Rapport de ZHPDiag v2013.6.13.18 par Nicolas Coolman, Update du 13/06/2013 Run by RJ at 16/06/2013 09:26:22 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 21.0 (Defaut) GCIE: Google Chrome v27.0.1453.110 ---\\ Windows Product Information ~ Langage: Français Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : HYRR2 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Key Management Service client information : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection avast! Free Antivirus v8.0.1489.0 Windows Defender W7 ---\\ System Optimizer CCleaner v3.21 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (51% free) System Restore: Activé (Enable) System drive C: has 6 GB (17%) free of 33 GB ---\\ Logged in mode ~ Computer Name: RJ-PC ~ User Name: RJ ~ All Users Names: RJ, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\RJ\AppData\Roaming\ ~ %Desktop% : C:\Users\RJ\Desktop\ ~ %Favorites% : C:\Users\RJ\Favorites\ ~ %LocalAppData% : C:\Users\RJ\AppData\Local\ ~ %StartMenu% : C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 33 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 37 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 22 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 20 Go) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations ~ Security Center: 26 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/9 ~ Mes musiques (My Musics) : 2/4 ~ Mes Favoris (My Favorites) : 1/36 ~ Mes Documents (My Documents) : 2/16 ~ Mon Bureau (My Desktop) : 1/51 ~ Menu demarrer (Programs) : 1/22 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.013A330F16B1CECBDE5CB6F921689523] - (...) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728] [PID.2012] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1236] [MD5.3CA0930370D5D5D40CD261074DA3438E] - (.Symantec Corporation - Tray Application.) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe [2598760] [PID.2980] [MD5.EE07CB7CAFF4EE1F249BA69F1A98C90B] - (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe [1309352] [PID.3132] [MD5.090956557CC68D25C1BCA9A2703A9ABA] - (.brother - brstswnd.) -- C:\Program Files\Brownie\BrStsWnd.exe [3618104] [PID.3196] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3204] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3348] [MD5.3588AFA5623BB8844F71F271A7A96669] - (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe [634368] [PID.3608] [MD5.5A56936640ECF4DBC94FDB9A759EDF23] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe [90112] [PID.2932] [MD5.BCACA78707C8B44F732CCE05918277D3] - (.brother - brcdcmon.) -- C:\Program Files\Brownie\brpjp04a.exe [99632] [PID.1780] [MD5.19669327968537BA685F5C836180B493] - (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\systray\systrayapp.exe [94208] [PID.3512] [MD5.66F516A78C1D220FE0F429DF5EF0DE5D] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\Windows\system32\ntvdm.exe [526848] [PID.6020] [MD5.639B783F5BC546D8D9662881730AFF9B] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310224] [PID.5068] [MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.5816] [MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.5088] [MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.3376] [MD5.B8DD83B85636F7D6EC0F09B090E49130] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7494656] [PID.5880] [MD5.E937A615D4289E83E234C3EC26092431] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.6.) -- C:\Windows\system32\nvvsvc.exe [203296] [PID.748] [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1472] [MD5.E536D1CDE3F600F49D606ADED29A50E2] - (.eSafe Security Co., Ltd. - eSafe Security Control 1.0.0.2405.) -- C:\ProgramData\eSafe\eGdpSvc.exe [360512] [PID.1528] =>PUP.eSafeSecurity [MD5.B7B14723191CB9C319D450E4D0A298A8] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\Omiga Plus\omigaplusSvc.exe [424104] [PID.1628] [MD5.45569383A11E33BE2348EF65AA3CEB97] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1724] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1968] [MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\Windows\system32\srvany.exe [8192] [PID.3140] [MD5.82865FF17BC664C711EFA674759F9991] - (...) -- C:\Windows\KMService.exe [77824] [PID.3308] [MD5.A1787754952A0B700E386DC7C5FA5726] - (.Symantec Corporation - Service Module.) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4590432] [PID.3356] [MD5.21FF886E6F679FC1EB352F231E846357] - (.Symantec - Symantec Snapshot Service.) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528] [PID.4800] [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2716] [MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\prefs.js C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\user.js C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\prefs.js C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\user.js M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\searchplugins\delta.xml M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\searchplugins\delta.xml M3 - MFPP: Plugins - [RJ] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [RJ] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6 M0 - MFSP: prefs.js [RJ - 1g6ehhzn.default] http://www.qvo6.com =>Hijacker.Qvo6 M0 - MFSP: prefs.js [RJ - qxio7ndl.default-1361788727015] http://www.qvo6.com =>Hijacker.Qvo6 M2 - MFEP: prefs.js [RJ - 1g6ehhzn.