start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-3792903588-1615404425-274105849-1000\...\Run: [cacaoweb] => C:\Users\user\AppData\Roaming\cacaoweb\cacaoweb.exe [554288 2015-11-08] () AppInit_DLLs-x32: c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll => Pas de fichier AutoConfigURL: [S-1-5-21-3792903588-1615404425-274105849-1000] => file://C:\Program Files (x86)\PodoWeb\bin\Pac8806.js HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418845175&from=wpm12173&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418845175&from=wpm12173&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408468575&from=smt&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408468575&from=smt&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418845175&from=wpm12173&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418845175&from=wpm12173&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408468575&from=smt&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408468575&from=smt&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&q={searchTerms} HKU\S-1-5-21-3792903588-1615404425-274105849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418845175&from=wpm12173&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX HKU\S-1-5-21-3792903588-1615404425-274105849-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418845175&from=wpm12173&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX HKU\S-1-5-21-3792903588-1615404425-274105849-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408468575&from=smt&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&q={searchTerms} HKU\S-1-5-21-3792903588-1615404425-274105849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408468575&from=smt&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&q={searchTerms} SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1423496463&from=zbd1&uid=hitachixhts725032a9a364_100514pckn04vlhu6kxjx&q={searchTerms} SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1423496463&from=zbd1&uid=hitachixhts725032a9a364_100514pckn04vlhu6kxjx&q={searchTerms} SearchScopes: HKU\S-1-5-21-3792903588-1615404425-274105849-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03253&utm_campaign=install_ie&utm_content=ds&from=wpm03253&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&ts=1427271673&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3792903588-1615404425-274105849-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03253&utm_campaign=install_ie&utm_content=ds&from=wpm03253&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&ts=1427271673&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3792903588-1615404425-274105849-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03253&utm_campaign=install_ie&utm_content=ds&from=wpm03253&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&ts=1427271673&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3792903588-1615404425-274105849-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03253&utm_campaign=install_ie&utm_content=ds&from=wpm03253&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&ts=1427271673&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3792903588-1615404425-274105849-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03253&utm_campaign=install_ie&utm_content=ds&from=wpm03253&uid=HitachiXHTS725032A9A364_100514PCKN04VLHU6KXJX&ts=1427271673&type=default&q={searchTerms} BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll => Pas de fichier BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll => Pas de fichier BHO-x32: Pas de nom -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Pas de fichier oolbar: HKLM - Pas de nom - {ae07101b-46d4-4a98-af68-0333ea26e113} - Pas de fichier Toolbar: HKLM-x32 - Pas de nom - {ae07101b-46d4-4a98-af68-0333ea26e113} - Pas de fichier FF DefaultSearchEngine: delta-homes FF SearchEngineOrder.1: V9 FF SelectedSearchEngine: delta-homes FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\user.js [2015-09-19] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\searchplugins\delta-homes.xml [2015-12-15] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\searchplugins\trovi-search.xml [2014-12-13] FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\searchplugins\V9.xml [2015-02-21] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml [2014-12-17] FF Extension: cacaoweb - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\cacaoweb@cacaoweb.org [2014-09-27] [non signé] FF Extension: Search Enginer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\sweetsearch@gmail.com [2015-04-22] [non signé] FF Extension: Default NewTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\default_newtabff@gmail.com [2015-07-25] [non signé] FF Extension: Default SearchProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\defsearchp@gmail.com.xpi [2015-12-14] [non signé] FF Extension: YahooToolsProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\yahooprotected@gmail.com.xpi [2015-12-14] [non signé] FF Extension: Security Protection - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\Extensions\detgdp@gmail.com [2014-12-17] [non signé] FF HKLM-x32\...\Firefox\Extensions: [offerboxffx@offerbox.com] - C:\Program Files (x86)\OfferBox\offerboxffx@offerbox.com => non trouvé(e) FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com => non trouvé(e) FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\detgdp@gmail.com FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\quick_searchff@gmail.com => non trouvé(e) FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\sweetsearch@gmail.com FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\p36zv8eg.default\extensions\defsearchp@gmail.com => non trouvé(e) FF HKU\S-1-5-21-3792903588-1615404425-274105849-1000\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension => non trouvé(e) CHR HKLM-x32\...\Chrome\Extension: [bjeikeheijdjdfjbmknpefojickbkmom] - C:\Program Files (x86)\OfferBox\OfferBoxChromeExtension.crx CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx R2 STORS_Service; C:\STORS\STORS Service\Stors_Service.exe [20480 2007-04-04] () [Fichier non signé] S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] R1 {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64; C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys [61008 2014-08-19] (StdLib) R1 {00c97d86-accb-4288-9972-6d929c1fe93a}w64; C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}w64.sys [48720 2014-09-26] (StdLib) S3 CpqDfw; system32\drivers\CpqDfw.sys [X] 2015-12-10 23:46 - 2015-12-10 23:47 - 00000000 ____D C:\Users\user\AppData\Local\bvxvyxxvcy 2015-12-15 21:11 - 2015-11-11 09:02 - 00000000 ____D C:\Program Files (x86)\Picexa 2015-12-15 20:57 - 2014-06-26 23:30 - 00000000 ____D C:\Users\user\AppData\Roaming\cacaoweb 2015-12-10 23:46 - 2015-05-26 17:45 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2011-05-25 16:51 - 2011-05-25 19:14 - 0000392 ____N () C:\ProgramData\49995512 2011-05-25 16:52 - 2011-05-25 19:11 - 0000144 ____N () C:\ProgramData\~49995512 2011-05-25 16:52 - 2011-05-25 19:11 - 0000168 ____N () C:\ProgramData\~49995512r C:\Program Files (x86)\OfferBox C:\Program Files (x86)\XTab C:\Program Files (x86)\MiuiTab c:\progra~3\browse~1 C:\Program Files (x86)\Elex-tech C:\ProgramData\BrowserProtect C:\STORS\STORS Service C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}w64.sys Task: {0929F13F-A76A-487A-9149-CE24F4CCC29D} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect Task: {F93A0787-2E2F-42DA-AD88-4B77FA5BAB00} - System32\Tasks\bvxvyxxvcy => C:\Users\user\AppData\Local\bvxvyxxvcy\bvxvyxxvcy.exe [2015-12-02] () EmptyTemp: end