Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013
Run by JEAN CLAUDE at 21/06/2013 18:29:41
WebSite: [url=http://nicolascoolman.webs.com]Home - Malicius Software Information[/url]
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16599 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 8 Business Edition, 32-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 7QTB3
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Malwarebytes Anti-Malware version 1.70.0.1100
Norton Internet Security v20.3.1.22
Spybot - Search & Destroy v1.6.2
Windows Defender W8
---\\ System Optimizer
CCleaner v3.23 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Reader XI
---\\ System Information
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (54% free)
System Restore: Activ� (Enable)
System drive C: has 43 GB (30%) free of 140 GB
---\\ Logged in mode
~ Computer Name: JEANCLAUDE-HP
~ User Name: JEAN CLAUDE
~ All Users Names: JEAN CLAUDE, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\JEAN CLAUDE\AppData\Roaming\
~ %Desktop% : C:\Users\JEAN CLAUDE\Desktop\
~ %Favorites% : C:\Users\JEAN CLAUDE\Favorites\
~ %LocalAppData% : C:\Users\JEAN CLAUDE\AppData\Local\
~ %StartMenu% : C:\Users\JEAN CLAUDE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 43 Go of 140 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E:\ CD-ROM drive (Free 0 Go of 0 Go)
---\\ Security Center & Tools Informations
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.953ADECFF08202A01EFC6110214FDE02] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 06:56:41.) -- C:\Windows\Explorer.exe [2115952]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.2E326CC5E440CA50515C124D208327CE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/04/2013 - 23:30:55.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.87DA6ACA9AF2F536C68471787D1B3F4A] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:08:28.) -- C:\Windows\System32\Winlogon.exe [411648]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.F12EFEE4DD20519D0DDF8D78704EE4DE] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:50:41.) -- C:\Windows\system32\Drivers\AFD.sys [438272]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 04:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.B21FDAC50FCD4CE53C203F097273532A] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:34:25.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.4A219AB84D6936C2A61FF44D32EF378D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 06:29:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.5FAC7AC77D9ADD42579EDF678F08DF9F] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:30:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.99C73E3FE9B36275BD91D2009F2BA2E0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 10:53:24.) -- C:\Windows\system32\Drivers\ntfs.sys [1614568]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 05:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.8E15C3D58A8ADE841060661DBA6E7A9B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.26/07/2012 - 04:39:34.) -- C:\Windows\system32\Drivers\volsnap.sys [282352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/198
~ Mes musiques (My Musics) : 1/1230
~ Mes Videos (My Videos) : 2/69
~ Mes Favoris (My Favorites) : 1/92
~ Mes Documents (My Documents) : 2/2724
~ Mon Bureau (My Desktop) : 2/197
~ Menu demarrer (Programs) : 1/84
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lanc�s
[MD5.241BD3019FB31E812A51B31B06906335] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [144520] [PID.2984]
[MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) -- C:\WINDOWS\system32\taskhostex.exe [53760] [PID.1184]
[MD5.2B7F42426A50667994A00C22CBFF2E1F] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe [11077984] [PID.4280]
[MD5.ABA41BB9B872699D0DCE69717759072E] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [147456] [PID.5728]
[MD5.674E33892FCFC25DF29954D017325C8C] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe [138672] [PID.9816]
[MD5.0679A1395545C74ECB50F13FEDFD77A4] - (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe [2396160] [PID.9424]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.9036]
[MD5.A06991C31365300DA45D5D719EFF6DCB] - (.SpeedBit LTD - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [1494216] [PID.4408]
[MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.5432]
[MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18680424] [PID.8908]
[MD5.F843A5182EF483C0DF374AC507DEE0A7] - (.Yuna Software - Messenger Plus! (for Skype).) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe [7801344] [PID.4660]
[MD5.B8C96951E66589A8BE736C04A630AE64] - (.Alexandr Irza - Volume� - advanced Windows volume control.) -- C:\Program Files\Volume2\Volume2.exe [4710912] [PID.8640]
[MD5.C56270AE93484595950102DF6B23CAEC] - (...) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [1044224] [PID.4328]
[MD5.0550FBCEE76B6B8BD0045C898394E728] - (.Pierre TORRIS - Sauvegarde et restauration du bureau.) -- C:\Program Files\IcoSauve\IcoSauve.exe [131072] [PID.4912]
[MD5.7FCD78F5AF2EFF12DE4BA17E36082B1E] - (...) -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe [123136] [PID.4404]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe [770608] [PID.7424]
[MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.1192]
[MD5.B657BF5D3AEDD9C05983DFB84CDE2C0E] - (.Adobe Systems Incorporated - Adobe� Flash� Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [805752] [PID.8312]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - H�te Microsoft WWA.) -- C:\WINDOWS\system32\wwahost.exe [333824] [PID.2536]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.1688]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://start.myplaycity.com]MyPlayCity Search[/url]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Tracker Software Products (Canada) Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} . (...) -- mscoree.dll (.not file.)
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} Cl� orpheline
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} . (.LastPass - LastPass Toolbar.) -- C:\Program Files\LastPass\LPToolbar.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} . (.IvoSoft - Customizations for the title bar and status.) -- C:\Program Files\Classic Shell\ClassicIE9dll_32.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: LastPass Toolbar - [HKLM]{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} . (.LastPass - LastPass Toolbar.) -- C:\Program Files\LastPass\LPToolbar.dll
O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] . (.Acronis - Acronis TIB Monitor.) -- C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [XLaunchpad] . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] . (.SpeedBit LTD - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
O4 - HKCU\..\Run: [Volume2] . (.Alexandr Irza - Volume� - advanced Windows volume control.) -- C:\Program Files\Volume2\Volume2.exe
O4 - HKCU\..\Run: [NETGEARGenie] . (...) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
O4 - HKCU\..\Run: [DriverFinder] . (.Pas de propri�taire - DriverFinder.) -- C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [XLaunchpad] . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [SpeedBitVideoAccelerator] . (.SpeedBit LTD - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [Volume2] . (.Alexandr Irza - Volume� - advanced Windows volume control.) -- C:\Program Files\Volume2\Volume2.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [NETGEARGenie] . (...) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [DriverFinder] . (.Pas de propri�taire - DriverFinder.) -- C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Free FLV Converter.lnk . (.Koyote Soft - Tube Finder - Free FLV Converter.) -- C:\Program Files\Free FLV Converter\FreeFLVConverter.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Actualit� MSN.fr.url . (.Koyote Soft - Tube Finder - Free FLV Converter.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Actualit� MSN.fr.url
O4 - GS\Desktop: Advanced Uninstaller PRO 11.lnk . (.Innovative Solutions - Advanced Uninstaller.) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Amazon.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Amazon.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Bing.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Bing.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\BNPParibas.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\BNPParibas.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\DiapoTop PPS.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\DiapoTop PPS.url
O4 - GS\Desktop: E-Verbe.lnk . (.Circitor - Pas de description.) -- C:\Program Files\Circitor\e-verbe\e-verbe.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Eurosport.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Eurosport.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook..url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook..url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook.url
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\L'�quipe.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\L'�quipe.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Le monde des pps.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Le monde des pps.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Ligue 1.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Ligue 1.url
O4 - GS\Desktop: M�dicaments.lnk . (...) -- C:\Users\JEAN CLAUDE\Documents\M�dicaments
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\M�t�o Pauillac.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\M�t�o Pauillac.url
O4 - GS\Desktop: Norton Internet Security.lnk . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\uistub.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Outlook Mail jccoco33@live.fr.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Outlook Mail jccoco33@live.fr.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Play TV.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Play TV.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\PPSMania.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\PPSMania.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Qwant.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Qwant.url
O4 - GS\Desktop: RarmaRadio.lnk . (.Raimersoft - RarmaRadio.) -- C:\Program Files\RarmaRadio\RarmaRadio.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\Desktop: XLaunchPad.lnk . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Yahoo Sport.url . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Yahoo Sport.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\�Traduction.url . (.Nicolas Coolman - ZHPDiag.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\�Traduction.url
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} . (.LastPass - LastPass Toolbar.) -- C:\Program Files\LastPass\LPToolbar.dll
O9 - Extra button: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Cl� orpheline
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Garmin Communicator Plug-In (Garmin Communicator Plug-In) - [url=https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB]https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB[/url]
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} ((no name)) - [url=http://support.asus.com/select/asusTek_sys_ctrl3.cab]http://support.asus.com/select/asusTek_sys_ctrl3.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{86EA9C3C-34DD-4F2F-8DAC-9B03D4E1185A}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{86EA9C3C-34DD-4F2F-8DAC-9B03D4E1185A}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\261339~1.144\{c16c1~1\browse~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Desk 365 service (desksvc) . (...) - C:\Program Files\Desk 365\deskSvc.exe (.not file.) =>Hijacker.22Find
O23 - Service: (IBUpdaterService) . (...) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
O23 - Service: NETGEARGenieDaemon (NETGEARGenieDaemon) . (.NETGEAR - NETGEAR Genie Daemon for Windows.) - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: Predator ACE (PredatorACE) . (...) - C:\Program Files\Predator2\PredatorACE.exe (.not file.)