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) M2 - MFEP: prefs.js [RJ - 1g6ehhzn.default\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v1.5.0 (..) M2 - MFEP: prefs.js [RJ - qxio7ndl.default-1361788727015\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) M2 - MFEP: prefs.js [RJ - qxio7ndl.default-1361788727015\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v1.5.0 (..) P2 - FPN: [HKLM] [@Diginext.fr/VirtualGeoGP] - (.DIGINEXT - VirtualGeoGP Plugin v3.1.0.1811.) -- C:\Program Files\VirtualGeo3-GP\WebPlugin\Win32\npQtAPI3DPlugin.dll ~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6 R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6 ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 79 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} . (...) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (.not file.) O2 - BHO: Ashampoo FR - {ba679afc-8ba0-48f4-b8bf-c144e8699fbc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Ashampoo_FR\prxtbAsha.dll =>Toolbar.Conduit O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll =>Toolbar.DeltaSearch O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\RJ\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: barre d'outils Orange - [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} . (.Orange - IE Toolbar Container.) -- C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll O3 - Toolbar: Ashampoo FR Toolbar - [HKLM]{ba679afc-8ba0-48f4-b8bf-c144e8699fbc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Ashampoo_FR\prxtbAsha.dll =>Toolbar.Conduit O3 - Toolbar: IMinent Toolbar - [HKLM]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} . (...) -- C:\Program Files\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster O3 - Toolbar: ZoneAlarm Security Engine - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (...) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll =>Toolbar.DeltaSearch ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [Norton Ghost 15.0] . (.Symantec Corporation - Tray Application.) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe O4 - HKLM\..\Run: [BrStsWnd] . (.brother - brstswnd.) -- C:\Program Files\Brownie\BrstsWnd.exe O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (.not file.) O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline O4 - HKCU\..\Run: [MailNotifier] . (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder O4 - HKCU\..\Run: [Bubble Dock] C:\Users\RJ\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) O4 - HKCU\..\Run: [SSync] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SSync\SSync.exe O4 - HKCU\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\RJ\AppData\Roaming\DataMgr\DataMgr.exe O4 - HKCU\..\Run: [SCheck] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SCheck\SCheck.exe O4 - HKCU\..\Run: [Intermediate] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\Intermediate\Intermediate.exe O4 - HKCU\..\Run: [Omiga Plus] . (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [AdobeBridge] Clé orpheline O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [MailNotifier] . (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Bubble Dock] C:\Users\RJ\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [SSync] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SSync\SSync.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\RJ\AppData\Roaming\DataMgr\DataMgr.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [SCheck] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SCheck\SCheck.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Intermediate] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\Intermediate\Intermediate.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Omiga Plus] . (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\TaskBar: MWSnap.exe - Raccourci.lnk . (.Mirek Wojtowicz - Pas de description.) -- C:\Program Files\MWSnap\MWSnap.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\Desktop: ACCES 2010.lnk . (.Microsoft Corporation - Microsoft Access.) -- C:\Program Files\Microsoft Office\Office14\MSACCESS.exe O4 - GS\Desktop: AcroRd32.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe O4 - GS\Desktop: AOMEI Partition Assistant Home Edition 5.0.lnk . (.AOMEI Technology Co., Ltd - AOMEI Partition Assistant.) -- C:\Program Files\AOMEI Partition Assistant Home Edition 5.0\PartAssist.exe O4 - GS\Desktop: ArchiFacile.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\ArchiFacile.exe O4 - GS\Desktop: Ashampoo Photo Commander 9.lnk . (.ashampoo GmbH & Co. KG - Ashampoo Photo Commander 9.) -- C:\Program Files\Ashampoo\Ashampoo Photo Commander 9\apc.exe O4 - GS\Desktop: Audacity 1.3 Beta (Unicode).lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) -- C:\Program Files\Audacity 1.3 Beta (Unicode)\audacity.exe O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - GS\Desktop: Captvty.