Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.13.18 par Nicolas Coolman, Update du 13/06/2013
Run by RJ at 16/06/2013 09:26:22
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.110
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Windows Defender W7
---\\ System Optimizer
CCleaner v3.21 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (51% free)
System Restore: Activ� (Enable)
System drive C: has 6 GB (17%) free of 33 GB
---\\ Logged in mode
~ Computer Name: RJ-PC
~ User Name: RJ
~ All Users Names: RJ, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\RJ\AppData\Roaming\
~ %Desktop% : C:\Users\RJ\Desktop\
~ %Favorites% : C:\Users\RJ\Favorites\
~ %LocalAppData% : C:\Users\RJ\AppData\Local\
~ %StartMenu% : C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 33 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 37 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 22 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 20 Go)
G:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 2/4
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/16
~ Mon Bureau (My Desktop) : 1/51
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lanc�s
[MD5.013A330F16B1CECBDE5CB6F921689523] - (...) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728] [PID.2012]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1236]
[MD5.3CA0930370D5D5D40CD261074DA3438E] - (.Symantec Corporation - Tray Application.) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe [2598760] [PID.2980]
[MD5.EE07CB7CAFF4EE1F249BA69F1A98C90B] - (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe [1309352] [PID.3132]
[MD5.090956557CC68D25C1BCA9A2703A9ABA] - (.brother - brstswnd.) -- C:\Program Files\Brownie\BrStsWnd.exe [3618104] [PID.3196]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3204]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3348]
[MD5.3588AFA5623BB8844F71F271A7A96669] - (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe [634368] [PID.3608]
[MD5.5A56936640ECF4DBC94FDB9A759EDF23] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe [90112] [PID.2932]
[MD5.BCACA78707C8B44F732CCE05918277D3] - (.brother - brcdcmon.) -- C:\Program Files\Brownie\brpjp04a.exe [99632] [PID.1780]
[MD5.19669327968537BA685F5C836180B493] - (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\systray\systrayapp.exe [94208] [PID.3512]
[MD5.66F516A78C1D220FE0F429DF5EF0DE5D] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\Windows\system32\ntvdm.exe [526848] [PID.6020]
[MD5.639B783F5BC546D8D9662881730AFF9B] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310224] [PID.5068]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.5816]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.5088]
[MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.3376]
[MD5.B8DD83B85636F7D6EC0F09B090E49130] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7494656] [PID.5880]
[MD5.E937A615D4289E83E234C3EC26092431] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.6.) -- C:\Windows\system32\nvvsvc.exe [203296] [PID.748]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1472]
[MD5.E536D1CDE3F600F49D606ADED29A50E2] - (.eSafe Security Co., Ltd. - eSafe Security Control 1.0.0.2405.) -- C:\ProgramData\eSafe\eGdpSvc.exe [360512] [PID.1528] =>PUP.eSafeSecurity
[MD5.B7B14723191CB9C319D450E4D0A298A8] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\Omiga Plus\omigaplusSvc.exe [424104] [PID.1628]
[MD5.45569383A11E33BE2348EF65AA3CEB97] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1724]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1968]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\Windows\system32\srvany.exe [8192] [PID.3140]
[MD5.82865FF17BC664C711EFA674759F9991] - (...) -- C:\Windows\KMService.exe [77824] [PID.3308]
[MD5.A1787754952A0B700E386DC7C5FA5726] - (.Symantec Corporation - Service Module.) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4590432] [PID.3356]
[MD5.21FF886E6F679FC1EB352F231E846357] - (.Symantec - Symantec Snapshot Service.) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528] [PID.4800]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2716]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\prefs.js
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\user.js
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\prefs.js
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\user.js
M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\searchplugins\delta.xml
M3 - MFPP: Plugins - [RJ] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [RJ] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6
M0 - MFSP: prefs.js [RJ - 1g6ehhzn.default] http://www.qvo6.com =>Hijacker.Qvo6
M0 - MFSP: prefs.js [RJ - qxio7ndl.default-1361788727015] http://www.qvo6.com =>Hijacker.Qvo6
M2 - MFEP: prefs.js [RJ - 1g6ehhzn.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [RJ - 1g6ehhzn.default\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v1.5.0 (..)
M2 - MFEP: prefs.js [RJ - qxio7ndl.default-1361788727015\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [RJ - qxio7ndl.default-1361788727015\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v1.5.0 (..)
P2 - FPN: [HKLM] [@Diginext.fr/VirtualGeoGP] - (.DIGINEXT - VirtualGeoGP Plugin v3.1.0.1811.) -- C:\Program Files\VirtualGeo3-GP\WebPlugin\Win32\npQtAPI3DPlugin.dll
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 79
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} . (...) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (.not file.)
O2 - BHO: Ashampoo FR - {ba679afc-8ba0-48f4-b8bf-c144e8699fbc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Ashampoo_FR\prxtbAsha.dll =>Toolbar.Conduit
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\RJ\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: barre d'outils Orange - [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} . (.Orange - IE Toolbar Container.) -- C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O3 - Toolbar: Ashampoo FR Toolbar - [HKLM]{ba679afc-8ba0-48f4-b8bf-c144e8699fbc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Ashampoo_FR\prxtbAsha.dll =>Toolbar.Conduit
O3 - Toolbar: IMinent Toolbar - [HKLM]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} . (...) -- C:\Program Files\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster
O3 - Toolbar: ZoneAlarm Security Engine - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (...) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll =>Toolbar.DeltaSearch
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Norton Ghost 15.0] . (.Symantec Corporation - Tray Application.) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
O4 - HKLM\..\Run: [BrStsWnd] . (.brother - brstswnd.) -- C:\Program Files\Brownie\BrstsWnd.exe
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (.not file.)
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [AdobeBridge] Cl� orpheline
O4 - HKCU\..\Run: [MailNotifier] . (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O4 - HKCU\..\Run: [Bubble Dock] C:\Users\RJ\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)
O4 - HKCU\..\Run: [SSync] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SSync\SSync.exe
O4 - HKCU\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\RJ\AppData\Roaming\DataMgr\DataMgr.exe
O4 - HKCU\..\Run: [SCheck] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SCheck\SCheck.exe
O4 - HKCU\..\Run: [Intermediate] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\Intermediate\Intermediate.exe
O4 - HKCU\..\Run: [Omiga Plus] . (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [AdobeBridge] Cl� orpheline
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [MailNotifier] . (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Bubble Dock] C:\Users\RJ\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [SSync] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SSync\SSync.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\RJ\AppData\Roaming\DataMgr\DataMgr.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [SCheck] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SCheck\SCheck.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Intermediate] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\Intermediate\Intermediate.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Omiga Plus] . (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: MWSnap.exe - Raccourci.lnk . (.Mirek Wojtowicz - Pas de description.) -- C:\Program Files\MWSnap\MWSnap.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: ACCES 2010.lnk . (.Microsoft Corporation - Microsoft Access.) -- C:\Program Files\Microsoft Office\Office14\MSACCESS.exe
O4 - GS\Desktop: AcroRd32.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
O4 - GS\Desktop: AOMEI Partition Assistant Home Edition 5.0.lnk . (.AOMEI Technology Co., Ltd - AOMEI Partition Assistant.) -- C:\Program Files\AOMEI Partition Assistant Home Edition 5.0\PartAssist.exe
O4 - GS\Desktop: ArchiFacile.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\ArchiFacile.exe
O4 - GS\Desktop: Ashampoo Photo Commander 9.lnk . (.ashampoo GmbH & Co. KG - Ashampoo Photo Commander 9.) -- C:\Program Files\Ashampoo\Ashampoo Photo Commander 9\apc.exe