O23 - Service: (vToolbarUpdater14.0.1) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 23 Legitimates Filtered in 00mn 18s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\G�n�ration Sauvegarde JEAN CLAUDE.job [336]
[MD5.00000000000000000000000000000000] [APT] [4785] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.F1B6B19AA752DEA83BCE4DFEF3D4C5BA] [APT] [EPUpdater] (...) -- C:\Users\JEAN CLAUDE\AppData\Roaming\BabSolution\Shared\BabMaint.exe [9808] =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Omiga Plus RunAsStdUser] (...) -- C:\Program Files\Omiga Plus\omigaplus.exe (.not file.) [0]
[MD5.81800928E0F713DF31F3393CC26F4013] [APT] [Programme de mise � jour en ligne de Divx] (...) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{061D11DB-B1A1-462D-987D-435180612AC4}] (...) -- C:\Users\JEAN CLAUDE\Downloads\DriveClone 6.04 Exprex.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0C64FBEC-62F5-494E-90A7-8EAA7B7097C0}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Ashield Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1C11ACBA-76EA-437F-AAC1-EC34C2C222A8}] (...) -- F:\myuninst\D�installeur Myuninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1DC69092-0D00-43EB-9139-6B2B7ED00AFC}] (...) -- C:\Users\JEAN CLAUDE\Desktop\meteo-fusion_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{21408D7B-964F-47B2-B11F-6F5DEA12DC4F}] (...) -- C:\Users\JEAN CLAUDE\Desktop\pendu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{24EB1AE4-9DD0-4061-AB9D-393D59C7A758}] (...) -- C:\Program Files\YAYG\UninstallerData\Uninstall yayg2fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2E07ABCD-69C7-415F-A7F4-E709A927EF54}] (...) -- C:\Users\JEAN CLAUDE\Desktop\DriveClone6.04Express_FR_09052212S.exe (.not file.) [0]
[MD5.48325A133F62E1AA5AF309B1C217EBB9] [APT] [{3218D7A0-42D2-42F7-8292-D4F8AD985A98}] (...) -- C:\Program Files\Astase\UltraBackup\4.9\unins000.exe [695760]
[MD5.00000000000000000000000000000000] [APT] [{32EF430F-7935-4F1E-B78A-9BACDCC5EA17}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Setup_QI98_100\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{35C36EF1-B185-422D-8E12-BFC27362A0FC}] (...) -- C:\Program Files\Free Belote\FreeBelote.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{36BE575C-0759-455F-ACA4-C291E33595BF}] (...) -- F:\myuninst\myuninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{496B79DF-EFEB-40F3-A3F5-E3B8A04369EB}] (...) -- C:\Users\JEAN CLAUDE\Documents\Framakey.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{53F0D46B-D4EC-4DAD-A692-35C80C42FDCF}] (...) -- C:\Users\JEAN CLAUDE\Documents\News interceptor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{55092A00-8BB9-4657-B35E-C92FBD5A2AD2}] (...) -- H:\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5DCD294C-6BCC-43B9-BD6B-C88233588637}] (...) -- F:\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F4F0288-710A-41AF-9611-81D759ACFE3C}] (...) -- C:\Users\JEAN CLAUDE\Documents\Kikoo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F526B4D-0167-40FC-82A0-0DF9B774798A}] (...) -- C:\Program Files\RocketDock\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{60B592C3-CDC6-4916-AA0A-2BB16C08B518}] (...) -- C:\Users\JEAN CLAUDE\Pictures\ib\20111029120526\Uno_PC_jeu_gratuit.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{60D0D80D-C64E-4B54-AAA0-E94FF1EB3555}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Kikoo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6A5047CF-5117-4048-8F3D-AAA70ABA7E3F}] (...) -- F:\Frama\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{77B3095F-B614-498E-93DD-BCD19B43713C}] (...) -- F:\1Framkey\Framakey.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7FF8565E-C3FA-444B-8BFA-CFA0BDF9B0EB}] (...) -- C:\Users\JEAN CLAUDE\Documents\PortableApps\OpenOfficePortable\OpenOfficeBasePortable.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8B4FDF06-CB32-4D14-91EF-EEF3D0DBDD8A}] (...) -- C:\Users\JEAN CLAUDE\Documents\Lastpass.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{944F7720-E564-49F8-9D48-24AE6C5FA89A}] (...) -- C:\Users\JEAN CLAUDE\Documents\qi98_100.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A0DD9D43-F6B6-4EC1-AFCE-442F9242E22B}] (...) -- C:\Program Files\Filzip\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A1F66397-06A2-42AE-AD58-AFA4D0ED8324}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Paragon_SystemBackup2010-rc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AA62236C-7A2A-4809-87FF-E7D570FAA4FB}] (...) -- C:\Users\JEAN CLAUDE\Documents\3D Yahtzee unlimited.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ABD0BD1D-3835-4AA4-973C-A52FFE7304A4}] (...) -- C:\Users\JEAN CLAUDE\Desktop\norton-ghost_norton_ghost_15.0_francais_77626.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF94B138-2C08-49B5-87A5-EAC4740FEE9B}] (...) -- C:\Users\JEAN CLAUDE\Desktop\InfralogsAAAAAAAAA.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B7FD3314-8577-4BD2-B59E-C5AA4CD22B91}] (...) -- C:\Users\JEAN CLAUDE\Desktop\NXPowerLite-3.0.2-v_Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C65C86E9-F53C-49EA-8A8E-4B2DBBAC0A91}] (...) -- H:\qi98_100.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C9B28512-FA40-467E-A340-6FAD9C019B4F}] (...) -- C:\Users\JEAN CLAUDE\Downloads\DriveClone 6 Express.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D829CC6E-8585-431D-AA20-DF867321DBC1}] (...) -- C:\Users\JEAN CLAUDE\Desktop\RCFR205DOGTC3 Ramdam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D865A645-E990-4B8A-B144-6EAF090C75C1}] (...) -- C:\Users\JEAN CLAUDE\Downloads\DriveClone 6.04 Exprex Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7D80D9E-B4E0-42A7-AC0B-54B54DC6AC43}] (...) -- C:\Users\JEAN CLAUDE\Desktop\PILOTE Navirad_USB_win7.exe (.not file.) [0]
[MD5.9579D7FA16F8D2F9C6BEDE3F3593D51A] [APT] [{E9BE5DF9-EB94-461B-B3B9-71FEBC3A375F}] (...) -- C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe [70670]
[MD5.00000000000000000000000000000000] [APT] [{E9FB9BB4-F6E7-45C9-A4B8-6A3146F84636}] (...) -- F:\1Framkey\Framakey.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2F41833-4CC8-43B9-A5C5-4D6CE745EC28}] (...) -- C:\Users\JEAN CLAUDE\Documents\Sokoban.exe (.not file.) [0]
~ Scheduled Task: 77 Legitimates Filtered in 00mn 11s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
O40 - ASIC: Adobe Reader User Settings - {A6EADE66-0000-0000-484E-7E8A45000000} . (.Adobe Systems, Inc. - Acrobat Install On Demand.) -- C:\Program Files\Adobe\Reader 11.0\Esl\AiodLite.dll
~ Active Setup: 11 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (VHDMgr) . (.Certit PTY LTD - VHDMount Driver.) - C:\Windows\system32\drivers\VHDMount-x86.sys
~ Drivers: 56 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Appetizer 1.4 - (.Appetizer Project.) [HKLM] -- Appetizer
O42 - Logiciel: CacheMyWork - (.Codeplex.) [HKLM] -- {4CD3A1CB-EB91-4DC5-B636-33B66BA56162}
O42 - Logiciel: Dietetik 5.3 - (...) [HKLM] -- Dietetik 5.3
O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT =>Adware.IncrediBar
O42 - Logiciel: JOC Web Spider 5.6.1.0 - (.Jocsoft.com.) [HKLM] -- JOC Web Spider_is1
O42 - Logiciel: Mots Cach�s 2.0 - (.Edmond Doudard.) [HKLM] -- Mots Cach�s 2.0_is1
O42 - Logiciel: Panopreter Basic version 3.0.9 - (.Panopreter.com.) [HKLM] -- Panopreter Basic_is1
O42 - Logiciel: Traqueur 3.1.13 - (...) [HKLM] -- Traqueur_is1
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh =>PUP.iMesh
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} =>PUP.iMesh
~ Logic: 213 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\4kdownload.com]
[HKCU\Software\5a578ddbb23eb845]
[HKCU\Software\AppDataLow\Software\mediabarim]
[HKCU\Software\AppDataLow\conduit_CT2812103]
[HKCU\Software\Appetizer]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Blabbers ] =>PUP.Blabbers
[HKCU\Software\BooRee-USB]
[HKCU\Software\Bruno]
[HKCU\Software\ClearProg]
[HKCU\Software\D2Soft Technologies]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\GreatestsPlacesMR]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\Junoplay.com]
[HKCU\Software\MSNCleaner]
[HKCU\Software\MandarkLib]
[HKCU\Software\Mediaforma]
[HKCU\Software\Mobatek]
[HKCU\Software\NKH]
[HKCU\Software\Namida]
[HKCU\Software\NetIntellGames]
[HKCU\Software\Panopreter]
[HKCU\Software\RandyRants]
[HKCU\Software\Rebit]
[HKCU\Software\Recreasoft]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WEDLMNGR]
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\WinYam]
[HKCU\Software\bbrs_002.tb]
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\5a578ddbb23eb845]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Bytesignals]
[HKLM\Software\Cortex I.T]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\GSplit]
[HKLM\Software\Panopreter]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\V9]
[HKLM\Software\deskSvc]
[HKLM\Software\iWin]
~ Key Software: 503 Legitimates Filtered in 00mn 05s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/05/2013 - 12:05:44 - [62,116] ----D C:\Program Files\4KDownload
O43 - CFD: 24/08/2011 - 17:20:46 - [1,900] ----D C:\Program Files\alot
O43 - CFD: 23/03/2012 - 17:20:15 - [2,493] ----D C:\Program Files\Appetizer
O43 - CFD: 14/04/2011 - 16:25:45 - [0,646] ----D C:\Program Files\BooRee-USB
O43 - CFD: 26/03/2012 - 11:00:28 - [0,441] ----D C:\Program Files\Bytesignals
O43 - CFD: 09/09/2012 - 17:35:37 - [0,150] ----D C:\Program Files\CacheMyWork
O43 - CFD: 20/04/2012 - 13:08:55 - [8,454] ----D C:\Program Files\Cvf