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\CapTVty\Captvty.exe O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd O4 - GS\Desktop: Chess.lnk . (.Microsoft Corporation - Fichier exécutable du jeu Chess Titans.) -- C:\Program Files\Microsoft Games\Chess\Chess.exe O4 - GS\Desktop: CRAPETTE.lnk . (...) -- C:\Program Files\Crapette Jardin Trains 32\CRAPETTE.exe O4 - GS\Desktop: Defraggler.lnk . (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe O4 - GS\Desktop: Easy Thumbnails.lnk . (.Fookes Software - Easy Thumbnails.) -- C:\Program Files\Easy Thumbnails\EzThumbs.exe O4 - GS\Desktop: EDIUS-6.lnk . (.Thomson Canopus Co., Ltd. - EDIUS.) -- C:\Program Files\Grass Valley\EDIUS 6\EDIUS.exe O4 - GS\Desktop: EPSON Photo Print.lnk . (.SEIKO EPSON CORP. - EPSON Photo Print.) -- C:\Program Files\EPSON\Photo Print\EPPApp.exe O4 - GS\Desktop: EPSON Smart Panel.lnk . (.NewSoft - SMART PANEL.) -- C:\Program Files\EPSON\Smart Panel\SmaPanel.exe O4 - GS\Desktop: Exact Audio Copy.lnk . (...) -- C:\Program Files\Exact Audio Copy\EAC.exe O4 - GS\Desktop: EXCEL 2010.lnk . (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files\Microsoft Office\Office14\EXCEL.exe O4 - GS\Desktop: FileZilla Client.lnk . (.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files\FileZilla FTP Client\filezilla.exe O4 - GS\Desktop: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Desktop: Free MP3 Sound Recorder.lnk . (...) -- C:\Program Files\Free MP3 Sound Recorder\mp3recorder.exe O4 - GS\Desktop: Free Video to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - Free All Converter.) -- C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\FreeVideoToMP3Converter.exe O4 - GS\Desktop: Free YouTube Download.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeDownload.) -- C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Desktop: Guide Edius 6.lnk . (...) -- E:\Docum\Docum RJL\Video-Edius\Guide Edius 6.pdf O4 - GS\Desktop: HxD.lnk . (.Maël Hörz - HxD Hex Editor.) -- C:\Program Files\HxD\HxD.exe O4 - GS\Desktop: Jeux.lnk . (...) -- E:\Docum\Docum RJL\Games O4 - GS\Desktop: LaBoiteACouleurs.lnk . (.Benjamin Chartier - Color conversion tool.) -- C:\Program Files\LaBoiteACouleurs\LaBoiteACouleurs.exe O4 - GS\Desktop: Mahjong.lnk - Clé orpheline O4 - GS\Desktop: MWSnap.lnk . (.Mirek Wojtowicz - Pas de description.) -- C:\Program Files\MWSnap\MWSnap.exe O4 - GS\Desktop: MyCDPro.lnk . (.VERITAS Software Corp. - CD/DVD Mastering Application.) -- C:\Program Files\orlogix\RecordNow DX\MyCDPro.exe O4 - GS\Desktop: Notepad++.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe O4 - GS\Desktop: Pamus MP3 Recorder.lnk . (.PapierMusique - MP3 Recorder.) -- C:\Program Files\Pamus MP3 Recorder\PaMus MP3 Recorder.exe O4 - GS\Desktop: Photoshop.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe O4 - GS\Desktop: POWERPNT 2010.lnk . (.Microsoft Corporation - Microsoft PowerPoint.) -- C:\Program Files\Microsoft Office\Office14\POWERPNT.exe O4 - GS\Desktop: Print Management.lnk . (...) -- C:\Windows\system32\printmanagement.msc O4 - GS\Desktop: scLive.lnk . (...) -- C:\Program Files\SClive\scLive.exe O4 - GS\Desktop: Solitaire.lnk - Clé orpheline O4 - GS\Desktop: SONY Sound Organizer.lnk . (.Sony Corporation - Sound Organizer.) -- C:\Program Files\Sony\Sound Organizer\SoundOrganizer.exe O4 - GS\Desktop: thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe O4 - GS\Desktop: TomTom Via-120.pdf.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\52688-tomtom-via-120.pdf O4 - GS\Desktop: VLC media player.lnk . (.VideoLAN - VLC media player 2.0.5.) -- C:\Program Files\VideoLAN\VLC\vlc.exe O4 - GS\Desktop: VProConsole.lnk . (.Symantec Corporation - Norton Ghost VProConsole.) -- C:\Program Files\Norton Ghost\Console\VProConsole.exe O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Desktop: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe O4 - GS\Desktop: WORD 2010.lnk . (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe O4 - GS\Desktop: YouTube To MP3 Converter.lnk . (.Sofonica Ltd. - YouTube to MP3 Converter.) -- C:\Program Files\YouTube To MP3 Converter\youtubeconv.exe ~ Global Startup: Scanned in 00mn 03s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.fr O15 - Trusted Zone: [HKCU\...\Domains] http.localhost O15 - Trusted Zone: [HKLM\...\Domains] http.geoportail.fr ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BrowserDefendert (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe O23 - Service: Omiga plus service (omigaplussvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\Omiga Plus\omigaplusSvc.exe O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe ~ Services: 11 Legitimates Filtered in 00mn 37s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\RJ\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly [MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find [MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.EE07CB7CAFF4EE1F249BA69F1A98C90B] [APT] [Omiga Plus RunAsStdUser] (.Taiwan Shui Mu Chih Ching Technology Limite.) -- C:\Program Files\Omiga Plus\omigaplus.exe [1309352] [MD5.00000000000000000000000000000000] [APT] [{37114CA2-85B2-4ABF-90ED-D102F9C29872}] (...) -- G:\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F7A76360-7791-4879-ACF4-909EFF1B4DCD}] (...) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (.not file.) [0] ~ Scheduled Task: 18 Legitimates Filtered in 00mn 06s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (cdrblock) . (.Canopus Co,. Ltd. - CD-ROM Block Filter Driver.) - C:\Windows\System32\DRIVERS\cdrblock.sys ~ Drivers: 66 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} O42 - Logiciel: Copy Utility - (...) [HKLM] -- Copy Utility O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta O42 - Logiciel: EDIUS 6.01 - (.Thomson Canopus Co., Ltd..) [HKLM] -- {B91A1230-C199-421e-8F63-7235731D925E} O42 - Logiciel: Free MP3 Sound Recorder v1.9 - (.Nbxsoft Inc..) [HKLM] -- Free MP3 Sound Recorder_is1 O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} O42 - Logiciel: eSafe Security Control 1.0.0.2405 - (.eSafe Security Co., Ltd..) [HKLM] -- eSafeSecControl =>PUP.eSafeSecurity ~ Logic: 92 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\AppDataLow\Toolbar] [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Default Tab] =>Adware.Bandoo [HKCU\Software\Delta] [HKCU\Software\FSR] [HKCU\Software\Filesland] [HKCU\Software\GoforFiles] =>P2P.GoforFiles [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\MediaFinder] =>PUP.MediaFinder [HKCU\Software\NetIntellGames] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito [HKCU\Software\PicturesToExe_RegType] [HKCU\Software\Protector] [HKCU\Software\Softonic] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\WaterProof] [HKCU\Software\f28a8ab36ee449] [HKCU\Software\lollipop] =>Adware.Lollipop [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Delta] [HKLM\Software\GoforFiles] =>P2P.GoforFiles [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Pocket Soft] [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\V9] [HKLM\Software\babylontoolbar] =>Toolbar.Babylon [HKLM\Software\deskSvc] [HKLM\Software\f28a8ab36ee449] ~ Key Software: 236 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 09/12/2011 - 01:23:10 - [0,925] ----D C:\Program Files\CodecOption O43 - CFD: 15/06/2013 - 18:43:10 - [2,342] ----D C:\Program Files\Delta O43 - CFD: 15/06/2013 - 18:50:17 - [0,008] ----D C:\Program Files\Desk 365 =>Hijacker.22Find O43 - CFD: 15/03/2013 - 23:03:57 - [2,267] ----D C:\Program Files\Free MP3 Sound Recorder O43 - CFD: 29/01/2013 - 17:40:10 - [4,444] ----D C:\Program Files\GoforFiles =>P2P.GoforFiles O43 - CFD: 09/12/2011 - 01:20:04 - [266,476] ----D C:\Program Files\Grass Valley O43 - CFD: 11/12/2011 - 23:27:02 - [7,973] ----D C:\Program Files\orlogix O43 - CFD: 01/01/2012 - 11:30:43 - [1,465] ----D C:\Program Files\SClive O43 - CFD: 24/02/2013 - 22:14:20 - [6,735] ----D C:\Program Files\YouTube To MP3 Converter O43 - CFD: 15/06/2013 - 18:48:51 - [33,331] ----D C:\Program Files\Common Files\337 O43 - CFD: 19/05/2013 - 16:45:06 - [1,742] ----D C:\Program Files\Common Files\NetIntellGames Shared O43 - CFD: 05/01/2013 - 17:34:06 - [0] ----D C:\ProgramData\Ask O43 - CFD: 03/08/2012 - 17:10:04 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 15/06/2013 - 18:43:14 - [7,883] ----D C:\ProgramData\BrowserDefender O43 - CFD: 16/06/2013 - 08:48:55 - [0,688] ----D C:\ProgramData\eSafe O43 - CFD: 28/01/2012 - 12:03:15 - [0,004] ----D C:\ProgramData\FE8 O43 - CFD: 29/01/2013 - 17:43:56 - [1,194] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 15/06/2013 - 18:50:41 - [3,727] ----D C:\Users\RJ\AppData\Roaming\337 O43 - CFD: 03/08/2012 - 17:10:04 - [0,032] ----D C:\Users\RJ\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 05/04/2013 - 09:23:21 - [0,161] ----D C:\Users\RJ\AppData\Roaming\DataMgr O43 - CFD: 15/06/2013 - 18:43:08 - [0,259] ----D C:\Users\RJ\AppData\Roaming\Delta O43 - CFD: 15/06/2013 - 18:48:15 - [14,314] ----D C:\Users\RJ\AppData\Roaming\Desk 365 =>Hijacker.22Find O43 - CFD: 15/06/2013 - 18:47:32 - [5,183] ----D C:\Users\RJ\AppData\Roaming\eIntaller O43 - CFD: 25/02/2013 - 11:50:57 - [0,487] ----D C:\Users\RJ\AppData\Roaming\FBDownloader O43 - CFD: 29/01/2013 - 17:01:38 - [0,001] ----D C:\Users\RJ\AppData\Roaming\GoforFiles =>P2P.GoforFiles O43 - CFD: 29/01/2013 - 17:46:38 - [0,430] ----D C:\Users\RJ\AppData\Roaming\Media Finder =>PUP.MediaFinder O43 - CFD: 03/08/2012 - 17:11:28 - [0,333] ----D C:\Users\RJ\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 13/07/2012 - 14:56:58 - [0,041] ----D C:\Users\RJ\AppData\Roaming\WaterProof O43 - CFD: 29/01/2013 - 17:42:51 - [0] ----D C:\Users\RJ\AppData\Local\Lollipop =>Adware.Lollipop O43 - CFD: 29/01/2013 - 17:46:20 - [0,000] ----D C:\Users\RJ\AppData\Local\SwvUpdater =>PUP.Software.Updater O43 - CFD: 15/06/2013 - 18:43:18 - [0,001] ----D C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender ~ Program Folder: 224 Legitimates Filtered in 00mn 57s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.8695F75799F314AEFD4922C73B257E30] - 16/06/2013 - 07:47:33 ---A- . (...) -- C:\Windows\Brownie.ini [409] O44 - LFC:[MD5.1574DD9D409F2DC45CF82C22B99164A4] - 15/06/2013 - 17:48:55 ---A- . (...) -- C:\Windows\System32\pdfcmnnt.dll [116224] O44 - LFC:[MD5.F07BF02D664F0255C2B3AB6C29AA2F21] - 12/06/2013 - 08:45:37 ---A- . (.France Telecom SA - Pas de description.) -- C:\Windows\System32\Autodial2000.dll [65536] ~ Files: 50 Legitimates Filtered in 01mn 08s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.ECA9340BB8C97BA32C8B6838FF8A85E4] - 15/06/2013 - 19:34:37 ---A- - C:\Windows\Prefetch\WLUA.EXE-0665EF61.pf O45 - LFCP:[MD5.DAC5CBA8353E599930200E875C81B760] - 15/06/2013 - 20:47:25 ---A- - C:\Windows\Prefetch\SMAPANEL.EXE-A340B69D.pf O45 - LFCP:[MD5.8E60AA9A2E27FADE920989A6D85F2FE8] - 15/06/2013 - 21:43:50 ---A- - C:\Windows\Prefetch\FILE.EXE-BB20D208.pf O45 - LFCP:[MD5.5AE9CF831F7E292F8323C041D3D3A623] - 15/06/2013 - 22:07:01 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-399F8FF5.pf O45 - LFCP:[MD5.DCF2E7E0D07A6E0BCCB23689763CA01E] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\BRSTSWND.EXE-CC8AAC01.pf O45 - LFCP:[MD5.87747E3FF6306787F08FC60EC3296E81] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\KMSERVICE.EXE-9D935429.pf