Galére avec omiga_plus

Bonjour,aidez moi svp,jsuis dans une vrai galére avec omiga_plus
~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Lancé par CORALIE (28/10/2014 23:08:01)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17351
MFIE: Mozilla Firefox 33.0
GCIE: Google Chrome v38.0.2125.111 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : BPYCD
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.7.306
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3971 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 422 GB (92%) free of 454 GB

---\\ Mode de connexion au système
~ Computer Name: COCO
~ User Name: CORALIE
~ All Users Names: HomeGroupUser$, CORALIE, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\CORALIE\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\CORALIE\AppData\Roaming\
~ %Desktop% : C:\Users\CORALIE\Desktop\
~ %Favorites% : C:\Users\CORALIE\Favorites\
~ %LocalAppData% : C:\Users\CORALIE\AppData\Local\
~ %StartMenu% : C:\Users\CORALIE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 422 Go of 454 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] - (.Microsoft Corporation - Explorateur Windows.) (.22/08/2014 - 23:48:28.) -- C:\Windows\Explorer.exe [2374784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 01:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/09/2014 - 16:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/02/2014 - 01:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 00:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 19:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 04:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 03:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 00:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 01:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 03:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 03:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 04:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.29/04/2014 - 22:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 03:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/07/2014 - 07:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 03:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 03:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 11:12:11.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 05:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.18/06/2014 - 18:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/16
~ Mes musiques (My Musics) : 1/7
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/145
~ Mon Bureau (My Desktop) : 2/6
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.BB87425C5035D1F8BA7FEFFBBA2AA7E3] - (.Pas de propriétaire - Viber.) -- C:\Users\CORALIE\AppData\Local\Viber\Viber.exe [930816] [PID.3300]
[MD5.DE1C19537602BAF9BC79BB35B794E257] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760] [PID.1592]
[MD5.9C1BDB837A2DA4FFC60CB61CEEA3E334] - (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800] [PID.3452]
[MD5.7632A6EA63FEEBC2798D3852CE754972] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168] [PID.4148]
[MD5.66A4A7C7802E0968E07647999FFC87E2] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344] [PID.2956]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.5000]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\CORALIE\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\CORALIE\AppData\Roaming\Mozilla\Firefox\Profiles\ft4hydre.default\prefs.js
M3 - MFPP: Plugins - [CORALIE] -- C:\Users\CORALIE\AppData\Roaming\Mozilla\Firefox\Profiles\ft4hydre.default\searchplugins\Astromenda.xml =>PUP.Astromenda
M3 - MFPP: Plugins - [CORALIE] -- C:\Users\CORALIE\AppData\Roaming\Mozilla\Firefox\Profiles\ft4hydre.default\searchplugins\Web Search.xml =>Parasite.Pugi
M0 - MFSP: prefs.js [CORALIE - ft4hydre.default] http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
M2 - MFEP: prefs.js [CORALIE - ft4hydre.default\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f}] [] Astrmenda Search v2.0 (..)
M2 - MFEP: Extension [CORALIE - ft4hydre.default] {f2548724-373f-45fe-be6a-3a85e87b7711}
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\QuickLaunch [CORALIE]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\QuickLaunch [CORALIE]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\TaskBar [CORALIE]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\TaskBar [CORALIE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\TaskBar [CORALIE]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [CORALIE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