O43 - CFD: 05/08/2011 - 19:31:30 - [1,842] ----D C:\Program Files\GLD
O43 - CFD: 29/08/2011 - 12:47:17 - [0,419] ----D C:\Program Files\Horloge
O43 - CFD: 22/03/2011 - 11:03:07 - [40,885] ----D C:\Program Files\iMesh Applications =>PUP.iMesh
O43 - CFD: 04/08/2011 - 20:48:19 - [17,964] ----D C:\Program Files\Jeu de mots
O43 - CFD: 24/08/2011 - 14:57:36 - [0,693] ----D C:\Program Files\Jocsoft
O43 - CFD: 13/04/2012 - 19:22:28 - [0,000] ----D C:\Program Files\Kikoo
O43 - CFD: 06/09/2012 - 12:20:56 - [0] ----D C:\Program Files\MailPops
O43 - CFD: 30/08/2011 - 13:53:33 - [0,327] ----D C:\Program Files\MEGAYAM12
O43 - CFD: 28/07/2011 - 18:49:18 - [2,022] ----D C:\Program Files\MotsCach�s 2.0
O43 - CFD: 28/07/2011 - 19:13:50 - [28,015] ----D C:\Program Files\nkh
O43 - CFD: 29/03/2013 - 10:52:51 - [2,655] ----D C:\Program Files\Panopreter Basic
O43 - CFD: 04/06/2013 - 23:04:54 - [0,359] ----D C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM
O43 - CFD: 27/05/2013 - 10:34:47 - [33,331] ----D C:\Program Files\Common Files\337
O43 - CFD: 23/03/2012 - 22:31:31 - [0,124] ----D C:\Program Files\Common Files\GSplit
O43 - CFD: 10/07/2012 - 11:12:20 - [0,004] ----D C:\ProgramData\14164
O43 - CFD: 01/06/2012 - 10:49:21 - [0,004] ----D C:\ProgramData\15231
O43 - CFD: 06/06/2013 - 23:07:43 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 11/12/2011 - 17:50:20 - [0] ----D C:\ProgramData\BackupAssist v6
O43 - CFD: 08/11/2011 - 23:42:27 - [0] ----D C:\ProgramData\clonehdd
O43 - CFD: 08/11/2011 - 23:40:06 - [0] ----D C:\ProgramData\complexbackup
O43 - CFD: 06/11/2011 - 20:07:05 - [1,338] ----D C:\ProgramData\EmbeddedThalliumBackup
O43 - CFD: 27/05/2013 - 10:32:12 - [0,344] ----D C:\ProgramData\eSafe
O43 - CFD: 19/04/2013 - 11:37:12 - [10,820] ----D C:\ProgramData\FantastiGames
O43 - CFD: 15/12/2011 - 23:52:41 - [0] ----D C:\ProgramData\fscltdcn
O43 - CFD: 23/08/2011 - 22:00:45 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 22/03/2011 - 11:01:27 - [0,087] ----D C:\ProgramData\iMesh =>PUP.iMesh
O43 - CFD: 23/08/2011 - 21:57:37 - [5,969] ----D C:\ProgramData\IncrediMail
O43 - CFD: 17/03/2012 - 16:41:43 - [0,016] ----D C:\ProgramData\Kamzy
O43 - CFD: 10/02/2013 - 22:03:47 - [0,000] ----D C:\ProgramData\T1 Games
O43 - CFD: 07/06/2013 - 13:37:41 - [1,044] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 22/03/2011 - 11:03:36 - [15,243] --H-D C:\ProgramData\{8126394B-2C0C-4BB4-BAF9-51D47FAA35C8}
O43 - CFD: 06/06/2012 - 09:00:34 - [2,099] ----D C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
O43 - CFD: 09/03/2012 - 12:15:46 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\#Hf
O43 - CFD: 10/09/2012 - 14:29:55 - [0,160] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\021B7700-F6AF-4B3D-9934-198A03668E1B
O43 - CFD: 21/11/2011 - 12:55:01 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\19E2A8F1-EA7E-4E3C-97F1-B6CFDEE420C8
O43 - CFD: 08/12/2011 - 21:47:50 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\2644F65A-E343-4BEE-902D-537DFE4A77D5
O43 - CFD: 08/10/2012 - 13:48:55 - [6,701] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\2A420449-FA2A-414C-AA83-CFE9639D4295
O43 - CFD: 27/05/2013 - 10:46:48 - [3,727] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\337
O43 - CFD: 14/11/2011 - 21:37:06 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\3B3F8B7F-8BE8-464B-B0BA-D1609EE48C1A
O43 - CFD: 16/11/2011 - 01:15:00 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\47A12FCB-DD26-421B-B8F4-388F4A473989
O43 - CFD: 02/11/2011 - 22:38:26 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\5C98F1E0-8EEF-4CCB-B368-5985C241ED62
O43 - CFD: 31/08/2012 - 14:32:03 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\6B8E6E38-EEC8-48EE-B495-999522707502
O43 - CFD: 31/08/2012 - 23:46:59 - [0,160] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\754013CC-DF53-45BE-895A-A613526CC529
O43 - CFD: 13/12/2011 - 21:02:11 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\77BEC253-B909-47BD-846A-AF7561160DFC
O43 - CFD: 15/12/2011 - 23:07:32 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\A5649297-7B73-4108-9D2A-E5F94964A15D
O43 - CFD: 01/09/2012 - 19:49:11 - [0,160] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\A8707AE3-892E-4363-8297-69507D90D07B
O43 - CFD: 13/12/2011 - 21:02:12 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\AEBC32A0-79FA-41DC-B9DC-63AB91ECDC16
O43 - CFD: 26/08/2011 - 13:17:17 - [4,615] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\AlertInfo
O43 - CFD: 09/03/2012 - 14:40:45 - [0,025] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Appetizer
O43 - CFD: 08/12/2011 - 21:47:48 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\B703EBB6-41F1-4D2B-A508-7822AFD32DD4
O43 - CFD: 06/06/2013 - 23:08:51 - [1,551] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 06/06/2013 - 23:07:42 - [0,012] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 08/12/2011 - 23:22:51 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\C0C5DCEE-09F5-47A4-A1ED-0D8B6C731D03
O43 - CFD: 02/11/2011 - 22:38:26 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\C8AF61D7-C404-4AC8-BD77-A2202C068678
O43 - CFD: 16/11/2011 - 01:15:02 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\CA8B123C-2097-4C81-AD16-A0C953C62A3B
O43 - CFD: 07/02/2013 - 16:22:06 - [0,017] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\CRDeltaTB =>Toolbar.DeltaSearch
O43 - CFD: 22/08/2011 - 15:30:11 - [0,183] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\D2Soft Technologies
O43 - CFD: 19/05/2013 - 16:54:57 - [6,765] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\D4594DF4-65E1-46B9-8F44-8209C057C8DF
O43 - CFD: 08/03/2012 - 18:11:19 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Ditto
O43 - CFD: 20/11/2011 - 11:39:11 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\E0A9CF91-400F-4EDD-92F1-1ED0372A8B30
O43 - CFD: 09/12/2011 - 00:13:25 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\E2E8E565-CE99-481E-B508-303179BC9E65
O43 - CFD: 20/11/2011 - 23:35:11 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\E99C69E3-8B0E-4F0D-B1AF-842DDFF473FE
O43 - CFD: 10/09/2012 - 14:29:56 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\EF8A193E-0BFC-4B82-A7D7-9E0EEDDFA8DE
O43 - CFD: 23/03/2012 - 22:33:39 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\GSplit
O43 - CFD: 28/02/2011 - 11:47:39 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\newfolder3
O43 - CFD: 26/03/2012 - 11:00:39 - [6,595] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\nspaces_bytesignals
O43 - CFD: 24/06/2012 - 08:48:56 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Obvious Idea
O43 - CFD: 31/01/2013 - 11:06:22 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\PhoXo
O43 - CFD: 01/04/2012 - 09:51:17 - [9,554] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\RaimaRadioPro
O43 - CFD: 13/05/2013 - 12:06:50 - [0,000] ----D C:\Users\JEAN CLAUDE\AppData\Local\4kdownload.com
O43 - CFD: 22/03/2012 - 14:51:06 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Local\Finkit
O43 - CFD: 22/03/2012 - 13:59:11 - [17,459] ----D C:\Users\JEAN CLAUDE\AppData\Local\IM
O43 - CFD: 12/07/2012 - 23:09:25 - [73,550] ----D C:\Users\JEAN CLAUDE\AppData\Local\iMesh =>PUP.iMesh
O43 - CFD: 05/08/2011 - 19:44:45 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Local\MLSofts
O43 - CFD: 29/08/2011 - 18:16:55 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Local\Stephane_Blanc_(whithix@g
O43 - CFD: 24/08/2011 - 09:53:03 - [3,383] ----D C:\Users\JEAN CLAUDE\AppData\Local\Wysigot
O43 - CFD: 14/01/2013 - 13:28:14 - [0,004] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appetizer
~ 1348 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 2121 Legitimates Filtered in 01mn 08s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.8378774ABC9CAA2C60B298AE0C084FB7] - 19/06/2013 - 14:37:38 ---A- . (...) -- C:\Windows\System32\Drivers\SYMEVENT.CAT [7446]
O44 - LFC:[MD5.2A8DCC2EC2AC5C0588F818B16E606CED] - 19/06/2013 - 14:37:38 ---A- . (...) -- C:\Windows\System32\Drivers\SYMEVENT.INF [806]
O44 - LFC:[MD5.EC986C5883EFCC9DD761B8A0E42E0E32] - 19/06/2013 - 10:48:20 ---A- . (...) -- C:\{B074EC48-5E4D-4FBE-B37B-DFBDBE9A38C1} [3104]
O44 - LFC:[MD5.A9F329E89F81FF972A29D940DF9D9A98] - 19/06/2013 - 07:58:50 ---A- . (...) -- C:\{BDC1C8AB-5975-42C1-8F02-0FA9202EC2B1} [1920]
O44 - LFC:[MD5.BEAD8D869F7708C05AAC44F7A3F0939D] - 19/06/2013 - 07:58:50 ---A- . (...) -- C:\{D429AB96-6C7E-4E64-A8AB-545A76482F73} [56]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/06/2013 - 07:31:10 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.FD8B71811C97420DC08DB8161401C544] - 16/06/2013 - 15:54:35 ---A- . (...) -- C:\{35D8FD05-4C10-4CC9-8BC9-F2EB35B21CF6} [1968]
O44 - LFC:[MD5.351EF211FC5DA078A02376D24E6829AF] - 16/06/2013 - 07:30:53 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386646]
O44 - LFC:[MD5.F1DB5C8D8148E1D93403497B8DE9C491] - 15/06/2013 - 07:47:05 ---A- . (...) -- C:\{158DA3C5-E4B4-4B3E-A7A1-94C4DE5D3AB9} [1880]
O44 - LFC:[MD5.FBC05F89700D83B0A43353E1ACE915F5] - 07/06/2013 - 12:47:00 ---A- . (...) -- C:\Convertxto DVD4 Setup.exe [946968]
O44 - LFC:[MD5.444C17D4E51CAA49D47F5DF6FD8D2472] - 06/06/2013 - 22:19:50 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [1833]
~ Files: 91 Legitimates Filtered in 00mn 07s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export DP - "C:\Program Files\JeuDeMots\JeuDeMots.exe" [Enabled] .(...) -- C:\Program Files\JeuDeMots\JeuDeMots.exe (.not file.)