O45 - LFCP:[MD5.6BDE73D07254E3344D91469EF8C0BF0A] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\SESSIONMANAGER.EXE-C0ABC68C.pf O45 - LFCP:[MD5.5B8C47A6393D87010D187DDAB360C8C6] - 16/06/2013 - 07:48:55 ---A- - C:\Windows\Prefetch\SYMSNAPSERVICE.EXE-41354E93.pf O45 - LFCP:[MD5.837D965CEFA98E2ABA4D0FD14299C6D7] - 16/06/2013 - 08:15:36 ---A- - C:\Windows\Prefetch\PLUSAPP.EXE-CCBBCB0A.pf O45 - LFCP:[MD5.FC56689245E7CD2C6D81750C2C78F04C] - 16/06/2013 - 08:15:56 ---A- - C:\Windows\Prefetch\DUP.EXE-EB7BFB9D.pf ~ Prefetcher: 96 Legitimates Filtered in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{47efdbbd-3864-11e1-bd04-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.) O51 - MPSK:{88753e5b-a24d-11e1-8fe6-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.) O51 - MPSK:{88753e80-a24d-11e1-8fe6-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"vidc.CDV5"="cdv5codc.dll" . (.Thomson Canopus Co., Ltd. - DVCPRO 50 Codec Front-End.) -- C:\Windows\System32\cdv5codc.dll O52 - TDSD: \Drivers32\"vidc.CLLC"="cllccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus Lossless Codec Front-End.) -- C:\Windows\System32\cllccodc.dll O52 - TDSD: \Drivers32\"vidc.CUVC"="cuvccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus HQ Codec Front-End.) -- C:\Windows\System32\cuvccodc.dll O52 - TDSD: \Drivers32\"vidc.CDVC"="cdvccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus DV Codec Front-End.) -- C:\Windows\System32\cdvccodc.dll O52 - TDSD: \Drivers32\"vidc.CDVH"="cdvhcodc.dll" . (.Thomson Canopus Co., Ltd. - DVCPRO HD Codec Front-End.) -- C:\Windows\System32\cdvhcodc.dll O52 - TDSD: \Drivers32\"vidc.CMIC"="cmiccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus MPEG2-Intra Codec Front-End.) -- C:\Windows\System32\cmiccodc.dll O52 - TDSD: \Drivers32\"vidc.CHQX"="chqxcodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus HQX Codec Front-End.) -- C:\Windows\System32\chqxcodc.dll O52 - TDSD: \Drivers32\"vidc.C210"="c210codc.dll" . (.Thomson Canopus Co., Ltd. - Canopus C210 Codec Front-End.) -- C:\Windows\System32\c210codc.dll O52 - TDSD: \drivers.desc\"cdv5codc.dll"="DVCPRO50 Codec" . (.Thomson Canopus Co., Ltd. - DVCPRO 50 Codec Front-End.) -- C:\Windows\System32\cdv5codc.dll O52 - TDSD: \drivers.desc\"cllccodc.dll"="Canopus Lossles Codec" . (.Thomson Canopus Co., Ltd. - Canopus Lossless Codec Front-End.) -- C:\Windows\System32\cllccodc.dll O52 - TDSD: \drivers.desc\"cuvccodc.dll"="Canopus HQ Codec" . (.Thomson Canopus Co., Ltd. - Canopus HQ Codec Front-End.) -- C:\Windows\System32\cuvccodc.dll O52 - TDSD: \drivers.desc\"cdvccodc.dll"="Canopus DV Codec" . (.Thomson Canopus Co., Ltd. - Canopus DV Codec Front-End.) -- C:\Windows\System32\cdvccodc.dll O52 - TDSD: \drivers.desc\"cdvhcodc.dll"="DVCPRO HD Codec" . (.Thomson Canopus Co., Ltd. - DVCPRO HD Codec Front-End.) -- C:\Windows\System32\cdvhcodc.dll O52 - TDSD: \drivers.desc\"cmiccodc.dll"="Canopus MPEG2-Intra Codec" . (.Thomson Canopus Co., Ltd. - Canopus MPEG2-Intra Codec Front-End.) -- C:\Windows\System32\cmiccodc.dll O52 - TDSD: \drivers.desc\"chqxcodc.dll"="Canopus HQX Codec" . (.Thomson Canopus Co., Ltd. - Canopus HQX Codec Front-End.) -- C:\Windows\System32\chqxcodc.dll O52 - TDSD: \drivers.desc\"c210codc.dll"="Canopus C210 Codec" . (.Thomson Canopus Co., Ltd. - Canopus C210 Codec Front-End.) -- C:\Windows\System32\c210codc.dll ~ TDSD: 19 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.47E6301D245AB061B9853B90A46AE55A] - 26/12/2011 - 14:27:22 ---A- . (...) -- C:\Windows\System32\ampa.sys [12728] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 15/06/2013 - 17:41:44 ---A- C:\Users\RJ\Downloads\UpdateMyDrivers.exe [625784] O61 - LFC: 15/06/2013 - 17:43:20 ---A- C:\Users\RJ\AppData\Roaming\Babylon\log_file.txt [33435] =>Toolbar.Babylon O61 - LFC: 15/06/2013 - 17:46:08 ---A- C:\Users\RJ\Downloads\Express_Installer.exe [896296] O61 - LFC: 15/06/2013 - 17:47:35 ---A- C:\Users\RJ\AppData\Roaming\eIntaller\138BAF563E5B4330AA0EDB2EB79660F1\eXQ.exe [718392] O61 - LFC: 15/06/2013 - 17:47:37 ---A- C:\Users\RJ\AppData\Roaming\eIntaller\138BAF563E5B4330AA0EDB2EB79660F1\eGdpSvc.exe [360512] O61 - LFC: 15/06/2013 - 17:47:54 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\accelerate [0] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:54 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\firstrun [0] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\desk_bkg_list.xml [1434] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote.xml [5926] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\337.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\GameCenter.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\barbie.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\google.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\mario.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\twitter.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\v9.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\youtube.