cjoint

Publicité


Publicité

Format du document : application/octet-stream

Prévisualisation

ÿþ[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

Computer name . . . . : MAHMOUD-PC
Windows . . . . . . . : 6.1.1.7601.X86/1
User name . . . . . . : mahmoud-PC\mahmoud
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2016-07-10 21:38:45
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 54s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 6
Traces . . . . . . . : 189

Objects scanned . . . : 675,059
Files scanned . . . . : 41,129
Remnants scanned . . : 152,730 files / 481,200 keys

Malware _____________________________________________________________________

C:\Users\mahmoud\AppData\Local\Temp\Rar$EXa0.445\sswddddddddddddddddddddddddddddddddddddddddddddddddddddddddd sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss.EXe
Size . . . . . . . : 3,088,896 bytes
Age . . . . . . . : 467.3 days (2015-03-31 15:25:28)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 16E3EE996B537CB48B28E38F4DCCC72DBC33903ACDE6F425F82A287EB30754A2
> Bitdefender . . . : Gen:Variant.Razy.9925
Fuzzy . . . . . . : 134.0

C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\gmp-gmpopenh264\1.3\gmpopenh264.dll
Size . . . . . . . : 978,872 bytes
Age . . . . . . . : 447.1 days (2015-04-20 20:23:26)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 6D97CF9A5106F17EA84A8B00AE18235EF9DFA19F4E4EB31BEEEF93834D00D875
> Bitdefender . . . : Gen:Trojan.Heur.GM.0804022920
Fuzzy . . . . . . : 111.0

F:\games\GTA9\gta-vc.exe
Size . . . . . . . : 3,214,336 bytes
Age . . . . . . . : 488.1 days (2015-03-10 18:59:20)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 0A7A447C2DAF638383DD4B0B3D1634E242F7551410096D3DE8D4080784BFE5EB
> Kaspersky . . . . : Virus.Win32.Virut.ce
Fuzzy . . . . . . : 110.0
References
C:\Users\mahmoud\AppData\Local\Microsoft\Windows\GameExplorer\{CAB31127-0B29-4100-A936-C6A16D47E31F}\PlayTasks\0\Play.lnk


Suspicious files ____________________________________________________________

C:\Users\mahmoud\Desktop\FRST.exe
Size . . . . . . . : 1,740,288 bytes
Age . . . . . . . : 1.0 days (2016-07-09 22:14:06)
Entropy . . . . . : 7.6
SHA-256 . . . . . : D7F8856D466D6B41826467515841AEEB4AE34A603ACD8E89CD5781FF0DE1A9B1
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\mahmoud\Desktop\FRST.exe
Forensic Cluster
-1.1s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
-1.1s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
-0.8s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
-0.8s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
-0.6s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD93EFAA98C44CFDF0C0461C0035283C_522D80A7B1474F1D292BDD8D27E44430
-0.6s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD93EFAA98C44CFDF0C0461C0035283C_522D80A7B1474F1D292BDD8D27E44430
0.0s C:\Users\mahmoud\Desktop\FRST.exe
2.7s C:\Windows\Prefetch\ReadyBoot\Trace1.fx

C:\Users\mahmoud\Downloads\FRST.exe
Size . . . . . . . : 1,740,288 bytes
Age . . . . . . . : 3.7 days (2016-07-07 05:34:09)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 8A598513BAA5A7400F655A8A93948B861015CBC65D675640A6245CE3935AC09D
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.


Malware remnants ____________________________________________________________

HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com\ (SuperFish)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com\ (SuperFish)

Potential Unwanted Programs _________________________________________________

C:\Program Files\WinZipper\ (AirZip)
C:\Program Files\WinZipper\curlpp.dll (AirZip)
Size . . . . . . . : 582,144 bytes
Age . . . . . . . : 5.8 days (2016-07-05 01:52:18)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 4D47DE147E0981CCA527BC13A5D0BC77E8D3C00FBAB78461D9B7B398A655B831
Product . . . . . : curlpp.dll
Description . . . : libcurl wrapper
Version . . . . . : 0.7.3.0
LanguageID . . . . : 1033
Fuzzy . . . . . . : 5.0