~ Keys Export: 2 Legitimates Filtered in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Acronis - Acronis Relogon Authentication Package.) -- C:\Windows\System32\relog_ap.dll
~ LSA: 10 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{a684a55b-4776-11e2-9333-1cc1de608de5}\AutoRun\command. (...) -- F:\SFRLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\autoupdater [Key] . (...) -- C:\Users\JEAN CLAUDE\AppData\Roaming\Agence-Exclusive\Agence-Exclusive\autoupdater.exe (.not file.) =>PUP.AgenceExcusive
O53 - SMSR:HKLM\...\startupreg\Browser companion helper [Key] . (...) -- C:\Program Files\BrowserCompanion\BCHelper.exe (.not file.) =>PUP.Blabbers
O53 - SMSR:HKLM\...\startupreg\Hiyo [Key] . (.IncrediMail, Ltd. - HiYo - IncrediMail Ltd Messenger plugin.) -- C:\Program Files\HiYo\bin\HiYo.exe
O53 - SMSR:HKLM\...\startupreg\XLaunchpad [Key] . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 25 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.96191579DDB1A201A2FB79C1D05680B4] - 26/07/2012 - 04:42:31 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [85232]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Alternate Data Stream File (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Aide Screensaver.URL:favicon
~ ADS: Scanned in 00mn 06s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- F:\ Op�ra\operausb1152int\Opera.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [url=http://www.bing.com]Bing[/url]
O69 - SBI: SearchScopes [HKCU] {08B6DF35-0855-487F-AE45-EB4CD3E3BD81} - (findr Customized Web Search) - [url=http://search.conduit.com]Rechercher [/url]
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Babylon) - [url=http://search.babylon.com]Babylon Search[/url] =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [url=http://www.google.com]Google[/url]
O69 - SBI: SearchScopes [HKCU] {c1d89ae7-449d-4929-b24b-fded04adbe06} - (Glary Search) - [url=http://isearch.glarysoft.com]Search[/url]
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_3.pnge
~ Files: Scanned in 07mn 49s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.BDB348099D8B3D66167E5B0D60AB2A7C] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\580E687C-8169-4D16-B8DF-3B12ADE7531C.dat [70662]
[MD5.4EC1A6CBC253DA199A35F0DBB940D4D6] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\6BEF6965-814C-4AD5-AEA7-44D7BF3A9966.dat [39602]
[MD5.B8B1C3A971F50CAAF75B69199BBE8FF2] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\78B76D8A-42BC-4DA3-99C0-AEFD581DBBD2.dat [37056]
[MD5.6B09F69D4FCB227928F297EE47EFA756] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\D7D368F9-3B8A-4746-AE91-D845597D82F6.dat [69578]
[MD5.2C22064707F874C3BCD11A068CE83B1A] [SPRF][20/06/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\SkypeSetup.exe [31668840]
[MD5.F6917EAF1CEECA34E15C1B330E6BCE7A] [SPRF][19/06/2013] (.Symantec Corporation - Norton Internet Security.) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_5239.exe [883064]
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][07/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Roaming\inst.exe [87608]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][07/06/2013] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\JEAN CLAUDE\AppData\Roaming\pcouffin.sys [47360]
[MD5.A95866BA166A09E360BB88DA72D4531D] [SPRF][15/05/2013] (...) -- C:\Users\JEAN CLAUDE\Desktop\adwcleaner.exe [628743]
[MD5.B9CB373322D54AFE555E3301B02C4A25] [SPRF][21/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\JEAN CLAUDE\Desktop\ZHPDiag2.exe [5684132]
[MD5.1211439494E20C51377E47982A384986] [SPRF][22/11/2012] (.Pas de propri�taire - asusTek_sys_ctrl Module.) -- C:\Windows\Downloaded Program Files\asusTek_sys_ctrl.dll [148352]
[MD5.F1CD64DD3702BDCDFB0531BB21C6BEFC] [SPRF][21/06/2011] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 10.3 r181.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3123872]
~ Files: Scanned in 00mn 03s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{57949277-5A98-4265-9CB5-B2014EE36837}" |In - Private - P17 - TRUE | .(...) -- F:\ Op�ra\operausb1152int\opera.exe (.not file.)
O87 - FAEL: "{6456AFE9-B6EF-4DE8-8748-2E2C18E1CBB9}" |In - Private - P6 - TRUE | .(...) -- F:\ Op�ra\operausb1152int\opera.exe (.not file.)
O87 - FAEL: "{A9316E6D-CD3D-477F-84C5-C23FEAFD94F9}" | In - Private - P17 - TRUE | .(.ZGuideTV Team - ZGuideTV.NET.) -- C:\Program Files\ZGuideTVDotNet\ZGuideTVDotNet.exe
O87 - FAEL: "{DA1FEE2C-387A-4606-A5C6-D8F954B2FE03}" | In - Private - P6 - TRUE | .(.ZGuideTV Team - ZGuideTV.NET.) -- C:\Program Files\ZGuideTVDotNet\ZGuideTVDotNet.exe
O87 - FAEL: "{60A0F2E2-1533-403B-AEE3-8F953F83096F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{AAE58660-4008-4E91-8DB8-B1ECEFD7E114}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{5A1F75D1-15F4-48F7-8026-CE79C95A7D7C}" | In - Private - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{AC58803C-1778-43DE-85F0-7D91342A3E83}" | In - Private - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{E1A3B7A8-DB0F-4305-AF78-44284EF95ADA}" | In - Domain - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{841EF6D7-E475-4770-A582-07505AEC9AFB}" | In - Domain - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{069A75AD-4C98-4D30-8513-CBFE1C6D5EE8}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\RpcSandraSrv.exe (.not file.)
O87 - FAEL: "{B3CBEB82-E8FA-4328-B3AD-ECA2A86F869B}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{84CAB624-0291-4574-951A-7026263AB2A0}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
~ Firewall: 261 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Cl�s trouv�es (Keys found) : 136
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 13
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\Interface\{0bbf19a5-be50-4e06-a340-6777a505e490}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{2d77ac8a-0a4c-40d0-9557-51907a575e45}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{869e753f-bd0d-4832-8131-94feee058ae3}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKLM\Software\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}] =>Toolbar.Kiwee
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{69d3f709-9de2-479f-980f-532d46895703}] =>Adware.BHO
[HKLM\Software\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}] =>Adware.BHO
[HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{969D2C61-9B16-407c-86B7-397BF4579BE6}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{969D2C61-9B16-407c-86B7-397BF4579BE6}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}] =>Adware.BHO
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\iMesh.exe] =>PUP.iMesh
[HKLM\Software\Classes\AppID\Launcher.EXE] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFile3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\nctaudiocdwriter2.audiocdwriter2] =>Adware.RecordNRip
[HKLM\Software\Classes\nctaudiocdwriter2.audiocdwriter2.1] =>Adware.RecordNRip
[HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.IncrediBar
[HKCU\Software\BlabbersToolbar] =>PUP.Blabbers
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\iMesh] =>PUP.iMesh
[HKLM\Software\iwin] =>Adware.BHO
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar
[HKCU\Software\bbrs_002.tb] =>PUP.Blabbers
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKCU\Software\AppDataLow\Software\mediabarim] =>PUP.iMesh
[HKLM\Software\Classes\Installer\Features\8BA64C84994367940971B95E325644E3] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Installer\Products\8BA64C84994367940971B95E325644E3] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\desksvc] =>Hijacker.22find
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\Tuto4pcFrSoftonicBHO.DLL] =>Spyware.AgenceExclusive
[HKCU\Software\AppDataLow\conduit_CT2812103] =>Toolbar.Conduit
C:\Program Files\alot =>Adware.CometSystems
C:\Program Files\iMesh Applications =>PUP.iMesh
C:\Program Files\Common Files\337 =>Hijacker.22find
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\FantastiGames =>Toolbar.Agent
C:\ProgramData\iMesh =>PUP.iMesh
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh =>PUP.iMesh
C:\Users\JEAN CLAUDE\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\JEAN CLAUDE\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\JEAN CLAUDE\AppData\Roaming\337 =>Hijacker.22find
C:\Users\JEAN CLAUDE\AppData\Local\iMesh =>PUP.iMesh
C:\Users\JEAN CLAUDE\AppData\LocalLow\alot =>Adware.CometSystems
C:\Users\JEAN CLAUDE\AppData\Local\Temp\AskSearch =>Toolbar.AskBarDis
~ Additionnel Scan: 410270 Items scanned in 01mn 23s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "532E1E0054BA59641A6570138149E94D" . (.HiYo.) -- C:\Windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\ARPPRODUCTICON.exe
O90 - PUC: "5FEC1DB69749045408E4DB01716597D4" . (.Predator.) -- C:\Windows\Installer\{6BD1CEF5-9479-4540-804E-BD101756794D}\_853F67D554F05449430E7E.exe
O90 - PUC: "8BA64C84994367940971B95E325644E3" . (.Delta.) -- C:\WINDOWS\Installer\{48C46AB8-3499-4976-9017-9BE52365443E}\Delta.ico
~ Update Products: 73 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\5a578ddbb23eb845]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\5a578ddbb23eb845]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKCU\Software\5a578ddbb23eb845]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SERVICE_NAME="BrowserDefendert"
[HKCU\Software\5a578ddbb23eb845]:usrcheckbox="1"
[HKCU\Software\5a578ddbb23eb845]:version="2.6.1339.144"
[HKLM\Software\5a578ddbb23eb845]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\5a578ddbb23eb845]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\5a578ddbb23eb845]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKLM\Software\5a578ddbb23eb845]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SERVICE_NAME="BrowserDefendert"
[HKLM\Software\5a578ddbb23eb845]:usrcheckbox="1"
[HKLM\Software\5a578ddbb23eb845]:version="2.6.1339.144"
~ Export Key Software: Scanned in 00mn 02s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 15/02/2013 831152 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/01/2013 251400 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/05/2013 3808248 | (afcdpsrv) . (.Acronis.) - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 12/04/2013 68608 | (ClassicShellService) . (.IvoSoft.) - C:\Program Files\Classic Shell\ClassicShellService.exe
SS - | Auto 0 | (desksvc) . (...) - C:\Program Files\Desk 365\deskSvc.exe =>Hijacker.22Find
SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe
SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe
SS - | Disabled 23/04/2010 514232 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe
SR - | Auto 25/02/2013 101376 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 25/02/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 25/08/2009 77824 | (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Disabled 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SR - | Auto 12/03/2013 185688 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
SS - | Auto 23/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SR - | Auto 09/09/2011 86072 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Auto 1167152 | (IBUpdaterService) . (...) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 19/05/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 07/05/2013 128000 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SR - | Auto 07/04/2013 195840 | (NETGEARGenieDaemon) . (.NETGEAR.) - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
SR - | Auto 23/12/2012 144520 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
SS - | Disabled 14/10/2009 635416 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files\PDF Complete\pdfsvc.exe
SS - | Auto 0 | (PredatorACE) . (...) - C:\Program Files\Predator2\PredatorACE.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 16/03/2012 25008 | (SFR.Dashboard.Service) . (.SFR.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe
SS - | Disabled 02/11/2009 431456 | (SgtSch2Svc) . (.Seagate.) - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 20/03/2013 7093272 | (syncagentsrv) . (.Acronis.) - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
SR - | Auto 07/06/2013 4150112 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Disabled 04/01/2008 1949696 | (ThalliumServer) . (.Astase.) - C:\Program Files\Astase\UltraBackup\4.9\bin\tbsd.exe
SS - | Disabled 04/01/2008 620032 | (thpassivesvc) . (.Astase.) - C:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
SS - | Auto 29/05/2012 1528672 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
SS - | Auto 20/09/2012 23040 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/04/2012 265928 | (VideoAcceleratorService) . (.SpeedBit Ltd..) - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