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\firefox_fe2bcde9913d7453ceb971292c1b4eb5.ico [295606] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\iexplore_650873050cc7c9b2baabda6f23290be5.ico [82151] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\sysicons\imageres.dll_104.ico [99567] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\desk_list.xml [3472] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\chrome_94eed6fc6a998cc6b2d0611ab1a3b555.ico [55773] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\sysicons\shell32.dll_21.ico [29926] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:16 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:17 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\1\angrybirds.db [994] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:18 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\3\BigFarm.db [890] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:18 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico [82726] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:20 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\4\Empire.db [872] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:20 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\4\Empire.ico [82726] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:21 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\35\Gmail.ico [13262] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:22 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\35\Gmail.db [778] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:23 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\39\ESPN.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:24 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\39\ESPN.db [920] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:24 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:25 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\41\gcalendar.db [858] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:26 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\42\pulse.db [764] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:26 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\42\pulse.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:28 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:28 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:29 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico [15086] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:30 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:31 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:31 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico [13942] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:48:44 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe [10434864] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:50:13 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\process_mgr.xml [220] =>Hijacker.22Find O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml [634] O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml [1449] O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml [5568] O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\main [10] O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml [334] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe [151736] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\ebase.dll [643256] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\libpng.dll [181944] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\msvcp100.dll [421048] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\msvcr100.dll [773816] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll [1323704] O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\plusapp.exe [399544] ~ 114 Fichiers temporaires (Temporary files) ~ Files: 528 Legitimates Filtered in 03mn 03s ---\\ Alternate Data Stream File (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\cyggcc_s-1.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\cygwin1.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\js32.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\libeay32.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\libssl32.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\mediainfo.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr70.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr90.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Newtonsoft.Json.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\plc4.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\plds4.dll:Zone.Identifier O62 - ADS:Alternate Data Stream File - C:\Windows\System32\xpcom_core.dll:Zone.Identifier ~ ADS: Scanned in 00mn 03s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 26/12/2011 - Pas de propriétaire (ampa) .(...) - LEGACY_AMPA ~ Legacy: 87 Legitimates Filtered in 00mn 01s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6 O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6 O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.dfltLng", "fr"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.ffxUnstlRst", true); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.id", "d4dc7b88000000000000001302e0f4a1"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.instlDay", "15871"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsn", "1.8.21.5"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsnTs", "1.8.21.518:43:13"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsni", "1.8.21.5"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.babExt", ""); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.babTrack", "affID=121845&tt=120613_adn"); O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.srcExt", "ss"); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6 O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {8124EBEF-7167-465E-AA26-00A2EB434907} - (Protection ZoneAlarm Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {842E4332-A0F1-42AC-B88D-3882B166B220} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (Search) - http://search.fbdownloader.