O4 - GS\Desktop: Audacity 1.3 Beta (Unicode).lnk . (.The Audacity Team - Audacity�, the Free, Cross-Platform Sound E.) -- C:\Program Files\Audacity 1.3 Beta (Unicode)\audacity.exe
O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - GS\Desktop: Captvty.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\CapTVty\Captvty.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: Chess.lnk . (.Microsoft Corporation - Fichier ex�cutable du jeu Chess Titans.) -- C:\Program Files\Microsoft Games\Chess\Chess.exe
O4 - GS\Desktop: CRAPETTE.lnk . (...) -- C:\Program Files\Crapette Jardin Trains 32\CRAPETTE.exe
O4 - GS\Desktop: Defraggler.lnk . (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe
O4 - GS\Desktop: Easy Thumbnails.lnk . (.Fookes Software - Easy Thumbnails.) -- C:\Program Files\Easy Thumbnails\EzThumbs.exe
O4 - GS\Desktop: EDIUS-6.lnk . (.Thomson Canopus Co., Ltd. - EDIUS.) -- C:\Program Files\Grass Valley\EDIUS 6\EDIUS.exe
O4 - GS\Desktop: EPSON Photo Print.lnk . (.SEIKO EPSON CORP. - EPSON Photo Print.) -- C:\Program Files\EPSON\Photo Print\EPPApp.exe
O4 - GS\Desktop: EPSON Smart Panel.lnk . (.NewSoft - SMART PANEL.) -- C:\Program Files\EPSON\Smart Panel\SmaPanel.exe
O4 - GS\Desktop: Exact Audio Copy.lnk . (...) -- C:\Program Files\Exact Audio Copy\EAC.exe
O4 - GS\Desktop: EXCEL 2010.lnk . (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files\Microsoft Office\Office14\EXCEL.exe
O4 - GS\Desktop: FileZilla Client.lnk . (.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files\FileZilla FTP Client\filezilla.exe
O4 - GS\Desktop: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Desktop: Free MP3 Sound Recorder.lnk . (...) -- C:\Program Files\Free MP3 Sound Recorder\mp3recorder.exe
O4 - GS\Desktop: Free Video to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - Free All Converter.) -- C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\FreeVideoToMP3Converter.exe
O4 - GS\Desktop: Free YouTube Download.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeDownload.) -- C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Desktop: Guide Edius 6.lnk . (...) -- E:\Docum\Docum RJL\Video-Edius\Guide Edius 6.pdf
O4 - GS\Desktop: HxD.lnk . (.Ma�l H�rz - HxD Hex Editor.) -- C:\Program Files\HxD\HxD.exe
O4 - GS\Desktop: Jeux.lnk . (...) -- E:\Docum\Docum RJL\Games
O4 - GS\Desktop: LaBoiteACouleurs.lnk . (.Benjamin Chartier - Color conversion tool.) -- C:\Program Files\LaBoiteACouleurs\LaBoiteACouleurs.exe
O4 - GS\Desktop: Mahjong.lnk - Cl� orpheline
O4 - GS\Desktop: MWSnap.lnk . (.Mirek Wojtowicz - Pas de description.) -- C:\Program Files\MWSnap\MWSnap.exe
O4 - GS\Desktop: MyCDPro.lnk . (.VERITAS Software Corp. - CD/DVD Mastering Application.) -- C:\Program Files\orlogix\RecordNow DX\MyCDPro.exe
O4 - GS\Desktop: Notepad++.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - GS\Desktop: Pamus MP3 Recorder.lnk . (.PapierMusique - MP3 Recorder.) -- C:\Program Files\Pamus MP3 Recorder\PaMus MP3 Recorder.exe
O4 - GS\Desktop: Photoshop.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - GS\Desktop: POWERPNT 2010.lnk . (.Microsoft Corporation - Microsoft PowerPoint.) -- C:\Program Files\Microsoft Office\Office14\POWERPNT.exe
O4 - GS\Desktop: Print Management.lnk . (...) -- C:\Windows\system32\printmanagement.msc
O4 - GS\Desktop: scLive.lnk . (...) -- C:\Program Files\SClive\scLive.exe
O4 - GS\Desktop: Solitaire.lnk - Cl� orpheline
O4 - GS\Desktop: SONY Sound Organizer.lnk . (.Sony Corporation - Sound Organizer.) -- C:\Program Files\Sony\Sound Organizer\SoundOrganizer.exe
O4 - GS\Desktop: thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\Desktop: TomTom Via-120.pdf.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\52688-tomtom-via-120.pdf
O4 - GS\Desktop: VLC media player.lnk . (.VideoLAN - VLC media player 2.0.5.) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - GS\Desktop: VProConsole.lnk . (.Symantec Corporation - Norton Ghost VProConsole.) -- C:\Program Files\Norton Ghost\Console\VProConsole.exe
O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Desktop: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Desktop: WORD 2010.lnk . (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe
O4 - GS\Desktop: YouTube To MP3 Converter.lnk . (.Sofonica Ltd. - YouTube to MP3 Converter.) -- C:\Program Files\YouTube To MP3 Converter\youtubeconv.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: Notes &li�es OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.fr
O15 - Trusted Zone: [HKCU\...\Domains] http.localhost
O15 - Trusted Zone: [HKLM\...\Domains] http.geoportail.fr
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrowserDefendert (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe
O23 - Service: Omiga plus service (omigaplussvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\Omiga Plus\omigaplusSvc.exe
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe
~ Services: 11 Legitimates Filtered in 00mn 37s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\RJ\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.EE07CB7CAFF4EE1F249BA69F1A98C90B] [APT] [Omiga Plus RunAsStdUser] (.Taiwan Shui Mu Chih Ching Technology Limite.) -- C:\Program Files\Omiga Plus\omigaplus.exe [1309352]
[MD5.00000000000000000000000000000000] [APT] [{37114CA2-85B2-4ABF-90ED-D102F9C29872}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7A76360-7791-4879-ACF4-909EFF1B4DCD}] (...) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 06s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (cdrblock) . (.Canopus Co,. Ltd. - CD-ROM Block Filter Driver.) - C:\Windows\System32\DRIVERS\cdrblock.sys
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
O42 - Logiciel: Copy Utility - (...) [HKLM] -- Copy Utility
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta
O42 - Logiciel: EDIUS 6.01 - (.Thomson Canopus Co., Ltd..) [HKLM] -- {B91A1230-C199-421e-8F63-7235731D925E}
O42 - Logiciel: Free MP3 Sound Recorder v1.9 - (.Nbxsoft Inc..) [HKLM] -- Free MP3 Sound Recorder_is1
O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}
O42 - Logiciel: eSafe Security Control 1.0.0.2405 - (.eSafe Security Co., Ltd..) [HKLM] -- eSafeSecControl =>PUP.eSafeSecurity
~ Logic: 92 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Default Tab] =>Adware.Bandoo
[HKCU\Software\Delta]
[HKCU\Software\FSR]
[HKCU\Software\Filesland]
[HKCU\Software\GoforFiles] =>P2P.GoforFiles
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\NetIntellGames]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito
[HKCU\Software\PicturesToExe_RegType]
[HKCU\Software\Protector]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WaterProof]
[HKCU\Software\f28a8ab36ee449]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\GoforFiles] =>P2P.GoforFiles
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Pocket Soft]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\V9]
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
[HKLM\Software\deskSvc]
[HKLM\Software\f28a8ab36ee449]
~ Key Software: 236 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/12/2011 - 01:23:10 - [0,925] ----D C:\Program Files\CodecOption
O43 - CFD: 15/06/2013 - 18:43:10 - [2,342] ----D C:\Program Files\Delta
O43 - CFD: 15/06/2013 - 18:50:17 - [0,008] ----D C:\Program Files\Desk 365 =>Hijacker.22Find
O43 - CFD: 15/03/2013 - 23:03:57 - [2,267] ----D C:\Program Files\Free MP3 Sound Recorder
O43 - CFD: 29/01/2013 - 17:40:10 - [4,444] ----D C:\Program Files\GoforFiles =>P2P.GoforFiles
O43 - CFD: 09/12/2011 - 01:20:04 - [266,476] ----D C:\Program Files\Grass Valley
O43 - CFD: 11/12/2011 - 23:27:02 - [7,973] ----D C:\Program Files\orlogix
O43 - CFD: 01/01/2012 - 11:30:43 - [1,465] ----D C:\Program Files\SClive
O43 - CFD: 24/02/2013 - 22:14:20 - [6,735] ----D C:\Program Files\YouTube To MP3 Converter
O43 - CFD: 15/06/2013 - 18:48:51 - [33,331] ----D C:\Program Files\Common Files\337
O43 - CFD: 19/05/2013 - 16:45:06 - [1,742] ----D C:\Program Files\Common Files\NetIntellGames Shared
O43 - CFD: 05/01/2013 - 17:34:06 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 03/08/2012 - 17:10:04 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 15/06/2013 - 18:43:14 - [7,883] ----D C:\ProgramData\BrowserDefender
O43 - CFD: 16/06/2013 - 08:48:55 - [0,688] ----D C:\ProgramData\eSafe
O43 - CFD: 28/01/2012 - 12:03:15 - [0,004] ----D C:\ProgramData\FE8
O43 - CFD: 29/01/2013 - 17:43:56 - [1,194] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 15/06/2013 - 18:50:41 - [3,727] ----D C:\Users\RJ\AppData\Roaming\337
O43 - CFD: 03/08/2012 - 17:10:04 - [0,032] ----D C:\Users\RJ\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 05/04/2013 - 09:23:21 - [0,161] ----D C:\Users\RJ\AppData\Roaming\DataMgr
O43 - CFD: 15/06/2013 - 18:43:08 - [0,259] ----D C:\Users\RJ\AppData\Roaming\Delta
O43 - CFD: 15/06/2013 - 18:48:15 - [14,314] ----D C:\Users\RJ\AppData\Roaming\Desk 365 =>Hijacker.22Find
O43 - CFD: 15/06/2013 - 18:47:32 - [5,183] ----D C:\Users\RJ\AppData\Roaming\eIntaller
O43 - CFD: 25/02/2013 - 11:50:57 - [0,487] ----D C:\Users\RJ\AppData\Roaming\FBDownloader
O43 - CFD: 29/01/2013 - 17:01:38 - [0,001] ----D C:\Users\RJ\AppData\Roaming\GoforFiles =>P2P.GoforFiles
O43 - CFD: 29/01/2013 - 17:46:38 - [0,430] ----D C:\Users\RJ\AppData\Roaming\Media Finder =>PUP.MediaFinder