~ Global Startup: 10 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TSSSrv] . (.TOSHIBA Corporation - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Function Key Main Module.) -- C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\CORALIE\AppData\Local\Viber\Viber.exe
O4 - HKCU\..\Run: [Tango] . (.Tango Inc. - Tango.) -- C:\Program Files (x86)\Tango\Tango.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Wow6432Node\Run: [1.TPUReg] . (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKUS\S-1-5-21-3336125791-145706014-1294135698-1001\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\CORALIE\AppData\Local\Viber\Viber.exe
O4 - HKUS\S-1-5-21-3336125791-145706014-1294135698-1001\..\Run: [Tango] . (.Tango Inc. - Tango.) -- C:\Program Files (x86)\Tango\Tango.exe
O4 - HKUS\S-1-5-21-3336125791-145706014-1294135698-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D90AF15-A7C6-4413-A6B0-AB7D19675F92}: DhcpNameServer = 192.168.100.1 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D90AF15-A7C6-4413-A6B0-AB7D19675F92}: DhcpDomain = webtrotter.sfr.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D90AF15-A7C6-4413-A6B0-AB7D19675F92}: DhcpNameServer = 192.168.100.1 192.168.100.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D90AF15-A7C6-4413-A6B0-AB7D19675F92}: DhcpDomain = webtrotter.sfr.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 192.168.100.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: DTS APO Service (dts_apo_service) . (.Pas de propriétaire - dts_apo_service.) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: rcores (rcores) . (...) - C:\Windows\rcore.exe
~ Services: 18 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.56377173DD7C1D5CB6ACE6A102168286] [APT] [{832BCBB1-0FF4-4607-8C59-EA6DD8BD1C90}] (.Skytech Co., Ltd..) -- C:\Users\CORALIE\AppData\Roaming\omiga-plus\UninstallManager.exe [1927680] =>Hijacker.OmigaPlus
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: WindowsMangerProtect20.0.0.1013 - (.WindowsProtect LIMITED.) [HKLM][64Bits] -- WindowsMangerProtect =>PUP.Fuyu
O42 - Logiciel: omiga-plus uninstall - (.omiga-plus.) [HKLM][64Bits] -- omiga-plus uninstall =>Hijacker.OmigaPlus
~ Logic: 33 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Cores]
[HKCU\Software\PIcColor]
[HKLM\Software\Wow6432Node\MaxPower]
~ Key Software: 198 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/10/2014 - 22:35:26 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 28/10/2014 - 19:55:00 - [0] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 28/10/2014 - 20:22:25 - [] ----D C:\ProgramData\PicColorData
O43 - CFD: 28/10/2014 - 19:54:02 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 28/10/2014 - 19:55:33 - [] -SH-D C:\Users\CORALIE\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 28/10/2014 - 19:51:37 - [] ----D C:\Users\CORALIE\AppData\Roaming\omiga-plus =>Hijacker.OmigaPlus
O43 - CFD: 28/10/2014 - 22:35:33 - [] ----D C:\Users\CORALIE\AppData\Roaming\PicColor Utility
O43 - CFD: 28/10/2014 - 22:42:12 - [] ----D C:\Users\CORALIE\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 28/10/2014 - 22:35:26 - [] ----D C:\Users\CORALIE\AppData\Local\LPT =>Adware.Incredibar
O43 - CFD: 28/10/2014 - 20:11:48 - [] ----D C:\Users\CORALIE\AppData\Local\Smartbar
~ Program Folder: 124 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B6F423906D3E10BE38C16726C0905033] - 15/10/2014 - 22:25:56 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [388729]
O44 - LFC:[MD5.61875854932E80701A6D9B447810229E] - 27/10/2014 - 09:51:40 ---A- . (...) -- C:\Windows\rcore.exe [1318912]
O44 - LFC:[MD5.5B3ABF9C1AA7556C3A36FEA4E695C5D2] - 28/10/2014 - 18:56:44 ---A- . (...) -- C:\end [4]
~ Files: 77 Legitimates Filtered in 01mn 19s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.67A3E0A2645DCEDFC48718FDDE3C497C] - 28/10/2014 - 18:58:32 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-53752276.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.E6DD7729DA640FB4EF28CE18BF9A0ADA] - 28/10/2014 - 18:59:24 ---A- - C:\Windows\Prefetch\BOXORE.EXE-666CD123.pf =>Adware.Boxore
O45 - LFCP:[MD5.AB658FE5A1386A9B003964E300D1A709] - 28/10/2014 - 18:59:20 ---A- - C:\Windows\Prefetch\BOXORE.EXE-B76A4A01.pf =>Adware.Boxore
O45 - LFCP:[MD5.D48C7228194B31492837ADD275F87570] - 28/10/2014 - 18:49:19 ---A- - C:\Windows\Prefetch\BOXOREINSTALLER.EXE-895515DA.pf =>Adware.Boxore
O45 - LFCP:[MD5.FA70B3A05B53245F80C192C316876C6D] - 28/10/2014 - 18:52:33 ---A- - C:\Windows\Prefetch\BOXOREINSTALLER.EXE-BC34CE18.pf =>Adware.Boxore
