtAzytAzzzyzz0EtD2Q&cr=880969286&ir= SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-361793254-2370995334-3555378747-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-361793254-2370995334-3555378747-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_clu_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0E0A0DzyyB0CyB0A0E0DyDyC0F0A0FtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0AyD0ByC0CtA0AtG0EtB0D0EtGyB0EyEtAtG0A0F0DyBtGtC0DyE0CyDzzyDzz0FyD0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0CtC0EyEyBtDtDtG0ByD0EtCtGyE0D0A0FtG0ByEtA0DtG0CzyzzyCtAzytAzzzyzz0EtD2Q&cr=880969286&ir= SearchScopes: HKU\S-1-5-21-361793254-2370995334-3555378747-1001 -> {2DDF553A-C06A-49AB-8D3D-D8BAC5593698} URL = hxxp://www.trovi.com/Results.aspx?q={searchTerms}&GD=SY1000167&SearchSource=56&UM=2 SearchScopes: HKU\S-1-5-21-361793254-2370995334-3555378747-1001 -> {E57CB052-D2CD-11E4-827F-9CAD97C7AED6} URL = hxxps://secure.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms} SearchScopes: HKU\S-1-5-21-361793254-2370995334-3555378747-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} FF NewTab: hxxp://www.yoursearching.com/newtab/?type=nt&ts=1455807617&z=4f5ab8ab2113c0416293f2fg3zcwewcb6efm7q5g0q&from=brd&uid=ST750LM022XHN-M750MBB_S31PJ9FF601862 FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006 FF SelectedSearchEngine: Web Search FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=1455807617&z=4f5ab8ab2113c0416293f2fg3zcwewcb6efm7q5g0q&from=brd&uid=ST750LM022XHN-M750MBB_S31PJ9FF601862 FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006 FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\derrien\AppData\Roaming\Mozilla\Firefox\Profiles\wei5lin8.default\extensions\deskCutv2@gmail.com => non trouvé(e) FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\derrien\AppData\Roaming\Mozilla\Firefox\Profiles\wei5lin8.default\extensions\yahooprotected@gmail.com => non trouvé(e) CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=1455807617&z=4f5ab8ab2113c0416293f2fg3zcwewcb6efm7q5g0q&from=brd&uid=ST750LM022XHN-M750MBB_S31PJ9FF601862 CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1455807617&z=4f5ab8ab2113c0416293f2fg3zcwewcb6efm7q5g0q&from=brd&uid=ST750LM022XHN-M750MBB_S31PJ9FF601862" CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts=1455807617&z=4f5ab8ab2113c0416293f2fg3zcwewcb6efm7q5g0q&from=brd&uid=ST750LM022XHN-M750MBB_S31PJ9FF601862&q={searchTerms} CHR DefaultSearchKeyword: Default -> yoursearching S2 Lekreij; "C:\Users\derrien\AppData\Roaming\EreejLisyxu\Moufji.exe" -cms [X] S2 wofigudyzbt; C:\Program Files (x86)\34444335-1455800147-4B30-4E56-6CC21776E933\knsa245E.tmpfs [X] 2016-02-18 13:56 - 2016-02-18 15:52 - 00010280 _____ C:\WINDOWS\SysWOW64\BoxoreServiceOff.ini 2016-02-18 13:56 - 2016-02-18 15:52 - 00010280 _____ C:\WINDOWS\system32\BoxoreServiceOff.ini 2016-02-18 13:56 - 2016-02-18 13:56 - 00000000 ____D C:\Users\derrien\AppData\Local\Boxore 2016-02-18 13:56 - 2016-01-19 03:22 - 00303984 _____ (Boxore OU) C:\WINDOWS\SysWOW64\BoxoreService.dll 2016-02-18 13:55 - 2016-02-18 17:13 - 00000000 ____D C:\ProgramData\Boxore 2016-02-18 17:38 - 2014-11-12 17:49 - 00000000 ____D C:\Users\derrien\AppData\Local\Lasaoren 2016-02-18 16:03 - 2016-02-18 16:06 - 0001281 _____ () C:\Users\derrien\AppData\Roaming\Bubble Dock.boostrap.log 2016-02-18 16:03 - 2016-02-18 16:04 - 0005723 _____ () C:\Users\derrien\AppData\Roaming\Bubble Dock.installation.log 2016-02-18 16:06 - 2016-02-18 16:06 - 0000078 _____ () C:\Users\derrien\AppData\Roaming\Selection Tools.installation.log 2015-01-17 16:24 - 2015-01-17 16:24 - 0000036 _____ () C:\Users\derrien\AppData\Roaming\SuYZkvrV.tmp 2014-11-12 18:48 - 2014-11-26 12:48 - 0000175 _____ () C:\Users\derrien\AppData\Roaming\WB.CFG 2016-02-18 16:03 - 2016-02-18 16:03 - 0000097 _____ () C:\Users\derrien\AppData\Roaming\WindApp.boostrap.log 2016-02-18 16:04 - 2016-02-18 16:06 - 0000078 _____ () C:\Users\derrien\AppData\Roaming\WindApp.installation.log C:\Users\derrien\AppData\Local\Temp\1CBF.tmp.exe C:\Users\derrien\AppData\Local\Temp\310.tmp.exe C:\Users\derrien\AppData\Local\Temp\364A.tmp.exe C:\Users\derrien\AppData\Local\Temp\3CA3.tmp.exe C:\Users\derrien\AppData\Local\Temp\3FC5.tmp.exe C:\Users\derrien\AppData\Local\Temp\4896.tmp.exe C:\Users\derrien\AppData\Local\Temp\5871.tmp.exe C:\Users\derrien\AppData\Local\Temp\99B9.tmp.exe C:\Users\derrien\AppData\Local\Temp\B29B.tmp.exe C:\Users\derrien\AppData\Local\Temp\bc.exe C:\Users\derrien\AppData\Local\Temp\F27.tmp.exe C:\Users\derrien\AppData\Local\Temp\FA1.tmp.exe C:\Users\derrien\AppData\Local\Temp\hibDB82.exe C:\Users\derrien\AppData\Local\Temp\PA33QUQHV8.exe AnySend (HKLM-x32\...\ASPackage) (Version: - CMI Limited) <==== ATTENTION WindApp (HKU\S-1-5-21-361793254-2370995334-3555378747-1001\...\WindApp) (Version: - Store) <==== ATTENTION Task: {53EF8783-A336-4A2E-9084-376303FF7D40} - System32\Tasks\Selection Tools Update => C:\Users\derrien\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe [2016-01-04] (Nosibay) <==== ATTENTION Task: {B0B62FBB-B1A6-48CC-AE18-E4AA81329E0C} - System32\Tasks\WindApp Update => C:\Users\derrien\AppData\Roaming\Store\WindApp\WindApp Update.exe [2015-03-20] (Nosibay) <==== ATTENTION Task: {E26032E4-AB86-4617-86F8-ED8BCF79B3D7} - System32\Tasks\SweetLabs App Platform => C:\Users\derrien\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-02-15] (Pokki) FirewallRules: [{FE14DF77-126F-4DEE-A58A-9F8E9842C138}] => (Allow) C:\ProgramData\Boxore\7.1\node.exe FirewallRules: [{B16CAE05-F3CB-43F1-888D-EB5AE111083E}] => (Allow) C:\ProgramData\Boxore\7.1\node.exe C:\ProgramData\Boxore\7.1\node.exe EmptyTemp: end