O43 - CFD: 03/08/2012 - 17:11:28 - [0,333] ----D C:\Users\RJ\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 13/07/2012 - 14:56:58 - [0,041] ----D C:\Users\RJ\AppData\Roaming\WaterProof
O43 - CFD: 29/01/2013 - 17:42:51 - [0] ----D C:\Users\RJ\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 29/01/2013 - 17:46:20 - [0,000] ----D C:\Users\RJ\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 15/06/2013 - 18:43:18 - [0,001] ----D C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
~ Program Folder: 224 Legitimates Filtered in 00mn 57s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.8695F75799F314AEFD4922C73B257E30] - 16/06/2013 - 07:47:33 ---A- . (...) -- C:\Windows\Brownie.ini [409]
O44 - LFC:[MD5.1574DD9D409F2DC45CF82C22B99164A4] - 15/06/2013 - 17:48:55 ---A- . (...) -- C:\Windows\System32\pdfcmnnt.dll [116224]
O44 - LFC:[MD5.F07BF02D664F0255C2B3AB6C29AA2F21] - 12/06/2013 - 08:45:37 ---A- . (.France Telecom SA - Pas de description.) -- C:\Windows\System32\Autodial2000.dll [65536]
~ Files: 50 Legitimates Filtered in 01mn 08s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.ECA9340BB8C97BA32C8B6838FF8A85E4] - 15/06/2013 - 19:34:37 ---A- - C:\Windows\Prefetch\WLUA.EXE-0665EF61.pf
O45 - LFCP:[MD5.DAC5CBA8353E599930200E875C81B760] - 15/06/2013 - 20:47:25 ---A- - C:\Windows\Prefetch\SMAPANEL.EXE-A340B69D.pf
O45 - LFCP:[MD5.8E60AA9A2E27FADE920989A6D85F2FE8] - 15/06/2013 - 21:43:50 ---A- - C:\Windows\Prefetch\FILE.EXE-BB20D208.pf
O45 - LFCP:[MD5.5AE9CF831F7E292F8323C041D3D3A623] - 15/06/2013 - 22:07:01 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-399F8FF5.pf
O45 - LFCP:[MD5.DCF2E7E0D07A6E0BCCB23689763CA01E] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\BRSTSWND.EXE-CC8AAC01.pf
O45 - LFCP:[MD5.87747E3FF6306787F08FC60EC3296E81] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\KMSERVICE.EXE-9D935429.pf
O45 - LFCP:[MD5.6BDE73D07254E3344D91469EF8C0BF0A] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\SESSIONMANAGER.EXE-C0ABC68C.pf
O45 - LFCP:[MD5.5B8C47A6393D87010D187DDAB360C8C6] - 16/06/2013 - 07:48:55 ---A- - C:\Windows\Prefetch\SYMSNAPSERVICE.EXE-41354E93.pf
O45 - LFCP:[MD5.837D965CEFA98E2ABA4D0FD14299C6D7] - 16/06/2013 - 08:15:36 ---A- - C:\Windows\Prefetch\PLUSAPP.EXE-CCBBCB0A.pf
O45 - LFCP:[MD5.FC56689245E7CD2C6D81750C2C78F04C] - 16/06/2013 - 08:15:56 ---A- - C:\Windows\Prefetch\DUP.EXE-EB7BFB9D.pf
~ Prefetcher: 96 Legitimates Filtered in 00mn 01s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{47efdbbd-3864-11e1-bd04-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.)
O51 - MPSK:{88753e5b-a24d-11e1-8fe6-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.)
O51 - MPSK:{88753e80-a24d-11e1-8fe6-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.CDV5"="cdv5codc.dll" . (.Thomson Canopus Co., Ltd. - DVCPRO 50 Codec Front-End.) -- C:\Windows\System32\cdv5codc.dll
O52 - TDSD: \Drivers32\"vidc.CLLC"="cllccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus Lossless Codec Front-End.) -- C:\Windows\System32\cllccodc.dll
O52 - TDSD: \Drivers32\"vidc.CUVC"="cuvccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus HQ Codec Front-End.) -- C:\Windows\System32\cuvccodc.dll
O52 - TDSD: \Drivers32\"vidc.CDVC"="cdvccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus DV Codec Front-End.) -- C:\Windows\System32\cdvccodc.dll
O52 - TDSD: \Drivers32\"vidc.CDVH"="cdvhcodc.dll" . (.Thomson Canopus Co., Ltd. - DVCPRO HD Codec Front-End.) -- C:\Windows\System32\cdvhcodc.dll
O52 - TDSD: \Drivers32\"vidc.CMIC"="cmiccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus MPEG2-Intra Codec Front-End.) -- C:\Windows\System32\cmiccodc.dll
O52 - TDSD: \Drivers32\"vidc.CHQX"="chqxcodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus HQX Codec Front-End.) -- C:\Windows\System32\chqxcodc.dll
O52 - TDSD: \Drivers32\"vidc.C210"="c210codc.dll" . (.Thomson Canopus Co., Ltd. - Canopus C210 Codec Front-End.) -- C:\Windows\System32\c210codc.dll
O52 - TDSD: \drivers.desc\"cdv5codc.dll"="DVCPRO50 Codec" . (.Thomson Canopus Co., Ltd. - DVCPRO 50 Codec Front-End.) -- C:\Windows\System32\cdv5codc.dll
O52 - TDSD: \drivers.desc\"cllccodc.dll"="Canopus Lossles Codec" . (.Thomson Canopus Co., Ltd. - Canopus Lossless Codec Front-End.) -- C:\Windows\System32\cllccodc.dll
O52 - TDSD: \drivers.desc\"cuvccodc.dll"="Canopus HQ Codec" . (.Thomson Canopus Co., Ltd. - Canopus HQ Codec Front-End.) -- C:\Windows\System32\cuvccodc.dll
O52 - TDSD: \drivers.desc\"cdvccodc.dll"="Canopus DV Codec" . (.Thomson Canopus Co., Ltd. - Canopus DV Codec Front-End.) -- C:\Windows\System32\cdvccodc.dll
O52 - TDSD: \drivers.desc\"cdvhcodc.dll"="DVCPRO HD Codec" . (.Thomson Canopus Co., Ltd. - DVCPRO HD Codec Front-End.) -- C:\Windows\System32\cdvhcodc.dll
O52 - TDSD: \drivers.desc\"cmiccodc.dll"="Canopus MPEG2-Intra Codec" . (.Thomson Canopus Co., Ltd. - Canopus MPEG2-Intra Codec Front-End.) -- C:\Windows\System32\cmiccodc.dll
O52 - TDSD: \drivers.desc\"chqxcodc.dll"="Canopus HQX Codec" . (.Thomson Canopus Co., Ltd. - Canopus HQX Codec Front-End.) -- C:\Windows\System32\chqxcodc.dll
O52 - TDSD: \drivers.desc\"c210codc.dll"="Canopus C210 Codec" . (.Thomson Canopus Co., Ltd. - Canopus C210 Codec Front-End.) -- C:\Windows\System32\c210codc.dll
~ TDSD: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.47E6301D245AB061B9853B90A46AE55A] - 26/12/2011 - 14:27:22 ---A- . (...) -- C:\Windows\System32\ampa.sys [12728]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 15/06/2013 - 17:41:44 ---A- C:\Users\RJ\Downloads\UpdateMyDrivers.exe [625784]
O61 - LFC: 15/06/2013 - 17:43:20 ---A- C:\Users\RJ\AppData\Roaming\Babylon\log_file.txt [33435] =>Toolbar.Babylon
O61 - LFC: 15/06/2013 - 17:46:08 ---A- C:\Users\RJ\Downloads\Express_Installer.exe [896296]
O61 - LFC: 15/06/2013 - 17:47:35 ---A- C:\Users\RJ\AppData\Roaming\eIntaller\138BAF563E5B4330AA0EDB2EB79660F1\eXQ.exe [718392]
O61 - LFC: 15/06/2013 - 17:47:37 ---A- C:\Users\RJ\AppData\Roaming\eIntaller\138BAF563E5B4330AA0EDB2EB79660F1\eGdpSvc.exe [360512]
O61 - LFC: 15/06/2013 - 17:47:54 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\accelerate [0] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:54 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\firstrun [0] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\desk_bkg_list.xml [1434] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote.xml [5926] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\337.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\GameCenter.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\barbie.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\google.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\mario.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\twitter.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\v9.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\youtube.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\firefox_fe2bcde9913d7453ceb971292c1b4eb5.ico [295606] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\iexplore_650873050cc7c9b2baabda6f23290be5.ico [82151] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\sysicons\imageres.dll_104.ico [99567] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\desk_list.xml [3472] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\chrome_94eed6fc6a998cc6b2d0611ab1a3b555.ico [55773] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\sysicons\shell32.dll_21.ico [29926] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:16 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:17 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\1\angrybirds.db [994] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:18 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\3\BigFarm.db [890] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:18 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico [82726] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:20 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\4\Empire.db [872] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:20 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\4\Empire.ico [82726] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:21 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\35\Gmail.ico [13262] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:22 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\35\Gmail.db [778] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:23 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\39\ESPN.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:24 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\39\ESPN.db [920] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:24 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:25 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\41\gcalendar.db [858] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:26 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\42\pulse.db [764] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:26 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\42\pulse.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:28 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:28 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:29 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:30 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:31 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:31 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:44 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe [10434864] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:50:13 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\process_mgr.xml [220] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml [634]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml [1449]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml [5568]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\main [10]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml [334]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe [151736]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\ebase.dll [643256]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\libpng.dll [181944]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\msvcp100.dll [421048]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\msvcr100.dll [773816]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll [1323704]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\plusapp.exe [399544]