C:\Program Files\WinZipper\image\default\ (AirZip)
C:\Program Files\WinZipper\image\default\additem.png (AirZip)
C:\Program Files\WinZipper\image\default\app_icon.png (AirZip)
C:\Program Files\WinZipper\image\default\back.png (AirZip)
C:\Program Files\WinZipper\image\default\Background_Main.png (AirZip)
C:\Program Files\WinZipper\image\default\Background_Small_2.png (AirZip)
C:\Program Files\WinZipper\image\default\browse_button.png (AirZip)
C:\Program Files\WinZipper\image\default\checkbox_blank.png (AirZip)
C:\Program Files\WinZipper\image\default\checkbox_select.png (AirZip)
C:\Program Files\WinZipper\image\default\combo.png (AirZip)
C:\Program Files\WinZipper\image\default\combo_skin.png (AirZip)
C:\Program Files\WinZipper\image\default\deleteitem.png (AirZip)
C:\Program Files\WinZipper\image\default\deskbtnbk.png (AirZip)
C:\Program Files\WinZipper\image\default\edit_skin.png (AirZip)
C:\Program Files\WinZipper\image\default\extractto.png (AirZip)
C:\Program Files\WinZipper\image\default\folder.png (AirZip)
C:\Program Files\WinZipper\image\default\footerbg.png (AirZip)
C:\Program Files\WinZipper\image\default\install_back.png (AirZip)
C:\Program Files\WinZipper\image\default\install_button_skin.png (AirZip)
C:\Program Files\WinZipper\image\default\install_check_checked.png (AirZip)
C:\Program Files\WinZipper\image\default\install_check_intermediate.png (AirZip)
C:\Program Files\WinZipper\image\default\install_check_uncheck.png (AirZip)
C:\Program Files\WinZipper\image\default\install_logo.png (AirZip)
C:\Program Files\WinZipper\image\default\install_new_button_skin.png (AirZip)
C:\Program Files\WinZipper\image\default\install_resource.xml (AirZip)
C:\Program Files\WinZipper\image\default\listctrl_header_bk.png (AirZip)
C:\Program Files\WinZipper\image\default\listview_report.png (AirZip)
C:\Program Files\WinZipper\image\default\listview_thumb.png (AirZip)
C:\Program Files\WinZipper\image\default\menu_bkg.png (AirZip)
C:\Program Files\WinZipper\image\default\menu_item_over.png (AirZip)
C:\Program Files\WinZipper\image\default\menubg.png (AirZip)
C:\Program Files\WinZipper\image\default\onekeyextract.png (AirZip)
C:\Program Files\WinZipper\image\default\patch_file_icon.png (AirZip)
C:\Program Files\WinZipper\image\default\pic-error.png (AirZip)
C:\Program Files\WinZipper\image\default\pic-info.png (AirZip)
C:\Program Files\WinZipper\image\default\pic-question.png (AirZip)
C:\Program Files\WinZipper\image\default\pic-warning.png (AirZip)
C:\Program Files\WinZipper\image\default\popup_dialog_bk.png (AirZip)
C:\Program Files\WinZipper\image\default\progress_bk.png (AirZip)
C:\Program Files\WinZipper\image\default\progress_meter.png (AirZip)
C:\Program Files\WinZipper\image\default\progressbar_bk.png (AirZip)
C:\Program Files\WinZipper\image\default\progressbar_image.png (AirZip)
C:\Program Files\WinZipper\image\default\pwd_lock.png (AirZip)
C:\Program Files\WinZipper\image\default\pwd_unlock.png (AirZip)
C:\Program Files\WinZipper\image\default\radio_normal.png (AirZip)
C:\Program Files\WinZipper\image\default\radio_selected.png (AirZip)