SS - | Auto 0 | (vToolbarUpdater14.0.1) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, [url=http://ad13.geekstog]http://ad13.geekstog[/url]
Run by JEAN CLAUDE at 21/06/2013 18:42:06
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 3456 Legitimates filtered by white list
End of the scan (1236 lines in 12mn 24s)(20)
Run by JEAN CLAUDE at 21/06/2013 18:29:41
WebSite: [url=http://nicolascoolman.webs.com]Home - Malicius Software Information[/url]
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16599 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 8 Business Edition, 32-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 7QTB3
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Malwarebytes Anti-Malware version 1.70.0.1100
Norton Internet Security v20.3.1.22
Spybot - Search & Destroy v1.6.2
Windows Defender W8
---\\ System Optimizer
CCleaner v3.23 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Reader XI
---\\ System Information
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3062 MB (54% free)
System Restore: Activ� (Enable)
System drive C: has 43 GB (30%) free of 140 GB
---\\ Logged in mode
~ Computer Name: JEANCLAUDE-HP
~ User Name: JEAN CLAUDE
~ All Users Names: JEAN CLAUDE, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\JEAN CLAUDE\AppData\Roaming\
~ %Desktop% : C:\Users\JEAN CLAUDE\Desktop\
~ %Favorites% : C:\Users\JEAN CLAUDE\Favorites\
~ %LocalAppData% : C:\Users\JEAN CLAUDE\AppData\Local\
~ %StartMenu% : C:\Users\JEAN CLAUDE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 43 Go of 140 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E:\ CD-ROM drive (Free 0 Go of 0 Go)
---\\ Security Center & Tools Informations
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.953ADECFF08202A01EFC6110214FDE02] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 06:56:41.) -- C:\Windows\Explorer.exe [2115952]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.2E326CC5E440CA50515C124D208327CE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/04/2013 - 23:30:55.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.87DA6ACA9AF2F536C68471787D1B3F4A] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:08:28.) -- C:\Windows\System32\Winlogon.exe [411648]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.F12EFEE4DD20519D0DDF8D78704EE4DE] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:50:41.) -- C:\Windows\system32\Drivers\AFD.sys [438272]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 04:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.B21FDAC50FCD4CE53C203F097273532A] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:34:25.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.4A219AB84D6936C2A61FF44D32EF378D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 06:29:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.5FAC7AC77D9ADD42579EDF678F08DF9F] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:30:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.99C73E3FE9B36275BD91D2009F2BA2E0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 10:53:24.) -- C:\Windows\system32\Drivers\ntfs.sys [1614568]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 05:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.8E15C3D58A8ADE841060661DBA6E7A9B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.26/07/2012 - 04:39:34.) -- C:\Windows\system32\Drivers\volsnap.sys [282352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/198
~ Mes musiques (My Musics) : 1/1230
~ Mes Videos (My Videos) : 2/69
~ Mes Favoris (My Favorites) : 1/92
~ Mes Documents (My Documents) : 2/2724
~ Mon Bureau (My Desktop) : 2/197
~ Menu demarrer (Programs) : 1/84
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lanc�s
[MD5.241BD3019FB31E812A51B31B06906335] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [144520] [PID.2984]
[MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) -- C:\WINDOWS\system32\taskhostex.exe [53760] [PID.1184]
[MD5.2B7F42426A50667994A00C22CBFF2E1F] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe [11077984] [PID.4280]
[MD5.ABA41BB9B872699D0DCE69717759072E] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [147456] [PID.5728]
[MD5.674E33892FCFC25DF29954D017325C8C] - (.Microsoft Corporation - Communications Service.) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe [138672] [PID.9816]
[MD5.0679A1395545C74ECB50F13FEDFD77A4] - (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe [2396160] [PID.9424]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.9036]
[MD5.A06991C31365300DA45D5D719EFF6DCB] - (.SpeedBit LTD - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [1494216] [PID.4408]
[MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.5432]
[MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18680424] [PID.8908]
[MD5.F843A5182EF483C0DF374AC507DEE0A7] - (.Yuna Software - Messenger Plus! (for Skype).) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe [7801344] [PID.4660]
[MD5.B8C96951E66589A8BE736C04A630AE64] - (.Alexandr Irza - Volume� - advanced Windows volume control.) -- C:\Program Files\Volume2\Volume2.exe [4710912] [PID.8640]
[MD5.C56270AE93484595950102DF6B23CAEC] - (...) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [1044224] [PID.4328]
[MD5.0550FBCEE76B6B8BD0045C898394E728] - (.Pierre TORRIS - Sauvegarde et restauration du bureau.) -- C:\Program Files\IcoSauve\IcoSauve.exe [131072] [PID.4912]
[MD5.7FCD78F5AF2EFF12DE4BA17E36082B1E] - (...) -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe [123136] [PID.4404]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe [770608] [PID.7424]
[MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.1192]
[MD5.B657BF5D3AEDD9C05983DFB84CDE2C0E] - (.Adobe Systems Incorporated - Adobe� Flash� Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [805752] [PID.8312]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - H�te Microsoft WWA.) -- C:\WINDOWS\system32\wwahost.exe [333824] [PID.2536]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.1688]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://start.myplaycity.com]MyPlayCity Search[/url]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Tracker Software Products (Canada) Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} . (...) -- mscoree.dll (.not file.)
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} Cl� orpheline
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} . (.LastPass - LastPass Toolbar.) -- C:\Program Files\LastPass\LPToolbar.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} . (.IvoSoft - Customizations for the title bar and status.) -- C:\Program Files\Classic Shell\ClassicIE9dll_32.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: LastPass Toolbar - [HKLM]{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} . (.LastPass - LastPass Toolbar.) -- C:\Program Files\LastPass\LPToolbar.dll
O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] . (.Acronis - Acronis TIB Monitor.) -- C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [XLaunchpad] . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] . (.SpeedBit LTD - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
O4 - HKCU\..\Run: [Volume2] . (.Alexandr Irza - Volume� - advanced Windows volume control.) -- C:\Program Files\Volume2\Volume2.exe
O4 - HKCU\..\Run: [NETGEARGenie] . (...) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
O4 - HKCU\..\Run: [DriverFinder] . (.Pas de propri�taire - DriverFinder.) -- C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [XLaunchpad] . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [SpeedBitVideoAccelerator] . (.SpeedBit LTD - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [Volume2] . (.Alexandr Irza - Volume� - advanced Windows volume control.) -- C:\Program Files\Volume2\Volume2.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [NETGEARGenie] . (...) -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [DriverFinder] . (.Pas de propri�taire - DriverFinder.) -- C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKUS\S-1-5-21-4236982873-3305466452-132931986-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Free FLV Converter.lnk . (.Koyote Soft - Tube Finder - Free FLV Converter.) -- C:\Program Files\Free FLV Converter\FreeFLVConverter.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Actualit� MSN.fr.url . (.Koyote Soft - Tube Finder - Free FLV Converter.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Actualit� MSN.fr.url
O4 - GS\Desktop: Advanced Uninstaller PRO 11.lnk . (.Innovative Solutions - Advanced Uninstaller.) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Amazon.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Amazon.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Bing.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Bing.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\BNPParibas.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\BNPParibas.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\DiapoTop PPS.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\DiapoTop PPS.url
O4 - GS\Desktop: E-Verbe.lnk . (.Circitor - Pas de description.) -- C:\Program Files\Circitor\e-verbe\e-verbe.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Eurosport.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Eurosport.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook..url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook..url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Facebook.url
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\L'�quipe.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\L'�quipe.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Le monde des pps.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Le monde des pps.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Ligue 1.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Ligue 1.url
O4 - GS\Desktop: M�dicaments.lnk . (...) -- C:\Users\JEAN CLAUDE\Documents\M�dicaments
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\M�t�o Pauillac.url . (...) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\M�t�o Pauillac.url
O4 - GS\Desktop: Norton Internet Security.lnk . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\uistub.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Outlook Mail jccoco33@live.fr.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Outlook Mail jccoco33@live.fr.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Play TV.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Play TV.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\PPSMania.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\PPSMania.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Qwant.url . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Qwant.url
O4 - GS\Desktop: RarmaRadio.lnk . (.Raimersoft - RarmaRadio.) -- C:\Program Files\RarmaRadio\RarmaRadio.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\Desktop: XLaunchPad.lnk . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\Yahoo Sport.url . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\Yahoo Sport.url
O4 - Global Startup: C:\Documents And Settings\JEAN CLAUDE\Desktop\�Traduction.url . (.Nicolas Coolman - ZHPDiag.) -- C:\Documents And Settings\JEAN CLAUDE\Desktop\�Traduction.url
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} . (.LastPass - LastPass Toolbar.) -- C:\Program Files\LastPass\LPToolbar.dll
O9 - Extra button: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Cl� orpheline
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Garmin Communicator Plug-In (Garmin Communicator Plug-In) - [url=https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB]https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB[/url]
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} ((no name)) - [url=http://support.asus.com/select/asusTek_sys_ctrl3.cab]http://support.asus.com/select/asusTek_sys_ctrl3.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{86EA9C3C-34DD-4F2F-8DAC-9B03D4E1185A}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B113817-33FC-471B-A89F-E78EC00E5C4A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{86EA9C3C-34DD-4F2F-8DAC-9B03D4E1185A}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\261339~1.144\{c16c1~1\browse~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Desk 365 service (desksvc) . (...) - C:\Program Files\Desk 365\deskSvc.exe (.not file.) =>Hijacker.22Find
O23 - Service: (IBUpdaterService) . (...) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
O23 - Service: NETGEARGenieDaemon (NETGEARGenieDaemon) . (.NETGEAR - NETGEAR Genie Daemon for Windows.) - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: Predator ACE (PredatorACE) . (...) - C:\Program Files\Predator2\PredatorACE.exe (.not file.)