~ 114 Fichiers temporaires (Temporary files)
~ Files: 528 Legitimates Filtered in 03mn 03s
---\\ Alternate Data Stream File (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\cyggcc_s-1.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\cygwin1.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\js32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\libeay32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\libssl32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\mediainfo.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr70.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr90.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Newtonsoft.Json.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\plc4.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\plds4.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\xpcom_core.dll:Zone.Identifier
~ ADS: Scanned in 00mn 03s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 26/12/2011 - Pas de propri�taire (ampa) .(...) - LEGACY_AMPA
~ Legacy: 87 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.id", "d4dc7b88000000000000001302e0f4a1");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.instlDay", "15871");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsnTs", "1.8.21.518:43:13");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.babTrack", "affID=121845&tt=120613_adn");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {8124EBEF-7167-465E-AA26-00A2EB434907} - (Protection ZoneAlarm Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {842E4332-A0F1-42AC-B88D-3882B166B220} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (Search) - http://search.fbdownloader.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
E:\Docum\Docum RJL\Telechargements\WeTransfer-8tEEpCQH\keygen.exe
~ Files: Scanned in 03mn 52s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.38A9142BA7B74DB9A68B3691C970BD89] [SPRF][19/05/2013] (...) -- C:\Users\RJ\AppData\Local\Temp\ginstall.dll [55296]
[MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\RJ\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104]
[MD5.E2DDF0C517A4547D39D25CE4EC8C5536] [SPRF][09/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\RJ\AppData\Local\Temp\uninst1.exe [395848] =>Toolbar.Babylon
[MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][26/05/2013] (...) -- C:\Users\RJ\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790]
[MD5.EACFDDEF9C267B2922CBA7E1DF4503C3] [SPRF][07/02/2012] (.Microsoft Corporation - Pas de description.) -- C:\Users\RJ\Desktop\PowerPointViewer.exe [63347104]
~ Files: Scanned in 00mn 03s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{DB7A9DDB-F29C-4438-9E9B-20F966921849}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\ZoneLabs\vsmon.exe (.not file.)
O87 - FAEL: "{54B452EF-FAC9-4073-AF0D-D6436C208625}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\ZoneLabs\vsmon.exe (.not file.)
O87 - FAEL: "{3356EDAF-BA1C-4B60-BB0C-93960A2905C6}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{DBEA3323-DA63-493D-9197-F01E29B278D5}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{B5700C68-D6F1-403B-BB2E-4FE2578F7D90}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{3B9FB57E-C7F7-4218-9B07-47716A4A158F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{2452BE0F-90B5-4ACE-88B6-D84DCBBDF0E6}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Tidy Favorites\tidyfavorites.exe (.not file.)
O87 - FAEL: "{FAFF4FD0-E6FB-4A5F-AC33-0B46D9BE40AD}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{7283D4E8-34BD-4EB4-B294-7B17C859CBA7}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{F311DB99-F83F-47C0-9EAD-9BC29413A95C}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{A8C86D31-74BE-4905-AC74-F1832F9D6D15}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "TCP Query User{41B90C8F-63A7-499B-B35B-0F9A3696F118}C:\program files\netintellgames\net spite and malice 6\spite.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\netintellgames\net spite and malice 6\spite.exe (.not file.)
O87 - FAEL: "UDP Query User{C534A862-5822-42D9-9363-3442B2CBD614}C:\program files\netintellgames\net spite and malice 6\spite.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\netintellgames\net spite and malice 6\spite.exe (.not file.)
~ Firewall: 222 Legitimates Filtered in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.12472 - (13/06/2013)
Cl�s trouv�es (Keys found) : 245
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 24
Fichiers trouv�s (Files found) : 5
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_FR Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\default tab] =>Adware.IMBooster
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{5D4E6FF7-385A-47A3-9E4D-B6A4D9DAAB75}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D4E6FF7-385A-47A3-9E4D-B6A4D9DAAB75}] =>Toolbar.Agent
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder
[HKLM\Software\Classes\gencrawler_gc.GenCrawler] =>PUP.MediaFinder
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Protector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\qvo6Software] =>Hijacker.Qvo6
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar] =>Toolbar.ZoneAlarm
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito
[HKLM\SYSTEM\CurrentControlSet\Services\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2481024] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2613520] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Media Finder =>PUP.MediaFinder
C:\Program Files\Ashampoo_FR =>Toolbar.Agent
C:\Program Files\Desk 365 =>Hijacker.22find
C:\Program Files\Common Files\337 =>Hijacker.22find
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\BrowserDefender =>Hijacker.Eazel
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder =>PUP.MediaFinder
C:\Users\RJ\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\RJ\AppData\Roaming\media finder =>PUP.MediaFinder
C:\Users\RJ\AppData\Roaming\OfferBox =>PUP.OfferBox
C:\Users\RJ\AppData\Roaming\DataMgr =>PUP.Datamngr
C:\Users\RJ\AppData\Roaming\Desk 365 =>Hijacker.22find
C:\Users\RJ\AppData\Roaming\337 =>Hijacker.22find
C:\Users\RJ\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\RJ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder
C:\Users\RJ\AppData\Local\lollipop =>Adware.Lollipop
C:\Users\RJ\AppData\Local\SwvUpdater =>PUP.Software.Updater
C:\Users\RJ\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\RJ\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\RJ\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\RJ\AppData\LocalLow\Ashampoo_FR =>Toolbar.Agent
C:\Users\RJ\AppData\Local\Temp\Desk365 =>Hijacker.22find
C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\bprotector_prefs.js =>PUP.BProtector
C:\Users\RJ\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Windows\KMService.exe =>Hijacker.Windows
~ Additionnel Scan: 232365 Items scanned in 01mn 01s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "03FF5588EC911BC46A45783B3896CC1E" . (.orlogix RecordNow DX.) -- C:\Windows\Installer\{8855FF30-19CE-4CB1-A654-87B38369CCE1}\MyCDPro.exe
O90 - PUC: "D6847F355B14711498418AB5D0DBCD70" . (.Sound Organizer.) -- C:\Windows\Installer\{53F7486D-41B5-4117-8914-A85B0DBDDC07}\ARPPRODUCTICON.exe
~ Update Products: 55 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\f28a8ab36ee449\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\f28a8ab36ee449\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\f28a8ab36ee449] =>Toolbar.Babylon^
[HKCU\Software\f28a8ab36ee449]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\f28a8ab36ee449]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\f28a8ab36ee449]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKCU\Software\f28a8ab36ee449]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SERVICE_NAME="BrowserDefendert"
[HKCU\Software\f28a8ab36ee449]:usrcheckbox="1"
[HKCU\Software\f28a8ab36ee449]:version="2.6.1339.144"