O45 - LFCP:[MD5.7ACB724560415E6F256E81DDA0C16C02] - 28/10/2014 - 18:59:21 ---A- - C:\Windows\Prefetch\BUBBLE DOCK BSETUP.EXE-1CA5F762.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.15968E2B80027DF5F4B79138E880FCBE] - 28/10/2014 - 19:07:50 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-A730D919.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.A4CB8C100C76D6DC4242765C8ADACF3A] - 28/10/2014 - 18:59:12 ---A- - C:\Windows\Prefetch\INSTALL_BUBBLEDOCK.EXE-7A943140.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.6F92B4E9626C7EC539CCB2209A6878D1] - 28/10/2014 - 19:02:00 ---A- - C:\Windows\Prefetch\LBUBBLE DOCK.EXE-F55C3AF5.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.7CB7F45BA16DDF3D4899661A3271C873] - 28/10/2014 - 18:49:25 ---A- - C:\Windows\Prefetch\LLY_OMIGA-PLUS.EXE-40429D4E.pf =>Hijacker.OmigaPlus
O45 - LFCP:[MD5.728FBD27EE8EB9994DDF34E8141F788B] - 28/10/2014 - 18:52:36 ---A- - C:\Windows\Prefetch\LLY_OMIGA-PLUS.EXE-CEA7E212.pf =>Hijacker.OmigaPlus
O45 - LFCP:[MD5.926B983B3EC5F00405591F95FBB487A5] - 28/10/2014 - 18:56:49 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.1EAAB3197673F6D2C362F2A3399FF0C5] - 28/10/2014 - 18:50:42 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-30ADB493.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.1226E8FD0360D59F50D3FF39280CC349] - 28/10/2014 - 18:54:53 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-BB850472.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.CF69BAACA36B500533C01C21A37EED41] - 28/10/2014 - 21:39:42 ---A- - C:\Windows\Prefetch\SIGNUP WIZARD.EXE-9554BD21.pf =>PUP.JDIBackup
O45 - LFCP:[MD5.A6D2C7B65B48DACC68EBA2D17B37C644] - 28/10/2014 - 19:12:33 ---A- - C:\Windows\Prefetch\SMARTBAR.EXE-6334AE78.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.C5D58F78B32448EE40D2FBB9F555973A] - 28/10/2014 - 21:20:13 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-EBC187BA.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.9FC5ACE63A02C8E844576C49A9F43CAB] - 28/10/2014 - 18:55:00 ---A- - C:\Windows\Prefetch\SUPIEPLUGINSERVICEUPDATE.EXE-64C891B3.pf =>PUP.IePluginService
O45 - LFCP:[MD5.7F98F528D484BDA741B6474F9954488C] - 28/10/2014 - 18:54:43 ---A- - C:\Windows\Prefetch\SUPTAB_V5.8.8.777_NOBLANK_AMY-8C5F49D0.pf =>PUP.SupTab
O45 - LFCP:[MD5.C6A94129B071C60FE869DE7B2B58F829] - 28/10/2014 - 19:08:30 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-CD2598BB.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.321BE7F44991ABE72A98EF5B5298301E] - 28/10/2014 - 19:08:40 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-E3B453A0.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.C7FF0E8EE58F8CF39C310E00BC43C78A] - 28/10/2014 - 18:49:27 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-ABA09C6F.pf =>Adware.Downware
O45 - LFCP:[MD5.D824BD76FB8D6D1A3351334B935134C6] - 28/10/2014 - 21:38:20 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-D0171CE4.pf =>Adware.Downware
O45 - LFCP:[MD5.B863C3B214E2410EE4D500F57C8ED2C0] - 28/10/2014 - 18:54:12 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1013_NS.EXE-5E9836F8.pf =>PUP.WpManager
~ Prefetcher: 24 Legitimates Filtered in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:12/08/2013 - 15:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:22/08/2013 - 04:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:16/08/2013 - 04:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
O58 - SDL:19/08/2013 - 11:32:10 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [32624]
O58 - SDL:28/07/2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 59 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 21/10/2014 - 23:10:01 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll [146248]
O61 - LFC: 23/10/2014 - 23:10:49 ---A- . (...) -- C:\Users\CORALIE\AppData\Roaming\PicColor Utility\RfndNSIS.dll [544768]
O61 - LFC: 28/10/2014 - 23:10:04 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\Cloud_Backup_Setup[1].exe [73816]
O61 - LFC: 28/10/2014 - 23:10:04 ---A- . (.The Software Group.) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\BoxoreInstaller[2].exe [620656] =>Adware.Boxore
O61 - LFC: 28/10/2014 - 23:10:05 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\FastPlayerSetup[1].exe [6775329]
O61 - LFC: 28/10/2014 - 23:10:05 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\FastPlayerSetup[2].exe [2119656]
O61 - LFC: 28/10/2014 - 23:10:06 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\PIcColor[1].exe [217744]