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) E:\Docum\Docum RJL\Telechargements\WeTransfer-8tEEpCQH\keygen.exe ~ Files: Scanned in 03mn 52s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.38A9142BA7B74DB9A68B3691C970BD89] [SPRF][19/05/2013] (...) -- C:\Users\RJ\AppData\Local\Temp\ginstall.dll [55296] [MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\RJ\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104] [MD5.E2DDF0C517A4547D39D25CE4EC8C5536] [SPRF][09/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\RJ\AppData\Local\Temp\uninst1.exe [395848] =>Toolbar.Babylon [MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][26/05/2013] (...) -- C:\Users\RJ\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790] [MD5.EACFDDEF9C267B2922CBA7E1DF4503C3] [SPRF][07/02/2012] (.Microsoft Corporation - Pas de description.) -- C:\Users\RJ\Desktop\PowerPointViewer.exe [63347104] ~ Files: Scanned in 00mn 03s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{DB7A9DDB-F29C-4438-9E9B-20F966921849}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\ZoneLabs\vsmon.exe (.not file.) O87 - FAEL: "{54B452EF-FAC9-4073-AF0D-D6436C208625}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\ZoneLabs\vsmon.exe (.not file.) O87 - FAEL: "{3356EDAF-BA1C-4B60-BB0C-93960A2905C6}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{DBEA3323-DA63-493D-9197-F01E29B278D5}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{B5700C68-D6F1-403B-BB2E-4FE2578F7D90}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{3B9FB57E-C7F7-4218-9B07-47716A4A158F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{2452BE0F-90B5-4ACE-88B6-D84DCBBDF0E6}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Tidy Favorites\tidyfavorites.exe (.not file.) O87 - FAEL: "{FAFF4FD0-E6FB-4A5F-AC33-0B46D9BE40AD}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{7283D4E8-34BD-4EB4-B294-7B17C859CBA7}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{F311DB99-F83F-47C0-9EAD-9BC29413A95C}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{A8C86D31-74BE-4905-AC74-F1832F9D6D15}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "TCP Query User{41B90C8F-63A7-499B-B35B-0F9A3696F118}C:\program files\netintellgames\net spite and malice 6\spite.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\netintellgames\net spite and malice 6\spite.exe (.not file.) O87 - FAEL: "UDP Query User{C534A862-5822-42D9-9363-3442B2CBD614}C:\program files\netintellgames\net spite and malice 6\spite.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\netintellgames\net spite and malice 6\spite.exe (.not file.) ~ Firewall: 222 Legitimates Filtered in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : v2.12472 - (13/06/2013) Clés trouvées (Keys found) : 245 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 24 Fichiers trouvés (Files found) : 5 [HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch [HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent [HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_FR Toolbar] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\default tab] =>Adware.IMBooster [HKCU\Software\lollipop] =>Adware.Lollipop [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\MediaFinder] =>PUP.MediaFinder [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox [HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{5D4E6FF7-385A-47A3-9E4D-B6A4D9DAAB75}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D4E6FF7-385A-47A3-9E4D-B6A4D9DAAB75}] =>Toolbar.Agent [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder [HKLM\Software\Classes\gencrawler_gc.GenCrawler] =>PUP.MediaFinder [HKCU\Software\Classes\MF] =>PUP.MediaFinder [HKLM\Software\Classes\MF] =>PUP.MediaFinder [HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKCU\Software\Protector] =>PUP.AdvancedSystemProtector [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\qvo6Software] =>Hijacker.Qvo6 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl] =>PUP.eSafeSecurity [HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar] =>Toolbar.ZoneAlarm [HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito [HKLM\SYSTEM\CurrentControlSet\Services\eSafeSvc] =>PUP.eSafeSecurity [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity [HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar.CT2481024] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT2613520] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Media Finder =>PUP.MediaFinder C:\Program Files\Ashampoo_FR =>Toolbar.Agent C:\Program Files\Desk 365 =>Hijacker.22find C:\Program Files\Common Files\337 =>Hijacker.22find C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\BrowserDefender =>Hijacker.Eazel C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder =>PUP.MediaFinder C:\Users\RJ\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\RJ\AppData\Roaming\media finder =>PUP.MediaFinder C:\Users\RJ\AppData\Roaming\OfferBox =>PUP.OfferBox