C:\Program Files\WinZipper\image\default\resource.xml (AirZip)
C:\Program Files\WinZipper\image\default\settingbkg.png (AirZip)
C:\Program Files\WinZipper\image\default\settingtab.png (AirZip)
C:\Program Files\WinZipper\image\default\sys_button_close.png (AirZip)
C:\Program Files\WinZipper\image\default\sys_button_max.PNG (AirZip)
C:\Program Files\WinZipper\image\default\sys_button_min.PNG (AirZip)
C:\Program Files\WinZipper\image\default\sys_button_restore.PNG (AirZip)
C:\Program Files\WinZipper\image\default\sys_close.png (AirZip)
C:\Program Files\WinZipper\image\default\tobutton1.png (AirZip)
C:\Program Files\WinZipper\image\default\vscroll.png (AirZip)
C:\Program Files\WinZipper\language\en_us\ (AirZip)
C:\Program Files\WinZipper\language\en_us\eCompress_lang.ini (AirZip)
C:\Program Files\WinZipper\language\en_us\install_lang.ini (AirZip)
C:\Program Files\WinZipper\language\es_es\ (AirZip)
C:\Program Files\WinZipper\language\es_es\eCompress_lang.ini (AirZip)
C:\Program Files\WinZipper\language\es_es\install_lang.ini (AirZip)
C:\Program Files\WinZipper\language\pt_br\ (AirZip)
C:\Program Files\WinZipper\language\pt_br\eCompress_lang.ini (AirZip)
C:\Program Files\WinZipper\language\pt_br\install_lang.ini (AirZip)
C:\Program Files\WinZipper\language\tr_tr\ (AirZip)
C:\Program Files\WinZipper\language\tr_tr\eCompress_lang.ini (AirZip)
C:\Program Files\WinZipper\language\tr_tr\install_lang.ini (AirZip)
C:\Program Files\WinZipper\layout\default\ (AirZip)
C:\Program Files\WinZipper\layout\default\about.xml (AirZip)
C:\Program Files\WinZipper\layout\default\brower.xml (AirZip)
C:\Program Files\WinZipper\layout\default\compresspath.xml (AirZip)
C:\Program Files\WinZipper\layout\default\compresspwd.xml (AirZip)
C:\Program Files\WinZipper\layout\default\error.xml (AirZip)
C:\Program Files\WinZipper\layout\default\extractpath.xml (AirZip)
C:\Program Files\WinZipper\layout\default\install_msgbox.xml (AirZip)
C:\Program Files\WinZipper\layout\default\languageSelect.xml (AirZip)
C:\Program Files\WinZipper\layout\default\msgbox.xml (AirZip)
C:\Program Files\WinZipper\layout\default\OmigaZipInstall.xml (AirZip)
C:\Program Files\WinZipper\layout\default\overwrite.xml (AirZip)
C:\Program Files\WinZipper\layout\default\password.xml (AirZip)
C:\Program Files\WinZipper\layout\default\progress.xml (AirZip)
C:\Program Files\WinZipper\layout\default\rename.xml (AirZip)
C:\Program Files\WinZipper\layout\default\setting.xml (AirZip)
C:\Program Files\WinZipper\layout\default\uninstOmigaZip.xml (AirZip)
C:\Program Files\WinZipper\libcurl.dll (AirZip)
Size . . . . . . . : 297,984 bytes
Age . . . . . . . : 5.8 days (2016-07-05 01:52:19)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 1CEEB7CCAE0E652649C3093700A8C3AD45600673D0F39A8B724F6A1C4876586B
Product . . . . . : The cURL library
Publisher . . . . : The cURL library, http://curl.haxx.se/
Description . . . : libcurl Shared Library
Version . . . . . : 7.37.0
Copyright . . . . : ?1996 - 2014 Daniel Stenberg, <daniel@haxx.se>.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 2.0