O61 - LFC: 28/10/2014 - 23:10:06 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\setup[1].exe [2375180]
O61 - LFC: 28/10/2014 - 23:10:06 ---A- . (.One Syn.) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\lly_omiga-plus[1].exe [576592] =>Hijacker.OmigaPlus
O61 - LFC: 28/10/2014 - 23:10:06 ---A- . (.PicColor.) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\DDXSO2ED\PicColorInstall[1].exe [5485048]
O61 - LFC: 28/10/2014 - 23:10:20 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\EVHRARMF\Setup[1].exe [592173]
O61 - LFC: 28/10/2014 - 23:10:21 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\EVHRARMF\TotalSystemCare-Setup[1].exe [8625]
O61 - LFC: 28/10/2014 - 23:10:21 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\EVHRARMF\VOPackage[2].exe [281195] =>Adware.Downware
O61 - LFC: 28/10/2014 - 23:10:21 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\EVHRARMF\update[1].exe [1398922]
O61 - LFC: 28/10/2014 - 23:10:21 ---A- . (...) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\EVHRARMF\urlblockindex[2].bin [16]
O61 - LFC: 28/10/2014 - 23:10:21 ---A- . (.CMI Limited.) -- C:\Users\CORALIE\AppData\Local\Microsoft\Windows\INetCache\IE\S0W14072\AnyProtectSetup[1].exe [612252] =>PUP.AnyProtect
O61 - LFC: 28/10/2014 - 23:10:51 ---A- . (...) -- C:\Users\CORALIE\AppData\Roaming\VOPackage\VOPackage.exe [281195] =>Adware.Downware
~ 464 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 131 Legitimates Filtered in 00mn 51s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (omiga-plus) - http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O69 - SBI: SearchScopes [HKCU] {5871621B-16CB-4C42-9DD0-12D582727D87} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
~ BTK: 39 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 27/10/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 15/10/2014 994096 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 20/09/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 21/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 11/10/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 18/07/2013 116088 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SR - | Auto 15/10/2014 431920 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 15/10/2014 431920 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 01/10/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 23/09/2014 160560 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/09/2013 19792 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
SR - | Auto 27/03/2013 163168 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 03/09/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 03/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 03/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 27/10/2014 1318912 | (rcores) . (...) - C:\Windows\rcore.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 31/07/2013 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 09/08/2013 328544 | (TOSHIBA eco Utility Service) . (.Toshiba Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
SR - | Demand 04/09/2013 466504 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by CORALIE at 28/10/2014 23:12:40
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by CORALIE at 28/10/2014 23:12:42
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 9
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall] =>Hijacker.OmigaPlus^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\CORALIE\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\CORALIE\AppData\Roaming\omiga-plus =>Hijacker.OmigaPlus^
C:\Users\CORALIE\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\CORALIE\AppData\Local\LPT =>Adware.Incredibar^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\CORALIE\AppData\Local\Smartbar =>Hijacker.SmartBar
C:\Users\CORALIE\AppData\Local\Software =>Adware.Boxore
C:\Users\CORALIE\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar
C:\Users\CORALIE\AppData\Roaming\omiga-plus\UninstallManager.exe =>Hijacker.OmigaPlus^
C:\Users\CORALIE\AppData\Local\Temp\boxore.dat =>Adware.Boxore
~ Additionnel Scan: 181064 Items scanned in 00mn 15s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-astromenda =>PUP.Astromenda
http://nicolascoolman.fr/parasite-pugi =>Parasite.Pugi
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://nicolascoolman.fr/adware-incredibar =>Adware.Incredibar
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
~ MSI: 15 link(s) detected in 00mn 00s



~ 746 Legitimates filtered by white list
End of the scan (534 lines in 04mn 56s)(0)