O23 - Service: (vToolbarUpdater14.0.1) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe (.not file.) =>Toolbar.AVGSearch
~ Services: 23 Legitimates Filtered in 00mn 18s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\G�n�ration Sauvegarde JEAN CLAUDE.job [336]
[MD5.00000000000000000000000000000000] [APT] [4785] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.F1B6B19AA752DEA83BCE4DFEF3D4C5BA] [APT] [EPUpdater] (...) -- C:\Users\JEAN CLAUDE\AppData\Roaming\BabSolution\Shared\BabMaint.exe [9808] =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Omiga Plus RunAsStdUser] (...) -- C:\Program Files\Omiga Plus\omigaplus.exe (.not file.) [0]
[MD5.81800928E0F713DF31F3393CC26F4013] [APT] [Programme de mise � jour en ligne de Divx] (...) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{061D11DB-B1A1-462D-987D-435180612AC4}] (...) -- C:\Users\JEAN CLAUDE\Downloads\DriveClone 6.04 Exprex.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0C64FBEC-62F5-494E-90A7-8EAA7B7097C0}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Ashield Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1C11ACBA-76EA-437F-AAC1-EC34C2C222A8}] (...) -- F:\myuninst\D�installeur Myuninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1DC69092-0D00-43EB-9139-6B2B7ED00AFC}] (...) -- C:\Users\JEAN CLAUDE\Desktop\meteo-fusion_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{21408D7B-964F-47B2-B11F-6F5DEA12DC4F}] (...) -- C:\Users\JEAN CLAUDE\Desktop\pendu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{24EB1AE4-9DD0-4061-AB9D-393D59C7A758}] (...) -- C:\Program Files\YAYG\UninstallerData\Uninstall yayg2fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2E07ABCD-69C7-415F-A7F4-E709A927EF54}] (...) -- C:\Users\JEAN CLAUDE\Desktop\DriveClone6.04Express_FR_09052212S.exe (.not file.) [0]
[MD5.48325A133F62E1AA5AF309B1C217EBB9] [APT] [{3218D7A0-42D2-42F7-8292-D4F8AD985A98}] (...) -- C:\Program Files\Astase\UltraBackup\4.9\unins000.exe [695760]
[MD5.00000000000000000000000000000000] [APT] [{32EF430F-7935-4F1E-B78A-9BACDCC5EA17}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Setup_QI98_100\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{35C36EF1-B185-422D-8E12-BFC27362A0FC}] (...) -- C:\Program Files\Free Belote\FreeBelote.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{36BE575C-0759-455F-ACA4-C291E33595BF}] (...) -- F:\myuninst\myuninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{496B79DF-EFEB-40F3-A3F5-E3B8A04369EB}] (...) -- C:\Users\JEAN CLAUDE\Documents\Framakey.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{53F0D46B-D4EC-4DAD-A692-35C80C42FDCF}] (...) -- C:\Users\JEAN CLAUDE\Documents\News interceptor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{55092A00-8BB9-4657-B35E-C92FBD5A2AD2}] (...) -- H:\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5DCD294C-6BCC-43B9-BD6B-C88233588637}] (...) -- F:\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F4F0288-710A-41AF-9611-81D759ACFE3C}] (...) -- C:\Users\JEAN CLAUDE\Documents\Kikoo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F526B4D-0167-40FC-82A0-0DF9B774798A}] (...) -- C:\Program Files\RocketDock\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{60B592C3-CDC6-4916-AA0A-2BB16C08B518}] (...) -- C:\Users\JEAN CLAUDE\Pictures\ib\20111029120526\Uno_PC_jeu_gratuit.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{60D0D80D-C64E-4B54-AAA0-E94FF1EB3555}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Kikoo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6A5047CF-5117-4048-8F3D-AAA70ABA7E3F}] (...) -- F:\Frama\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{77B3095F-B614-498E-93DD-BCD19B43713C}] (...) -- F:\1Framkey\Framakey.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7FF8565E-C3FA-444B-8BFA-CFA0BDF9B0EB}] (...) -- C:\Users\JEAN CLAUDE\Documents\PortableApps\OpenOfficePortable\OpenOfficeBasePortable.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8B4FDF06-CB32-4D14-91EF-EEF3D0DBDD8A}] (...) -- C:\Users\JEAN CLAUDE\Documents\Lastpass.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{944F7720-E564-49F8-9D48-24AE6C5FA89A}] (...) -- C:\Users\JEAN CLAUDE\Documents\qi98_100.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A0DD9D43-F6B6-4EC1-AFCE-442F9242E22B}] (...) -- C:\Program Files\Filzip\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A1F66397-06A2-42AE-AD58-AFA4D0ED8324}] (...) -- C:\Users\JEAN CLAUDE\Desktop\Paragon_SystemBackup2010-rc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AA62236C-7A2A-4809-87FF-E7D570FAA4FB}] (...) -- C:\Users\JEAN CLAUDE\Documents\3D Yahtzee unlimited.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ABD0BD1D-3835-4AA4-973C-A52FFE7304A4}] (...) -- C:\Users\JEAN CLAUDE\Desktop\norton-ghost_norton_ghost_15.0_francais_77626.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF94B138-2C08-49B5-87A5-EAC4740FEE9B}] (...) -- C:\Users\JEAN CLAUDE\Desktop\InfralogsAAAAAAAAA.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B7FD3314-8577-4BD2-B59E-C5AA4CD22B91}] (...) -- C:\Users\JEAN CLAUDE\Desktop\NXPowerLite-3.0.2-v_Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C65C86E9-F53C-49EA-8A8E-4B2DBBAC0A91}] (...) -- H:\qi98_100.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C9B28512-FA40-467E-A340-6FAD9C019B4F}] (...) -- C:\Users\JEAN CLAUDE\Downloads\DriveClone 6 Express.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D829CC6E-8585-431D-AA20-DF867321DBC1}] (...) -- C:\Users\JEAN CLAUDE\Desktop\RCFR205DOGTC3 Ramdam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D865A645-E990-4B8A-B144-6EAF090C75C1}] (...) -- C:\Users\JEAN CLAUDE\Downloads\DriveClone 6.04 Exprex Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7D80D9E-B4E0-42A7-AC0B-54B54DC6AC43}] (...) -- C:\Users\JEAN CLAUDE\Desktop\PILOTE Navirad_USB_win7.exe (.not file.) [0]
[MD5.9579D7FA16F8D2F9C6BEDE3F3593D51A] [APT] [{E9BE5DF9-EB94-461B-B3B9-71FEBC3A375F}] (...) -- C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe [70670]
[MD5.00000000000000000000000000000000] [APT] [{E9FB9BB4-F6E7-45C9-A4B8-6A3146F84636}] (...) -- F:\1Framkey\Framakey.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2F41833-4CC8-43B9-A5C5-4D6CE745EC28}] (...) -- C:\Users\JEAN CLAUDE\Documents\Sokoban.exe (.not file.) [0]
~ Scheduled Task: 77 Legitimates Filtered in 00mn 11s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
O40 - ASIC: Adobe Reader User Settings - {A6EADE66-0000-0000-484E-7E8A45000000} . (.Adobe Systems, Inc. - Acrobat Install On Demand.) -- C:\Program Files\Adobe\Reader 11.0\Esl\AiodLite.dll
~ Active Setup: 11 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (VHDMgr) . (.Certit PTY LTD - VHDMount Driver.) - C:\Windows\system32\drivers\VHDMount-x86.sys
~ Drivers: 56 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Appetizer 1.4 - (.Appetizer Project.) [HKLM] -- Appetizer
O42 - Logiciel: CacheMyWork - (.Codeplex.) [HKLM] -- {4CD3A1CB-EB91-4DC5-B636-33B66BA56162}
O42 - Logiciel: Dietetik 5.3 - (...) [HKLM] -- Dietetik 5.3
O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT =>Adware.IncrediBar
O42 - Logiciel: JOC Web Spider 5.6.1.0 - (.Jocsoft.com.) [HKLM] -- JOC Web Spider_is1
O42 - Logiciel: Mots Cach�s 2.0 - (.Edmond Doudard.) [HKLM] -- Mots Cach�s 2.0_is1
O42 - Logiciel: Panopreter Basic version 3.0.9 - (.Panopreter.com.) [HKLM] -- Panopreter Basic_is1
O42 - Logiciel: Traqueur 3.1.13 - (...) [HKLM] -- Traqueur_is1
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh =>PUP.iMesh
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} =>PUP.iMesh
~ Logic: 213 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\4kdownload.com]
[HKCU\Software\5a578ddbb23eb845]
[HKCU\Software\AppDataLow\Software\mediabarim]
[HKCU\Software\AppDataLow\conduit_CT2812103]
[HKCU\Software\Appetizer]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Blabbers ] =>PUP.Blabbers
[HKCU\Software\BooRee-USB]
[HKCU\Software\Bruno]
[HKCU\Software\ClearProg]
[HKCU\Software\D2Soft Technologies]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\GreatestsPlacesMR]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\Junoplay.com]
[HKCU\Software\MSNCleaner]
[HKCU\Software\MandarkLib]
[HKCU\Software\Mediaforma]
[HKCU\Software\Mobatek]
[HKCU\Software\NKH]
[HKCU\Software\Namida]
[HKCU\Software\NetIntellGames]
[HKCU\Software\Panopreter]
[HKCU\Software\RandyRants]
[HKCU\Software\Rebit]
[HKCU\Software\Recreasoft]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WEDLMNGR]
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\WinYam]
[HKCU\Software\bbrs_002.tb]
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\5a578ddbb23eb845]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Bytesignals]
[HKLM\Software\Cortex I.T]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\GSplit]
[HKLM\Software\Panopreter]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\V9]
[HKLM\Software\deskSvc]
[HKLM\Software\iWin]
~ Key Software: 503 Legitimates Filtered in 00mn 05s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/05/2013 - 12:05:44 - [62,116] ----D C:\Program Files\4KDownload
O43 - CFD: 24/08/2011 - 17:20:46 - [1,900] ----D C:\Program Files\alot
O43 - CFD: 23/03/2012 - 17:20:15 - [2,493] ----D C:\Program Files\Appetizer
O43 - CFD: 14/04/2011 - 16:25:45 - [0,646] ----D C:\Program Files\BooRee-USB
O43 - CFD: 26/03/2012 - 11:00:28 - [0,441] ----D C:\Program Files\Bytesignals
O43 - CFD: 09/09/2012 - 17:35:37 - [0,150] ----D C:\Program Files\CacheMyWork
O43 - CFD: 20/04/2012 - 13:08:55 - [8,454] ----D C:\Program Files\Cvf