[HKLM\Software\f28a8ab36ee449]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\f28a8ab36ee449]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\f28a8ab36ee449]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKLM\Software\f28a8ab36ee449]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SERVICE_NAME="BrowserDefendert"
[HKLM\Software\f28a8ab36ee449]:usrcheckbox="1"
[HKLM\Software\f28a8ab36ee449]:version="2.6.1339.144"
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2827728 | (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
SR - | Auto 15/06/2013 360512 | (eSafeSvc) . (.eSafe Security Co., Ltd..) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
SS - | Auto 11/12/2007 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Demand 12/02/2010 1574408 | (GenericMount Helper Service) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
SS - | Auto 09/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Demand 26/09/2007 2999664 | C:\Program Files\Symantec\LIVEUP~1\LUCOMS~1.exe (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.exe
SR - | Auto 03/03/2010 4590432 | (Norton Ghost) . (.Symantec Corporation.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
SR - | Auto 06/03/2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 15/06/2013 424104 | (omigaplussvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\Omiga Plus\omigaplusSvc.exe
SS - | Demand 08/11/2012 174176 | (PACSPTISVR-Sound_Organizer) . (.Sony Corporation.) - C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Demand 21/09/2009 1964528 | (SymSnapService) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
SS - | Demand 0 | (wampapache) . (...) - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
SS - | Demand 0 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 15/06/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by RJ at 16/06/2013 09:38:03
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll vsmraid.sys dxgkrnl.sys nvlddmkm.sys ndis.sys intelppm.sys tunnel.sys rassstp.sys Rt86win7.sys pacer.sys tcpip.sys NETIO.SYS tdx.sys afd.sys netw5v32.sys
C:\Windows\system32\drivers\vsmraid.sys VIA Technologies Inc.,Ltd VIA RAID driver
C:\Windows\system32\DRIVERS\nvlddmkm.sys NVIDIA Corporation NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67
~ MBR: 10 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by RJ at 16/06/2013 09:38:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1819 Legitimates filtered by white list
End of the scan (1412 lines in 11mn 42s)(1)
Run by RJ at 16/06/2013 09:26:22
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.110
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Windows Defender W7
---\\ System Optimizer
CCleaner v3.21 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (51% free)
System Restore: Activ� (Enable)
System drive C: has 6 GB (17%) free of 33 GB
---\\ Logged in mode
~ Computer Name: RJ-PC
~ User Name: RJ
~ All Users Names: RJ, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\RJ\AppData\Roaming\
~ %Desktop% : C:\Users\RJ\Desktop\
~ %Favorites% : C:\Users\RJ\Favorites\
~ %LocalAppData% : C:\Users\RJ\AppData\Local\
~ %StartMenu% : C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 33 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 37 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 22 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 20 Go)
G:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 22:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 2/4
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/16
~ Mon Bureau (My Desktop) : 1/51
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lanc�s
[MD5.013A330F16B1CECBDE5CB6F921689523] - (...) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728] [PID.2012]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1236]
[MD5.3CA0930370D5D5D40CD261074DA3438E] - (.Symantec Corporation - Tray Application.) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe [2598760] [PID.2980]
[MD5.EE07CB7CAFF4EE1F249BA69F1A98C90B] - (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe [1309352] [PID.3132]
[MD5.090956557CC68D25C1BCA9A2703A9ABA] - (.brother - brstswnd.) -- C:\Program Files\Brownie\BrStsWnd.exe [3618104] [PID.3196]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3204]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3348]
[MD5.3588AFA5623BB8844F71F271A7A96669] - (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe [634368] [PID.3608]
[MD5.5A56936640ECF4DBC94FDB9A759EDF23] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe [90112] [PID.2932]
[MD5.BCACA78707C8B44F732CCE05918277D3] - (.brother - brcdcmon.) -- C:\Program Files\Brownie\brpjp04a.exe [99632] [PID.1780]
[MD5.19669327968537BA685F5C836180B493] - (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\systray\systrayapp.exe [94208] [PID.3512]
[MD5.66F516A78C1D220FE0F429DF5EF0DE5D] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\Windows\system32\ntvdm.exe [526848] [PID.6020]
[MD5.639B783F5BC546D8D9662881730AFF9B] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310224] [PID.5068]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.5816]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.5088]
[MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.3376]
[MD5.B8DD83B85636F7D6EC0F09B090E49130] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7494656] [PID.5880]
[MD5.E937A615D4289E83E234C3EC26092431] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.6.) -- C:\Windows\system32\nvvsvc.exe [203296] [PID.748]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1472]
[MD5.E536D1CDE3F600F49D606ADED29A50E2] - (.eSafe Security Co., Ltd. - eSafe Security Control 1.0.0.2405.) -- C:\ProgramData\eSafe\eGdpSvc.exe [360512] [PID.1528] =>PUP.eSafeSecurity
[MD5.B7B14723191CB9C319D450E4D0A298A8] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\Omiga Plus\omigaplusSvc.exe [424104] [PID.1628]
[MD5.45569383A11E33BE2348EF65AA3CEB97] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1724]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1968]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\Windows\system32\srvany.exe [8192] [PID.3140]
[MD5.82865FF17BC664C711EFA674759F9991] - (...) -- C:\Windows\KMService.exe [77824] [PID.3308]
[MD5.A1787754952A0B700E386DC7C5FA5726] - (.Symantec Corporation - Service Module.) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4590432] [PID.3356]
[MD5.21FF886E6F679FC1EB352F231E846357] - (.Symantec - Symantec Snapshot Service.) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528] [PID.4800]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2716]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\prefs.js
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\user.js
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\prefs.js
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\user.js
M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [RJ] -- C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\searchplugins\delta.xml
M3 - MFPP: Plugins - [RJ] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [RJ] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6
M0 - MFSP: prefs.js [RJ - 1g6ehhzn.default] http://www.qvo6.com =>Hijacker.Qvo6
M0 - MFSP: prefs.js [RJ - qxio7ndl.default-1361788727015] http://www.qvo6.com =>Hijacker.Qvo6
M2 - MFEP: prefs.js [RJ - 1g6ehhzn.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [RJ - 1g6ehhzn.default\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v1.5.0 (..)
M2 - MFEP: prefs.js [RJ - qxio7ndl.default-1361788727015\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
M2 - MFEP: prefs.js [RJ - qxio7ndl.default-1361788727015\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v1.5.0 (..)
P2 - FPN: [HKLM] [@Diginext.fr/VirtualGeoGP] - (.DIGINEXT - VirtualGeoGP Plugin v3.1.0.1811.) -- C:\Program Files\VirtualGeo3-GP\WebPlugin\Win32\npQtAPI3DPlugin.dll
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 79
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} . (...) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (.not file.)
O2 - BHO: Ashampoo FR - {ba679afc-8ba0-48f4-b8bf-c144e8699fbc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Ashampoo_FR\prxtbAsha.dll =>Toolbar.Conduit
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\RJ\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: barre d'outils Orange - [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} . (.Orange - IE Toolbar Container.) -- C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O3 - Toolbar: Ashampoo FR Toolbar - [HKLM]{ba679afc-8ba0-48f4-b8bf-c144e8699fbc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Ashampoo_FR\prxtbAsha.dll =>Toolbar.Conduit
O3 - Toolbar: IMinent Toolbar - [HKLM]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} . (...) -- C:\Program Files\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster
O3 - Toolbar: ZoneAlarm Security Engine - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (...) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll =>Toolbar.DeltaSearch
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Norton Ghost 15.0] . (.Symantec Corporation - Tray Application.) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
O4 - HKLM\..\Run: [BrStsWnd] . (.brother - brstswnd.) -- C:\Program Files\Brownie\BrstsWnd.exe
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (.not file.)