C:\Program Files\WinZipper\libeay32.dll (AirZip)
Size . . . . . . . : 1,173,504 bytes
Age . . . . . . . : 5.8 days (2016-07-05 01:52:21)
Entropy . . . . . : 6.8
SHA-256 . . . . . : 414A9B152587703563168AE7BFCCD4767DAF5AE4D0DB79D1E2FA3B193FDE297E
Product . . . . . : The OpenSSL Toolkit
Publisher . . . . : The OpenSSL Project, http://www.openssl.org/
Description . . . : OpenSSL Shared Library
Version . . . . . : 1.0.1j
Copyright . . . . : Copyright ?1998-2005 The OpenSSL Project. Copyright ?1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 2.0

C:\Program Files\WinZipper\log\ (AirZip)
C:\Program Files\WinZipper\log\winzipersvc.log (AirZip)
C:\Program Files\WinZipper\main (AirZip)
C:\Program Files\WinZipper\segoeui.ttf (AirZip)
C:\Program Files\WinZipper\segoeuib.ttf (AirZip)
C:\Program Files\WinZipper\ssleay32.dll (AirZip)
Size . . . . . . . : 273,408 bytes
Age . . . . . . . : 5.8 days (2016-07-05 01:52:22)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 4B088315DDF11B5C6790575E58250CB35A5C3C14B0360C9AE52D135552E25AB9
Product . . . . . : The OpenSSL Toolkit
Publisher . . . . : The OpenSSL Project, http://www.openssl.org/
Description . . . : OpenSSL Shared Library
Version . . . . . : 1.0.1j
Copyright . . . . : Copyright ?1998-2005 The OpenSSL Project. Copyright ?1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 2.0

C:\Program Files\WinZipper\style\ (AirZip)
C:\Program Files\WinZipper\style\install_style.xml (AirZip)
C:\Program Files\WinZipper\style\style.xml (AirZip)
C:\Program Files\WinZipper\uninstaller\ (AirZip)
C:\Program Files\WinZipper\uninstaller\OmigaZip.inst (AirZip)
C:\Program Files\WinZipper\wz_settings.ini (AirZip)
C:\Program Files\WinZipper\zlib1.dll (AirZip)
Size . . . . . . . : 66,560 bytes
Age . . . . . . . : 5.8 days (2016-07-05 01:52:25)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 6F485094E674B61DAEFB58B5934F2DF0B4580045EC24ACACFC0777C2E3F5D957
Product . . . . . : zlib
Description . . . : zlib data compression library
Version . . . . . : 1.2.5
Copyright . . . . : (C) 1995-2006 Jean-loup Gailly & Mark Adler
LanguageID . . . . : 1033
Fuzzy . . . . . . : 3.0

C:\Users\mahmoud\AppData\Local\globalUpdate\ (GlobalUpdate)
webssearches
C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Web Data