O43 - CFD: 05/08/2011 - 19:31:30 - [1,842] ----D C:\Program Files\GLD
O43 - CFD: 29/08/2011 - 12:47:17 - [0,419] ----D C:\Program Files\Horloge
O43 - CFD: 22/03/2011 - 11:03:07 - [40,885] ----D C:\Program Files\iMesh Applications =>PUP.iMesh
O43 - CFD: 04/08/2011 - 20:48:19 - [17,964] ----D C:\Program Files\Jeu de mots
O43 - CFD: 24/08/2011 - 14:57:36 - [0,693] ----D C:\Program Files\Jocsoft
O43 - CFD: 13/04/2012 - 19:22:28 - [0,000] ----D C:\Program Files\Kikoo
O43 - CFD: 06/09/2012 - 12:20:56 - [0] ----D C:\Program Files\MailPops
O43 - CFD: 30/08/2011 - 13:53:33 - [0,327] ----D C:\Program Files\MEGAYAM12
O43 - CFD: 28/07/2011 - 18:49:18 - [2,022] ----D C:\Program Files\MotsCach�s 2.0
O43 - CFD: 28/07/2011 - 19:13:50 - [28,015] ----D C:\Program Files\nkh
O43 - CFD: 29/03/2013 - 10:52:51 - [2,655] ----D C:\Program Files\Panopreter Basic
O43 - CFD: 04/06/2013 - 23:04:54 - [0,359] ----D C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM
O43 - CFD: 27/05/2013 - 10:34:47 - [33,331] ----D C:\Program Files\Common Files\337
O43 - CFD: 23/03/2012 - 22:31:31 - [0,124] ----D C:\Program Files\Common Files\GSplit
O43 - CFD: 10/07/2012 - 11:12:20 - [0,004] ----D C:\ProgramData\14164
O43 - CFD: 01/06/2012 - 10:49:21 - [0,004] ----D C:\ProgramData\15231
O43 - CFD: 06/06/2013 - 23:07:43 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 11/12/2011 - 17:50:20 - [0] ----D C:\ProgramData\BackupAssist v6
O43 - CFD: 08/11/2011 - 23:42:27 - [0] ----D C:\ProgramData\clonehdd
O43 - CFD: 08/11/2011 - 23:40:06 - [0] ----D C:\ProgramData\complexbackup
O43 - CFD: 06/11/2011 - 20:07:05 - [1,338] ----D C:\ProgramData\EmbeddedThalliumBackup
O43 - CFD: 27/05/2013 - 10:32:12 - [0,344] ----D C:\ProgramData\eSafe
O43 - CFD: 19/04/2013 - 11:37:12 - [10,820] ----D C:\ProgramData\FantastiGames
O43 - CFD: 15/12/2011 - 23:52:41 - [0] ----D C:\ProgramData\fscltdcn
O43 - CFD: 23/08/2011 - 22:00:45 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 22/03/2011 - 11:01:27 - [0,087] ----D C:\ProgramData\iMesh =>PUP.iMesh
O43 - CFD: 23/08/2011 - 21:57:37 - [5,969] ----D C:\ProgramData\IncrediMail
O43 - CFD: 17/03/2012 - 16:41:43 - [0,016] ----D C:\ProgramData\Kamzy
O43 - CFD: 10/02/2013 - 22:03:47 - [0,000] ----D C:\ProgramData\T1 Games
O43 - CFD: 07/06/2013 - 13:37:41 - [1,044] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 22/03/2011 - 11:03:36 - [15,243] --H-D C:\ProgramData\{8126394B-2C0C-4BB4-BAF9-51D47FAA35C8}
O43 - CFD: 06/06/2012 - 09:00:34 - [2,099] ----D C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
O43 - CFD: 09/03/2012 - 12:15:46 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\#Hf
O43 - CFD: 10/09/2012 - 14:29:55 - [0,160] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\021B7700-F6AF-4B3D-9934-198A03668E1B
O43 - CFD: 21/11/2011 - 12:55:01 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\19E2A8F1-EA7E-4E3C-97F1-B6CFDEE420C8
O43 - CFD: 08/12/2011 - 21:47:50 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\2644F65A-E343-4BEE-902D-537DFE4A77D5
O43 - CFD: 08/10/2012 - 13:48:55 - [6,701] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\2A420449-FA2A-414C-AA83-CFE9639D4295
O43 - CFD: 27/05/2013 - 10:46:48 - [3,727] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\337
O43 - CFD: 14/11/2011 - 21:37:06 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\3B3F8B7F-8BE8-464B-B0BA-D1609EE48C1A
O43 - CFD: 16/11/2011 - 01:15:00 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\47A12FCB-DD26-421B-B8F4-388F4A473989
O43 - CFD: 02/11/2011 - 22:38:26 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\5C98F1E0-8EEF-4CCB-B368-5985C241ED62
O43 - CFD: 31/08/2012 - 14:32:03 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\6B8E6E38-EEC8-48EE-B495-999522707502
O43 - CFD: 31/08/2012 - 23:46:59 - [0,160] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\754013CC-DF53-45BE-895A-A613526CC529
O43 - CFD: 13/12/2011 - 21:02:11 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\77BEC253-B909-47BD-846A-AF7561160DFC
O43 - CFD: 15/12/2011 - 23:07:32 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\A5649297-7B73-4108-9D2A-E5F94964A15D
O43 - CFD: 01/09/2012 - 19:49:11 - [0,160] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\A8707AE3-892E-4363-8297-69507D90D07B
O43 - CFD: 13/12/2011 - 21:02:12 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\AEBC32A0-79FA-41DC-B9DC-63AB91ECDC16
O43 - CFD: 26/08/2011 - 13:17:17 - [4,615] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\AlertInfo
O43 - CFD: 09/03/2012 - 14:40:45 - [0,025] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Appetizer
O43 - CFD: 08/12/2011 - 21:47:48 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\B703EBB6-41F1-4D2B-A508-7822AFD32DD4
O43 - CFD: 06/06/2013 - 23:08:51 - [1,551] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 06/06/2013 - 23:07:42 - [0,012] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 08/12/2011 - 23:22:51 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\C0C5DCEE-09F5-47A4-A1ED-0D8B6C731D03
O43 - CFD: 02/11/2011 - 22:38:26 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\C8AF61D7-C404-4AC8-BD77-A2202C068678
O43 - CFD: 16/11/2011 - 01:15:02 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\CA8B123C-2097-4C81-AD16-A0C953C62A3B
O43 - CFD: 07/02/2013 - 16:22:06 - [0,017] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\CRDeltaTB =>Toolbar.DeltaSearch
O43 - CFD: 22/08/2011 - 15:30:11 - [0,183] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\D2Soft Technologies
O43 - CFD: 19/05/2013 - 16:54:57 - [6,765] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\D4594DF4-65E1-46B9-8F44-8209C057C8DF
O43 - CFD: 08/03/2012 - 18:11:19 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Ditto
O43 - CFD: 20/11/2011 - 11:39:11 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\E0A9CF91-400F-4EDD-92F1-1ED0372A8B30
O43 - CFD: 09/12/2011 - 00:13:25 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\E2E8E565-CE99-481E-B508-303179BC9E65
O43 - CFD: 20/11/2011 - 23:35:11 - [0,224] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\E99C69E3-8B0E-4F0D-B1AF-842DDFF473FE
O43 - CFD: 10/09/2012 - 14:29:56 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\EF8A193E-0BFC-4B82-A7D7-9E0EEDDFA8DE
O43 - CFD: 23/03/2012 - 22:33:39 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\GSplit
O43 - CFD: 28/02/2011 - 11:47:39 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\newfolder3
O43 - CFD: 26/03/2012 - 11:00:39 - [6,595] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\nspaces_bytesignals
O43 - CFD: 24/06/2012 - 08:48:56 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Obvious Idea
O43 - CFD: 31/01/2013 - 11:06:22 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\PhoXo
O43 - CFD: 01/04/2012 - 09:51:17 - [9,554] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\RaimaRadioPro
O43 - CFD: 13/05/2013 - 12:06:50 - [0,000] ----D C:\Users\JEAN CLAUDE\AppData\Local\4kdownload.com
O43 - CFD: 22/03/2012 - 14:51:06 - [0] ----D C:\Users\JEAN CLAUDE\AppData\Local\Finkit
O43 - CFD: 22/03/2012 - 13:59:11 - [17,459] ----D C:\Users\JEAN CLAUDE\AppData\Local\IM
O43 - CFD: 12/07/2012 - 23:09:25 - [73,550] ----D C:\Users\JEAN CLAUDE\AppData\Local\iMesh =>PUP.iMesh
O43 - CFD: 05/08/2011 - 19:44:45 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Local\MLSofts
O43 - CFD: 29/08/2011 - 18:16:55 - [0,001] ----D C:\Users\JEAN CLAUDE\AppData\Local\Stephane_Blanc_(whithix@g
O43 - CFD: 24/08/2011 - 09:53:03 - [3,383] ----D C:\Users\JEAN CLAUDE\AppData\Local\Wysigot
O43 - CFD: 14/01/2013 - 13:28:14 - [0,004] ----D C:\Users\JEAN CLAUDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appetizer
~ 1348 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 2121 Legitimates Filtered in 01mn 08s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.8378774ABC9CAA2C60B298AE0C084FB7] - 19/06/2013 - 14:37:38 ---A- . (...) -- C:\Windows\System32\Drivers\SYMEVENT.CAT [7446]
O44 - LFC:[MD5.2A8DCC2EC2AC5C0588F818B16E606CED] - 19/06/2013 - 14:37:38 ---A- . (...) -- C:\Windows\System32\Drivers\SYMEVENT.INF [806]
O44 - LFC:[MD5.EC986C5883EFCC9DD761B8A0E42E0E32] - 19/06/2013 - 10:48:20 ---A- . (...) -- C:\{B074EC48-5E4D-4FBE-B37B-DFBDBE9A38C1} [3104]
O44 - LFC:[MD5.A9F329E89F81FF972A29D940DF9D9A98] - 19/06/2013 - 07:58:50 ---A- . (...) -- C:\{BDC1C8AB-5975-42C1-8F02-0FA9202EC2B1} [1920]
O44 - LFC:[MD5.BEAD8D869F7708C05AAC44F7A3F0939D] - 19/06/2013 - 07:58:50 ---A- . (...) -- C:\{D429AB96-6C7E-4E64-A8AB-545A76482F73} [56]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/06/2013 - 07:31:10 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.FD8B71811C97420DC08DB8161401C544] - 16/06/2013 - 15:54:35 ---A- . (...) -- C:\{35D8FD05-4C10-4CC9-8BC9-F2EB35B21CF6} [1968]
O44 - LFC:[MD5.351EF211FC5DA078A02376D24E6829AF] - 16/06/2013 - 07:30:53 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386646]
O44 - LFC:[MD5.F1DB5C8D8148E1D93403497B8DE9C491] - 15/06/2013 - 07:47:05 ---A- . (...) -- C:\{158DA3C5-E4B4-4B3E-A7A1-94C4DE5D3AB9} [1880]
O44 - LFC:[MD5.FBC05F89700D83B0A43353E1ACE915F5] - 07/06/2013 - 12:47:00 ---A- . (...) -- C:\Convertxto DVD4 Setup.exe [946968]
O44 - LFC:[MD5.444C17D4E51CAA49D47F5DF6FD8D2472] - 06/06/2013 - 22:19:50 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [1833]
~ Files: 91 Legitimates Filtered in 00mn 07s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export DP - "C:\Program Files\JeuDeMots\JeuDeMots.exe" [Enabled] .(...) -- C:\Program Files\JeuDeMots\JeuDeMots.exe (.not file.)