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [AdobeBridge] Cl� orpheline
O4 - HKCU\..\Run: [MailNotifier] . (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O4 - HKCU\..\Run: [Bubble Dock] C:\Users\RJ\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)
O4 - HKCU\..\Run: [SSync] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SSync\SSync.exe
O4 - HKCU\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\RJ\AppData\Roaming\DataMgr\DataMgr.exe
O4 - HKCU\..\Run: [SCheck] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SCheck\SCheck.exe
O4 - HKCU\..\Run: [Intermediate] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\Intermediate\Intermediate.exe
O4 - HKCU\..\Run: [Omiga Plus] . (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [AdobeBridge] Cl� orpheline
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [MailNotifier] . (...) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Bubble Dock] C:\Users\RJ\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [SSync] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SSync\SSync.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [DataMgr] . (.HTTO Group, Ltd. - Updater.) -- C:\Users\RJ\AppData\Roaming\DataMgr\DataMgr.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [SCheck] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\SCheck\SCheck.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Intermediate] . (.Pas de propri�taire - Lua Launcher.) -- C:\Users\RJ\AppData\Roaming\Intermediate\Intermediate.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [Omiga Plus] . (.Taiwan Shui Mu Chih Ching Technology Limite - Omiga Plus application.) -- C:\Program Files\Omiga Plus\omigaplus.exe
O4 - HKUS\S-1-5-21-1956852498-616345078-442485853-1000\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar: MWSnap.exe - Raccourci.lnk . (.Mirek Wojtowicz - Pas de description.) -- C:\Program Files\MWSnap\MWSnap.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: ACCES 2010.lnk . (.Microsoft Corporation - Microsoft Access.) -- C:\Program Files\Microsoft Office\Office14\MSACCESS.exe
O4 - GS\Desktop: AcroRd32.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
O4 - GS\Desktop: AOMEI Partition Assistant Home Edition 5.0.lnk . (.AOMEI Technology Co., Ltd - AOMEI Partition Assistant.) -- C:\Program Files\AOMEI Partition Assistant Home Edition 5.0\PartAssist.exe
O4 - GS\Desktop: ArchiFacile.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\ArchiFacile.exe
O4 - GS\Desktop: Ashampoo Photo Commander 9.lnk . (.ashampoo GmbH & Co. KG - Ashampoo Photo Commander 9.) -- C:\Program Files\Ashampoo\Ashampoo Photo Commander 9\apc.exe
O4 - GS\Desktop: Audacity 1.3 Beta (Unicode).lnk . (.The Audacity Team - Audacity�, the Free, Cross-Platform Sound E.) -- C:\Program Files\Audacity 1.3 Beta (Unicode)\audacity.exe
O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - GS\Desktop: Captvty.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\CapTVty\Captvty.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: Chess.lnk . (.Microsoft Corporation - Fichier ex�cutable du jeu Chess Titans.) -- C:\Program Files\Microsoft Games\Chess\Chess.exe
O4 - GS\Desktop: CRAPETTE.lnk . (...) -- C:\Program Files\Crapette Jardin Trains 32\CRAPETTE.exe
O4 - GS\Desktop: Defraggler.lnk . (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe
O4 - GS\Desktop: Easy Thumbnails.lnk . (.Fookes Software - Easy Thumbnails.) -- C:\Program Files\Easy Thumbnails\EzThumbs.exe
O4 - GS\Desktop: EDIUS-6.lnk . (.Thomson Canopus Co., Ltd. - EDIUS.) -- C:\Program Files\Grass Valley\EDIUS 6\EDIUS.exe
O4 - GS\Desktop: EPSON Photo Print.lnk . (.SEIKO EPSON CORP. - EPSON Photo Print.) -- C:\Program Files\EPSON\Photo Print\EPPApp.exe
O4 - GS\Desktop: EPSON Smart Panel.lnk . (.NewSoft - SMART PANEL.) -- C:\Program Files\EPSON\Smart Panel\SmaPanel.exe
O4 - GS\Desktop: Exact Audio Copy.lnk . (...) -- C:\Program Files\Exact Audio Copy\EAC.exe
O4 - GS\Desktop: EXCEL 2010.lnk . (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files\Microsoft Office\Office14\EXCEL.exe
O4 - GS\Desktop: FileZilla Client.lnk . (.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files\FileZilla FTP Client\filezilla.exe
O4 - GS\Desktop: firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Desktop: Free MP3 Sound Recorder.lnk . (...) -- C:\Program Files\Free MP3 Sound Recorder\mp3recorder.exe
O4 - GS\Desktop: Free Video to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - Free All Converter.) -- C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\FreeVideoToMP3Converter.exe
O4 - GS\Desktop: Free YouTube Download.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeDownload.) -- C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Desktop: Guide Edius 6.lnk . (...) -- E:\Docum\Docum RJL\Video-Edius\Guide Edius 6.pdf
O4 - GS\Desktop: HxD.lnk . (.Ma�l H�rz - HxD Hex Editor.) -- C:\Program Files\HxD\HxD.exe
O4 - GS\Desktop: Jeux.lnk . (...) -- E:\Docum\Docum RJL\Games
O4 - GS\Desktop: LaBoiteACouleurs.lnk . (.Benjamin Chartier - Color conversion tool.) -- C:\Program Files\LaBoiteACouleurs\LaBoiteACouleurs.exe
O4 - GS\Desktop: Mahjong.lnk - Cl� orpheline
O4 - GS\Desktop: MWSnap.lnk . (.Mirek Wojtowicz - Pas de description.) -- C:\Program Files\MWSnap\MWSnap.exe
O4 - GS\Desktop: MyCDPro.lnk . (.VERITAS Software Corp. - CD/DVD Mastering Application.) -- C:\Program Files\orlogix\RecordNow DX\MyCDPro.exe
O4 - GS\Desktop: Notepad++.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - GS\Desktop: Pamus MP3 Recorder.lnk . (.PapierMusique - MP3 Recorder.) -- C:\Program Files\Pamus MP3 Recorder\PaMus MP3 Recorder.exe
O4 - GS\Desktop: Photoshop.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - GS\Desktop: POWERPNT 2010.lnk . (.Microsoft Corporation - Microsoft PowerPoint.) -- C:\Program Files\Microsoft Office\Office14\POWERPNT.exe
O4 - GS\Desktop: Print Management.lnk . (...) -- C:\Windows\system32\printmanagement.msc
O4 - GS\Desktop: scLive.lnk . (...) -- C:\Program Files\SClive\scLive.exe
O4 - GS\Desktop: Solitaire.lnk - Cl� orpheline
O4 - GS\Desktop: SONY Sound Organizer.lnk . (.Sony Corporation - Sound Organizer.) -- C:\Program Files\Sony\Sound Organizer\SoundOrganizer.exe
O4 - GS\Desktop: thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\Desktop: TomTom Via-120.pdf.lnk . (...) -- E:\Docum\Docum RJL\Telechargements\52688-tomtom-via-120.pdf
O4 - GS\Desktop: VLC media player.lnk . (.VideoLAN - VLC media player 2.0.5.) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - GS\Desktop: VProConsole.lnk . (.Symantec Corporation - Norton Ghost VProConsole.) -- C:\Program Files\Norton Ghost\Console\VProConsole.exe
O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Desktop: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Desktop: WORD 2010.lnk . (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe
O4 - GS\Desktop: YouTube To MP3 Converter.lnk . (.Sofonica Ltd. - YouTube to MP3 Converter.) -- C:\Program Files\YouTube To MP3 Converter\youtubeconv.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: Notes &li�es OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.fr
O15 - Trusted Zone: [HKCU\...\Domains] http.localhost
O15 - Trusted Zone: [HKLM\...\Domains] http.geoportail.fr
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E8145856-66D5-4B12-B8EB-3D0BBCC9AE73}: NameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrowserDefendert (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe
O23 - Service: Omiga plus service (omigaplussvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\Omiga Plus\omigaplusSvc.exe
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe
~ Services: 11 Legitimates Filtered in 00mn 37s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\RJ\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.EE07CB7CAFF4EE1F249BA69F1A98C90B] [APT] [Omiga Plus RunAsStdUser] (.Taiwan Shui Mu Chih Ching Technology Limite.) -- C:\Program Files\Omiga Plus\omigaplus.exe [1309352]
[MD5.00000000000000000000000000000000] [APT] [{37114CA2-85B2-4ABF-90ED-D102F9C29872}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7A76360-7791-4879-ACF4-909EFF1B4DCD}] (...) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 06s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (cdrblock) . (.Canopus Co,. Ltd. - CD-ROM Block Filter Driver.) - C:\Windows\System32\DRIVERS\cdrblock.sys
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
O42 - Logiciel: Copy Utility - (...) [HKLM] -- Copy Utility
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta
O42 - Logiciel: EDIUS 6.01 - (.Thomson Canopus Co., Ltd..) [HKLM] -- {B91A1230-C199-421e-8F63-7235731D925E}
O42 - Logiciel: Free MP3 Sound Recorder v1.9 - (.Nbxsoft Inc..) [HKLM] -- Free MP3 Sound Recorder_is1
O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}
O42 - Logiciel: eSafe Security Control 1.0.0.2405 - (.eSafe Security Co., Ltd..) [HKLM] -- eSafeSecControl =>PUP.eSafeSecurity
~ Logic: 92 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Default Tab] =>Adware.Bandoo
[HKCU\Software\Delta]
[HKCU\Software\FSR]
[HKCU\Software\Filesland]
[HKCU\Software\GoforFiles] =>P2P.GoforFiles
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\NetIntellGames]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito
[HKCU\Software\PicturesToExe_RegType]
[HKCU\Software\Protector]
[HKCU\Software\Softonic]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WaterProof]
[HKCU\Software\f28a8ab36ee449]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\GoforFiles] =>P2P.GoforFiles
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Pocket Soft]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\V9]
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
[HKLM\Software\deskSvc]
[HKLM\Software\f28a8ab36ee449]
~ Key Software: 236 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/12/2011 - 01:23:10 - [0,925] ----D C:\Program Files\CodecOption
O43 - CFD: 15/06/2013 - 18:43:10 - [2,342] ----D C:\Program Files\Delta
O43 - CFD: 15/06/2013 - 18:50:17 - [0,008] ----D C:\Program Files\Desk 365 =>Hijacker.22Find
O43 - CFD: 15/03/2013 - 23:03:57 - [2,267] ----D C:\Program Files\Free MP3 Sound Recorder
O43 - CFD: 29/01/2013 - 17:40:10 - [4,444] ----D C:\Program Files\GoforFiles =>P2P.GoforFiles
O43 - CFD: 09/12/2011 - 01:20:04 - [266,476] ----D C:\Program Files\Grass Valley
O43 - CFD: 11/12/2011 - 23:27:02 - [7,973] ----D C:\Program Files\orlogix
O43 - CFD: 01/01/2012 - 11:30:43 - [1,465] ----D C:\Program Files\SClive
O43 - CFD: 24/02/2013 - 22:14:20 - [6,735] ----D C:\Program Files\YouTube To MP3 Converter
O43 - CFD: 15/06/2013 - 18:48:51 - [33,331] ----D C:\Program Files\Common Files\337
O43 - CFD: 19/05/2013 - 16:45:06 - [1,742] ----D C:\Program Files\Common Files\NetIntellGames Shared
O43 - CFD: 05/01/2013 - 17:34:06 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 03/08/2012 - 17:10:04 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 15/06/2013 - 18:43:14 - [7,883] ----D C:\ProgramData\BrowserDefender
O43 - CFD: 16/06/2013 - 08:48:55 - [0,688] ----D C:\ProgramData\eSafe
O43 - CFD: 28/01/2012 - 12:03:15 - [0,004] ----D C:\ProgramData\FE8
O43 - CFD: 29/01/2013 - 17:43:56 - [1,194] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 15/06/2013 - 18:50:41 - [3,727] ----D C:\Users\RJ\AppData\Roaming\337
O43 - CFD: 03/08/2012 - 17:10:04 - [0,032] ----D C:\Users\RJ\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 05/04/2013 - 09:23:21 - [0,161] ----D C:\Users\RJ\AppData\Roaming\DataMgr
O43 - CFD: 15/06/2013 - 18:43:08 - [0,259] ----D C:\Users\RJ\AppData\Roaming\Delta
O43 - CFD: 15/06/2013 - 18:48:15 - [14,314] ----D C:\Users\RJ\AppData\Roaming\Desk 365 =>Hijacker.22Find
O43 - CFD: 15/06/2013 - 18:47:32 - [5,183] ----D C:\Users\RJ\AppData\Roaming\eIntaller
O43 - CFD: 25/02/2013 - 11:50:57 - [0,487] ----D C:\Users\RJ\AppData\Roaming\FBDownloader
O43 - CFD: 29/01/2013 - 17:01:38 - [0,001] ----D C:\Users\RJ\AppData\Roaming\GoforFiles =>P2P.GoforFiles
O43 - CFD: 29/01/2013 - 17:46:38 - [0,430] ----D C:\Users\RJ\AppData\Roaming\Media Finder =>PUP.MediaFinder
O43 - CFD: 03/08/2012 - 17:11:28 - [0,333] ----D C:\Users\RJ\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 13/07/2012 - 14:56:58 - [0,041] ----D C:\Users\RJ\AppData\Roaming\WaterProof
O43 - CFD: 29/01/2013 - 17:42:51 - [0] ----D C:\Users\RJ\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 29/01/2013 - 17:46:20 - [0,000] ----D C:\Users\RJ\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 15/06/2013 - 18:43:18 - [0,001] ----D C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
~ Program Folder: 224 Legitimates Filtered in 00mn 57s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.8695F75799F314AEFD4922C73B257E30] - 16/06/2013 - 07:47:33 ---A- . (...) -- C:\Windows\Brownie.ini [409]
O44 - LFC:[MD5.1574DD9D409F2DC45CF82C22B99164A4] - 15/06/2013 - 17:48:55 ---A- . (...) -- C:\Windows\System32\pdfcmnnt.dll [116224]
O44 - LFC:[MD5.F07BF02D664F0255C2B3AB6C29AA2F21] - 12/06/2013 - 08:45:37 ---A- . (.France Telecom SA - Pas de description.) -- C:\Windows\System32\Autodial2000.dll [65536]
~ Files: 50 Legitimates Filtered in 01mn 08s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.ECA9340BB8C97BA32C8B6838FF8A85E4] - 15/06/2013 - 19:34:37 ---A- - C:\Windows\Prefetch\WLUA.EXE-0665EF61.pf
O45 - LFCP:[MD5.DAC5CBA8353E599930200E875C81B760] - 15/06/2013 - 20:47:25 ---A- - C:\Windows\Prefetch\SMAPANEL.EXE-A340B69D.pf
O45 - LFCP:[MD5.8E60AA9A2E27FADE920989A6D85F2FE8] - 15/06/2013 - 21:43:50 ---A- - C:\Windows\Prefetch\FILE.EXE-BB20D208.pf
O45 - LFCP:[MD5.5AE9CF831F7E292F8323C041D3D3A623] - 15/06/2013 - 22:07:01 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-399F8FF5.pf
O45 - LFCP:[MD5.DCF2E7E0D07A6E0BCCB23689763CA01E] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\BRSTSWND.EXE-CC8AAC01.pf
O45 - LFCP:[MD5.87747E3FF6306787F08FC60EC3296E81] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\KMSERVICE.EXE-9D935429.pf
O45 - LFCP:[MD5.6BDE73D07254E3344D91469EF8C0BF0A] - 16/06/2013 - 07:47:36 ---A- - C:\Windows\Prefetch\SESSIONMANAGER.EXE-C0ABC68C.pf
O45 - LFCP:[MD5.5B8C47A6393D87010D187DDAB360C8C6] - 16/06/2013 - 07:48:55 ---A- - C:\Windows\Prefetch\SYMSNAPSERVICE.EXE-41354E93.pf
O45 - LFCP:[MD5.837D965CEFA98E2ABA4D0FD14299C6D7] - 16/06/2013 - 08:15:36 ---A- - C:\Windows\Prefetch\PLUSAPP.EXE-CCBBCB0A.pf
O45 - LFCP:[MD5.FC56689245E7CD2C6D81750C2C78F04C] - 16/06/2013 - 08:15:56 ---A- - C:\Windows\Prefetch\DUP.EXE-EB7BFB9D.pf
~ Prefetcher: 96 Legitimates Filtered in 00mn 01s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{47efdbbd-3864-11e1-bd04-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.)
O51 - MPSK:{88753e5b-a24d-11e1-8fe6-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.)