C:\Users\mahmoud\AppData\Roaming\eCyber\ (NationZoom)
C:\Windows\System32\config\systemprofile\AppData\Roaming\WeatherTool\ (WeatherTool)
C:\Windows\System32\config\systemprofile\AppData\Roaming\WeatherTool\dump\ (WeatherTool)
C:\Windows\System32\config\systemprofile\AppData\Roaming\WeatherTool\dump\BugReportConfig.ini (WeatherTool)
HKLM\SOFTWARE\AppDataLow\Software\Crossrider\ (Crossrider)
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper\ (AirZip)
HKLM\SOFTWARE\Classes\AppID\{2d7406ab-9e68-42e7-a00a-0966593b63c7}\ (Yontoo)
HKLM\SOFTWARE\Classes\AppID\{bf2d6346-7e40-4561-ac08-418d432d200f}\ (Yontoo)
HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}\ (FTDownloader)
HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}\ (BrowsePulse)
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper\ (AirZip)
HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinZipper\ (AirZip)
HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper\ (AirZip)
HKLM\SOFTWARE\Classes\PicexaViewer.bmp\ (Picexa)
HKLM\SOFTWARE\Classes\PicexaViewer.gif\ (Picexa)
HKLM\SOFTWARE\Classes\PicexaViewer.jpeg\ (Picexa)
HKLM\SOFTWARE\Classes\PicexaViewer.jpg\ (Picexa)
HKLM\SOFTWARE\Classes\PicexaViewer.png\ (Picexa)
HKLM\SOFTWARE\Classes\PicexaViewer.tif\ (Picexa)
HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}\ (SupTab)
HKLM\SOFTWARE\delta-homesSoftware\ (Delta Search)
HKLM\SOFTWARE\GlobalUpdate\ (GlobalUpdate)
HKLM\SOFTWARE\hdcode\ (PortalDoSites)
HKLM\SOFTWARE\IHProtect\ (XTab)
HKLM\SOFTWARE\istartsurfSoftware\ (iStartSurf)
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6)
HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32\ (AskBar)
HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS\ (AskBar)
HKLM\SOFTWARE\Microsoft\Tracing\dsrlte_RASAPI32\ (KeepMySearch)
HKLM\SOFTWARE\Microsoft\Tracing\dsrlte_RASMANCS\ (KeepMySearch)
HKLM\SOFTWARE\Microsoft\Tracing\dsrsetup_RASAPI32\ (KeepMySearch)
HKLM\SOFTWARE\Microsoft\Tracing\dsrsetup_RASMANCS\ (KeepMySearch)
HKLM\SOFTWARE\Microsoft\Tracing\ProtectService_RASAPI32\ (WindowsMangerProtect)
HKLM\SOFTWARE\Microsoft\Tracing\ProtectService_RASMANCS\ (WindowsMangerProtect)
HKLM\SOFTWARE\Microsoft\Tracing\ProtectWindowsManager_RASAPI32\ (WindowsMangerProtect)
HKLM\SOFTWARE\Microsoft\Tracing\ProtectWindowsManager_RASMANCS\ (WindowsMangerProtect)
HKLM\SOFTWARE\Microsoft\Tracing\rkinstaller_RASAPI32\ (RelevantKnowledge)
HKLM\SOFTWARE\Microsoft\Tracing\rkinstaller_RASMANCS\ (RelevantKnowledge)
HKLM\SOFTWARE\Microsoft\Tracing\rlvknlg_RASAPI32\ (RelevantKnowledge)
HKLM\SOFTWARE\Microsoft\Tracing\rlvknlg_RASMANCS\ (RelevantKnowledge)
HKLM\SOFTWARE\Microsoft\Tracing\winzipersvc_RASAPI32\ (AirZip)
HKLM\SOFTWARE\Microsoft\Tracing\winzipersvc_RASMANCS\ (AirZip)
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32\ (WindowsMangerProtect)
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS\ (WindowsMangerProtect)
HKLM\SOFTWARE\SupDp\ (XTab)
HKLM\SOFTWARE\supTab\ (FTDownloader)
HKLM\SOFTWARE\supWindowsMangerProtect\ (WindowsMangerProtect)
HKLM\SOFTWARE\WeatherTool\ (WeatherTool)
HKLM\SOFTWARE\webssearchesSoftware\ (SpeedSurfing)
HKLM\SYSTEM\ControlSet001\services\eventlog\Application\PicexaService\ (Picexa)
HKLM\SYSTEM\ControlSet001\services\eventlog\Application\WindowsMangerProtect\ (WindowsMangerProtect)
HKLM\SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc\ (AirZip)
HKLM\SYSTEM\ControlSet002\services\eventlog\Application\PicexaService\ (Picexa)
HKLM\SYSTEM\ControlSet002\services\eventlog\Application\WindowsMangerProtect\ (WindowsMangerProtect)
HKLM\SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc\ (AirZip)
HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\PicexaService\ (Picexa)
HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\WindowsMangerProtect\ (WindowsMangerProtect)
HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc\ (AirZip)
HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
HKU\.DEFAULT\Software\AppDataLow\Software\SavePass 1.1\ (SavePass)
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1\ (SavePass)
HKU\.DEFAULT\Software\SavePass 1.1-nv\ (SavePass)
HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
HKU\S-1-5-18\Software\AppDataLow\Software\SavePass 1.1\ (SavePass)
HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1\ (SavePass)
HKU\S-1-5-18\Software\SavePass 1.1-nv\ (SavePass)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1\ (SavePass)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\globalUpdate\ (GlobalUpdate)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com\ (HAO123)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com\ (Webssearches)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}\ (XTab)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ (FTDownloader)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1\ (SavePass)


[/code]

Publicité


Signaler le contenu de ce document

Publicité