~ Keys Export: 2 Legitimates Filtered in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Acronis - Acronis Relogon Authentication Package.) -- C:\Windows\System32\relog_ap.dll
~ LSA: 10 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{a684a55b-4776-11e2-9333-1cc1de608de5}\AutoRun\command. (...) -- F:\SFRLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\autoupdater [Key] . (...) -- C:\Users\JEAN CLAUDE\AppData\Roaming\Agence-Exclusive\Agence-Exclusive\autoupdater.exe (.not file.) =>PUP.AgenceExcusive
O53 - SMSR:HKLM\...\startupreg\Browser companion helper [Key] . (...) -- C:\Program Files\BrowserCompanion\BCHelper.exe (.not file.) =>PUP.Blabbers
O53 - SMSR:HKLM\...\startupreg\Hiyo [Key] . (.IncrediMail, Ltd. - HiYo - IncrediMail Ltd Messenger plugin.) -- C:\Program Files\HiYo\bin\HiYo.exe
O53 - SMSR:HKLM\...\startupreg\XLaunchpad [Key] . (.xwidget.com - OS X Launchpad for Windows.) -- C:\Program Files\XLaunchPad\XLaunchPad.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 25 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.96191579DDB1A201A2FB79C1D05680B4] - 26/07/2012 - 04:42:31 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [85232]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Alternate Data Stream File (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Aide Screensaver.URL:favicon
~ ADS: Scanned in 00mn 06s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [url=http://www.bing.com]Bing[/url]
O69 - SBI: SearchScopes [HKCU] {08B6DF35-0855-487F-AE45-EB4CD3E3BD81} - (findr Customized Web Search) - [url=http://search.conduit.com]Rechercher [/url]
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Babylon) - [url=http://search.babylon.com]Babylon Search[/url] =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [url=http://www.google.com]Google[/url]
O69 - SBI: SearchScopes [HKCU] {c1d89ae7-449d-4929-b24b-fded04adbe06} - (Glary Search) - [url=http://isearch.glarysoft.com]Search[/url]
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_blue_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_green_3.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_1.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_2.pnge
C:\Program Files\MyPlayCity.com\Mah Jong Quest II\images\tile\firecracker_red_3.pnge
~ Files: Scanned in 07mn 49s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.BDB348099D8B3D66167E5B0D60AB2A7C] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\580E687C-8169-4D16-B8DF-3B12ADE7531C.dat [70662]
[MD5.4EC1A6CBC253DA199A35F0DBB940D4D6] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\6BEF6965-814C-4AD5-AEA7-44D7BF3A9966.dat [39602]
[MD5.B8B1C3A971F50CAAF75B69199BBE8FF2] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\78B76D8A-42BC-4DA3-99C0-AEFD581DBBD2.dat [37056]
[MD5.6B09F69D4FCB227928F297EE47EFA756] [SPRF][19/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\D7D368F9-3B8A-4746-AE91-D845597D82F6.dat [69578]
[MD5.2C22064707F874C3BCD11A068CE83B1A] [SPRF][20/06/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\SkypeSetup.exe [31668840]
[MD5.F6917EAF1CEECA34E15C1B330E6BCE7A] [SPRF][19/06/2013] (.Symantec Corporation - Norton Internet Security.) -- C:\Users\JEAN CLAUDE\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_5239.exe [883064]
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][07/06/2013] (...) -- C:\Users\JEAN CLAUDE\AppData\Roaming\inst.exe [87608]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][07/06/2013] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\JEAN CLAUDE\AppData\Roaming\pcouffin.sys [47360]
[MD5.A95866BA166A09E360BB88DA72D4531D] [SPRF][15/05/2013] (...) -- C:\Users\JEAN CLAUDE\Desktop\adwcleaner.exe [628743]
[MD5.B9CB373322D54AFE555E3301B02C4A25] [SPRF][21/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\JEAN CLAUDE\Desktop\ZHPDiag2.exe [5684132]
[MD5.1211439494E20C51377E47982A384986] [SPRF][22/11/2012] (.Pas de propri�taire - asusTek_sys_ctrl Module.) -- C:\Windows\Downloaded Program Files\asusTek_sys_ctrl.dll [148352]
[MD5.F1CD64DD3702BDCDFB0531BB21C6BEFC] [SPRF][21/06/2011] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 10.3 r181.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3123872]
~ Files: Scanned in 00mn 03s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{57949277-5A98-4265-9CB5-B2014EE36837}" |In - Private - P17 - TRUE | .(...) -- F:\ Op�ra\operausb1152int\opera.exe (.not file.)
O87 - FAEL: "{6456AFE9-B6EF-4DE8-8748-2E2C18E1CBB9}" |In - Private - P6 - TRUE | .(...) -- F:\ Op�ra\operausb1152int\opera.exe (.not file.)
O87 - FAEL: "{A9316E6D-CD3D-477F-84C5-C23FEAFD94F9}" | In - Private - P17 - TRUE | .(.ZGuideTV Team - ZGuideTV.NET.) -- C:\Program Files\ZGuideTVDotNet\ZGuideTVDotNet.exe
O87 - FAEL: "{DA1FEE2C-387A-4606-A5C6-D8F954B2FE03}" | In - Private - P6 - TRUE | .(.ZGuideTV Team - ZGuideTV.NET.) -- C:\Program Files\ZGuideTVDotNet\ZGuideTVDotNet.exe
O87 - FAEL: "{60A0F2E2-1533-403B-AEE3-8F953F83096F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{AAE58660-4008-4E91-8DB8-B1ECEFD7E114}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{5A1F75D1-15F4-48F7-8026-CE79C95A7D7C}" | In - Private - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{AC58803C-1778-43DE-85F0-7D91342A3E83}" | In - Private - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{E1A3B7A8-DB0F-4305-AF78-44284EF95ADA}" | In - Domain - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{841EF6D7-E475-4770-A582-07505AEC9AFB}" | In - Domain - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh
O87 - FAEL: "{069A75AD-4C98-4D30-8513-CBFE1C6D5EE8}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\RpcSandraSrv.exe (.not file.)
O87 - FAEL: "{B3CBEB82-E8FA-4328-B3AD-ECA2A86F869B}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{84CAB624-0291-4574-951A-7026263AB2A0}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
~ Firewall: 261 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Cl�s trouv�es (Keys found) : 136
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 13
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\Interface\{0bbf19a5-be50-4e06-a340-6777a505e490}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{2d77ac8a-0a4c-40d0-9557-51907a575e45}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{869e753f-bd0d-4832-8131-94feee058ae3}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKLM\Software\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}] =>Toolbar.Kiwee
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{69d3f709-9de2-479f-980f-532d46895703}] =>Adware.BHO
[HKLM\Software\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}] =>Adware.BHO
[HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{969D2C61-9B16-407c-86B7-397BF4579BE6}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{969D2C61-9B16-407c-86B7-397BF4579BE6}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}] =>Adware.BHO
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\iMesh.exe] =>PUP.iMesh
[HKLM\Software\Classes\AppID\Launcher.EXE] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFile3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\nctaudiocdwriter2.audiocdwriter2] =>Adware.RecordNRip
[HKLM\Software\Classes\nctaudiocdwriter2.audiocdwriter2.1] =>Adware.RecordNRip
[HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.IncrediBar
[HKCU\Software\BlabbersToolbar] =>PUP.Blabbers
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\iMesh] =>PUP.iMesh
[HKLM\Software\iwin] =>Adware.BHO
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar
[HKCU\Software\bbrs_002.tb] =>PUP.Blabbers
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKCU\Software\AppDataLow\Software\mediabarim] =>PUP.iMesh
[HKLM\Software\Classes\Installer\Features\8BA64C84994367940971B95E325644E3] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Installer\Products\8BA64C84994367940971B95E325644E3] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\desksvc] =>Hijacker.22find
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\Tuto4pcFrSoftonicBHO.DLL] =>Spyware.AgenceExclusive
[HKCU\Software\AppDataLow\conduit_CT2812103] =>Toolbar.Conduit
C:\Program Files\alot =>Adware.CometSystems
C:\Program Files\iMesh Applications =>PUP.iMesh
C:\Program Files\Common Files\337 =>Hijacker.22find
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\FantastiGames =>Toolbar.Agent
C:\ProgramData\iMesh =>PUP.iMesh
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh =>PUP.iMesh
C:\Users\JEAN CLAUDE\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\JEAN CLAUDE\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\JEAN CLAUDE\AppData\Roaming\337 =>Hijacker.22find
C:\Users\JEAN CLAUDE\AppData\Local\iMesh =>PUP.iMesh
C:\Users\JEAN CLAUDE\AppData\LocalLow\alot =>Adware.CometSystems
C:\Users\JEAN CLAUDE\AppData\Local\Temp\AskSearch =>Toolbar.AskBarDis
~ Additionnel Scan: 410270 Items scanned in 01mn 23s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "532E1E0054BA59641A6570138149E94D" . (.HiYo.) -- C:\Windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\ARPPRODUCTICON.exe
O90 - PUC: "5FEC1DB69749045408E4DB01716597D4" . (.Predator.) -- C:\Windows\Installer\{6BD1CEF5-9479-4540-804E-BD101756794D}\_853F67D554F05449430E7E.exe
O90 - PUC: "8BA64C84994367940971B95E325644E3" . (.Delta.) -- C:\WINDOWS\Installer\{48C46AB8-3499-4976-9017-9BE52365443E}\Delta.ico
~ Update Products: 73 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\5a578ddbb23eb845]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\5a578ddbb23eb845]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKCU\Software\5a578ddbb23eb845]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5a578ddbb23eb845]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5a578ddbb23eb845]:SERVICE_NAME="BrowserDefendert"
[HKCU\Software\5a578ddbb23eb845]:usrcheckbox="1"
[HKCU\Software\5a578ddbb23eb845]:version="2.6.1339.144"
[HKLM\Software\5a578ddbb23eb845]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\5a578ddbb23eb845]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\5a578ddbb23eb845]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKLM\Software\5a578ddbb23eb845]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\5a578ddbb23eb845]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\5a578ddbb23eb845]:SERVICE_NAME="BrowserDefendert"
[HKLM\Software\5a578ddbb23eb845]:usrcheckbox="1"
[HKLM\Software\5a578ddbb23eb845]:version="2.6.1339.144"
~ Export Key Software: Scanned in 00mn 02s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 15/02/2013 831152 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/01/2013 251400 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/05/2013 3808248 | (afcdpsrv) . (.Acronis.) - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 12/04/2013 68608 | (ClassicShellService) . (.IvoSoft.) - C:\Program Files\Classic Shell\ClassicShellService.exe
SS - | Auto 0 | (desksvc) . (...) - C:\Program Files\Desk 365\deskSvc.exe =>Hijacker.22Find
SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe
SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe
SS - | Disabled 23/04/2010 514232 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe
SR - | Auto 25/02/2013 101376 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 25/02/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 25/08/2009 77824 | (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Disabled 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SR - | Auto 12/03/2013 185688 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
SS - | Auto 23/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SR - | Auto 09/09/2011 86072 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Auto 1167152 | (IBUpdaterService) . (...) - C:\Windows\System32\dmwu.exe =>Adware.InstallBrain
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 19/05/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 07/05/2013 128000 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SR - | Auto 07/04/2013 195840 | (NETGEARGenieDaemon) . (.NETGEAR.) - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
SR - | Auto 23/12/2012 144520 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
SS - | Disabled 14/10/2009 635416 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files\PDF Complete\pdfsvc.exe
SS - | Auto 0 | (PredatorACE) . (...) - C:\Program Files\Predator2\PredatorACE.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 16/03/2012 25008 | (SFR.Dashboard.Service) . (.SFR.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe
SS - | Disabled 02/11/2009 431456 | (SgtSch2Svc) . (.Seagate.) - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 20/03/2013 7093272 | (syncagentsrv) . (.Acronis.) - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
SR - | Auto 07/06/2013 4150112 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Disabled 04/01/2008 1949696 | (ThalliumServer) . (.Astase.) - C:\Program Files\Astase\UltraBackup\4.9\bin\tbsd.exe
SS - | Disabled 04/01/2008 620032 | (thpassivesvc) . (.Astase.) - C:\Program Files\Astase\UltraBackup\4.9\bin\thpassiveclientsvc.exe
SS - | Auto 29/05/2012 1528672 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
SS - | Auto 20/09/2012 23040 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/04/2012 265928 | (VideoAcceleratorService) . (.SpeedBit Ltd..) - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
SS - | Auto 0 | (vToolbarUpdater14.0.1) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, [url=http://ad13.geekstog]http://ad13.geekstog[/url]
Run by JEAN CLAUDE at 21/06/2013 18:42:06
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 3456 Legitimates filtered by white list
End of the scan (1236 lines in 12mn 24s)(20)