C:\Users\RJ\AppData\Roaming\DataMgr =>PUP.Datamngr C:\Users\RJ\AppData\Roaming\Desk 365 =>Hijacker.22find C:\Users\RJ\AppData\Roaming\337 =>Hijacker.22find C:\Users\RJ\AppData\Roaming\eIntaller =>PUP.eSafeSecurity C:\Users\RJ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder C:\Users\RJ\AppData\Local\lollipop =>Adware.Lollipop C:\Users\RJ\AppData\Local\SwvUpdater =>PUP.Software.Updater C:\Users\RJ\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\RJ\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\RJ\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\RJ\AppData\LocalLow\Ashampoo_FR =>Toolbar.Agent C:\Users\RJ\AppData\Local\Temp\Desk365 =>Hijacker.22find C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\Extensions\ffxtlbr@delta.com =>PUP.Funmoods C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\bprotector_extensions.sqlite =>PUP.BProtector C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\bprotector_prefs.js =>PUP.BProtector C:\Users\RJ\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon C:\Windows\KMService.exe =>Hijacker.Windows ~ Additionnel Scan: 232365 Items scanned in 01mn 01s ---\\ Product Upgrade Codes (O90) O90 - PUC: "03FF5588EC911BC46A45783B3896CC1E" . (.orlogix RecordNow DX.) -- C:\Windows\Installer\{8855FF30-19CE-4CB1-A654-87B38369CCE1}\MyCDPro.exe O90 - PUC: "D6847F355B14711498418AB5D0DBCD70" . (.Sound Organizer.) -- C:\Windows\Installer\{53F7486D-41B5-4117-8914-A85B0DBDDC07}\ARPPRODUCTICON.exe ~ Update Products: 55 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\f28a8ab36ee449\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\f28a8ab36ee449\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" [HKCU\Software\f28a8ab36ee449] =>Toolbar.Babylon^ [HKCU\Software\f28a8ab36ee449]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:INSTALL_FOLDER_NAME="BrowserDefender" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKCU\Software\f28a8ab36ee449]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKCU\Software\f28a8ab36ee449]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:PROTECTOR_DLL_NAME="BrowserDefender.dll" [HKCU\Software\f28a8ab36ee449]:PROTECT_EXE_NAME="BrowserDefender.exe" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\f28a8ab36ee449]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\f28a8ab36ee449]:SERVICE_NAME="BrowserDefendert" [HKCU\Software\f28a8ab36ee449]:usrcheckbox="1" [HKCU\Software\f28a8ab36ee449]:version="2.6.1339.144" [HKLM\Software\f28a8ab36ee449]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:INSTALL_FOLDER_NAME="BrowserDefender" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKLM\Software\f28a8ab36ee449]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKLM\Software\f28a8ab36ee449]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:PROTECTOR_DLL_NAME="BrowserDefender.dll" [HKLM\Software\f28a8ab36ee449]:PROTECT_EXE_NAME="BrowserDefender.exe" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\f28a8ab36ee449]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\f28a8ab36ee449]:SERVICE_NAME="BrowserDefendert" [HKLM\Software\f28a8ab36ee449]:usrcheckbox="1" [HKLM\Software\f28a8ab36ee449]:version="2.6.1339.144" ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2827728 | (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe SR - | Auto 15/06/2013 360512 | (eSafeSvc) . (.eSafe Security Co., Ltd..) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity SS - | Auto 11/12/2007 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SS - | Demand 12/02/2010 1574408 | (GenericMount Helper Service) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe SS - | Auto 09/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 09/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 12/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe SS - | Demand 26/09/2007 2999664 | C:\Program Files\Symantec\LIVEUP~1\LUCOMS~1.exe (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.exe SR - | Auto 03/03/2010 4590432 | (Norton Ghost) . (.Symantec Corporation.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe SR - | Auto 06/03/2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 15/06/2013 424104 | (omigaplussvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\Omiga Plus\omigaplusSvc.exe SS - | Demand 08/11/2012 174176 | (PACSPTISVR-Sound_Organizer) . (.Sony Corporation.) - C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Demand 21/09/2009 1964528 | (SymSnapService) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe SS - | Demand 0 | (wampapache) . (...) - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe SS - | Demand 0 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 15/06/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by RJ at 16/06/2013 09:38:03 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll vsmraid.sys dxgkrnl.sys nvlddmkm.sys ndis.sys intelppm.sys tunnel.sys rassstp.sys Rt86win7.sys pacer.sys tcpip.sys NETIO.SYS tdx.sys afd.sys netw5v32.sys C:\Windows\system32\drivers\vsmraid.sys VIA Technologies Inc.,Ltd VIA RAID driver C:\Windows\system32\DRIVERS\nvlddmkm.sys NVIDIA Corporation NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67 ~ MBR: 10 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by RJ at 16/06/2013 09:38:05 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1819 Legitimates filtered by white list End of the scan (1412 lines in 11mn 42s)(1)