O51 - MPSK:{88753e80-a24d-11e1-8fe6-00030d4e86a1}\AutoRun\command. (...) -- H:\laucher.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.CDV5"="cdv5codc.dll" . (.Thomson Canopus Co., Ltd. - DVCPRO 50 Codec Front-End.) -- C:\Windows\System32\cdv5codc.dll
O52 - TDSD: \Drivers32\"vidc.CLLC"="cllccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus Lossless Codec Front-End.) -- C:\Windows\System32\cllccodc.dll
O52 - TDSD: \Drivers32\"vidc.CUVC"="cuvccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus HQ Codec Front-End.) -- C:\Windows\System32\cuvccodc.dll
O52 - TDSD: \Drivers32\"vidc.CDVC"="cdvccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus DV Codec Front-End.) -- C:\Windows\System32\cdvccodc.dll
O52 - TDSD: \Drivers32\"vidc.CDVH"="cdvhcodc.dll" . (.Thomson Canopus Co., Ltd. - DVCPRO HD Codec Front-End.) -- C:\Windows\System32\cdvhcodc.dll
O52 - TDSD: \Drivers32\"vidc.CMIC"="cmiccodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus MPEG2-Intra Codec Front-End.) -- C:\Windows\System32\cmiccodc.dll
O52 - TDSD: \Drivers32\"vidc.CHQX"="chqxcodc.dll" . (.Thomson Canopus Co., Ltd. - Canopus HQX Codec Front-End.) -- C:\Windows\System32\chqxcodc.dll
O52 - TDSD: \Drivers32\"vidc.C210"="c210codc.dll" . (.Thomson Canopus Co., Ltd. - Canopus C210 Codec Front-End.) -- C:\Windows\System32\c210codc.dll
O52 - TDSD: \drivers.desc\"cdv5codc.dll"="DVCPRO50 Codec" . (.Thomson Canopus Co., Ltd. - DVCPRO 50 Codec Front-End.) -- C:\Windows\System32\cdv5codc.dll
O52 - TDSD: \drivers.desc\"cllccodc.dll"="Canopus Lossles Codec" . (.Thomson Canopus Co., Ltd. - Canopus Lossless Codec Front-End.) -- C:\Windows\System32\cllccodc.dll
O52 - TDSD: \drivers.desc\"cuvccodc.dll"="Canopus HQ Codec" . (.Thomson Canopus Co., Ltd. - Canopus HQ Codec Front-End.) -- C:\Windows\System32\cuvccodc.dll
O52 - TDSD: \drivers.desc\"cdvccodc.dll"="Canopus DV Codec" . (.Thomson Canopus Co., Ltd. - Canopus DV Codec Front-End.) -- C:\Windows\System32\cdvccodc.dll
O52 - TDSD: \drivers.desc\"cdvhcodc.dll"="DVCPRO HD Codec" . (.Thomson Canopus Co., Ltd. - DVCPRO HD Codec Front-End.) -- C:\Windows\System32\cdvhcodc.dll
O52 - TDSD: \drivers.desc\"cmiccodc.dll"="Canopus MPEG2-Intra Codec" . (.Thomson Canopus Co., Ltd. - Canopus MPEG2-Intra Codec Front-End.) -- C:\Windows\System32\cmiccodc.dll
O52 - TDSD: \drivers.desc\"chqxcodc.dll"="Canopus HQX Codec" . (.Thomson Canopus Co., Ltd. - Canopus HQX Codec Front-End.) -- C:\Windows\System32\chqxcodc.dll
O52 - TDSD: \drivers.desc\"c210codc.dll"="Canopus C210 Codec" . (.Thomson Canopus Co., Ltd. - Canopus C210 Codec Front-End.) -- C:\Windows\System32\c210codc.dll
~ TDSD: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.47E6301D245AB061B9853B90A46AE55A] - 26/12/2011 - 14:27:22 ---A- . (...) -- C:\Windows\System32\ampa.sys [12728]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 15/06/2013 - 17:41:44 ---A- C:\Users\RJ\Downloads\UpdateMyDrivers.exe [625784]
O61 - LFC: 15/06/2013 - 17:43:20 ---A- C:\Users\RJ\AppData\Roaming\Babylon\log_file.txt [33435] =>Toolbar.Babylon
O61 - LFC: 15/06/2013 - 17:46:08 ---A- C:\Users\RJ\Downloads\Express_Installer.exe [896296]
O61 - LFC: 15/06/2013 - 17:47:35 ---A- C:\Users\RJ\AppData\Roaming\eIntaller\138BAF563E5B4330AA0EDB2EB79660F1\eXQ.exe [718392]
O61 - LFC: 15/06/2013 - 17:47:37 ---A- C:\Users\RJ\AppData\Roaming\eIntaller\138BAF563E5B4330AA0EDB2EB79660F1\eGdpSvc.exe [360512]
O61 - LFC: 15/06/2013 - 17:47:54 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\accelerate [0] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:54 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\firstrun [0] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\desk_bkg_list.xml [1434] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote.xml [5926] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\337.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\GameCenter.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\barbie.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\google.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\mario.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\twitter.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\v9.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:47:55 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\youtube.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\firefox_fe2bcde9913d7453ceb971292c1b4eb5.ico [295606] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\iexplore_650873050cc7c9b2baabda6f23290be5.ico [82151] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:11 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\sysicons\imageres.dll_104.ico [99567] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\desk_list.xml [3472] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\icons\chrome_94eed6fc6a998cc6b2d0611ab1a3b555.ico [55773] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:12 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\sysicons\shell32.dll_21.ico [29926] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:16 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:17 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\1\angrybirds.db [994] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:18 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\3\BigFarm.db [890] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:18 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico [82726] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:20 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\4\Empire.db [872] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:20 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\4\Empire.ico [82726] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:21 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\35\Gmail.ico [13262] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:22 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\35\Gmail.db [778] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:23 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\39\ESPN.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:24 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\39\ESPN.db [920] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:24 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:25 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\41\gcalendar.db [858] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:26 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\42\pulse.db [764] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:26 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\app\config\42\pulse.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:28 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:28 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:29 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico [15086] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:30 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:31 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:31 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico [13942] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:48:44 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe [10434864] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:50:13 ---A- C:\Users\RJ\AppData\Roaming\Desk 365\process_mgr.xml [220] =>Hijacker.22Find
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml [634]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml [1449]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml [5568]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\main [10]
O61 - LFC: 15/06/2013 - 17:50:40 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml [334]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe [151736]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\ebase.dll [643256]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\libpng.dll [181944]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\msvcp100.dll [421048]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\msvcr100.dll [773816]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll [1323704]
O61 - LFC: 15/06/2013 - 17:50:41 ---A- C:\Users\RJ\AppData\Roaming\337\337 Wallpaper\plusapp.exe [399544]
~ 114 Fichiers temporaires (Temporary files)
~ Files: 528 Legitimates Filtered in 03mn 03s
---\\ Alternate Data Stream File (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\cyggcc_s-1.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\cygwin1.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\js32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\libeay32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\libssl32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\mediainfo.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr70.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr90.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Newtonsoft.Json.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\plc4.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\plds4.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\xpcom_core.dll:Zone.Identifier
~ ADS: Scanned in 00mn 03s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 26/12/2011 - Pas de propri�taire (ampa) .(...) - LEGACY_AMPA
~ Legacy: 87 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.id", "d4dc7b88000000000000001302e0f4a1");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.instlDay", "15871");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsnTs", "1.8.21.518:43:13");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.babTrack", "affID=121845&tt=120613_adn");
O69 - SBI: prefs.js [RJ - qxio7ndl.default-1361788727015] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {8124EBEF-7167-465E-AA26-00A2EB434907} - (Protection ZoneAlarm Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {842E4332-A0F1-42AC-B88D-3882B166B220} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (Search) - http://search.fbdownloader.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
E:\Docum\Docum RJL\Telechargements\WeTransfer-8tEEpCQH\keygen.exe
~ Files: Scanned in 03mn 52s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.38A9142BA7B74DB9A68B3691C970BD89] [SPRF][19/05/2013] (...) -- C:\Users\RJ\AppData\Local\Temp\ginstall.dll [55296]
[MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\RJ\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104]
[MD5.E2DDF0C517A4547D39D25CE4EC8C5536] [SPRF][09/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\RJ\AppData\Local\Temp\uninst1.exe [395848] =>Toolbar.Babylon
[MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][26/05/2013] (...) -- C:\Users\RJ\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790]
[MD5.EACFDDEF9C267B2922CBA7E1DF4503C3] [SPRF][07/02/2012] (.Microsoft Corporation - Pas de description.) -- C:\Users\RJ\Desktop\PowerPointViewer.exe [63347104]
~ Files: Scanned in 00mn 03s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{DB7A9DDB-F29C-4438-9E9B-20F966921849}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\ZoneLabs\vsmon.exe (.not file.)
O87 - FAEL: "{54B452EF-FAC9-4073-AF0D-D6436C208625}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\ZoneLabs\vsmon.exe (.not file.)
O87 - FAEL: "{3356EDAF-BA1C-4B60-BB0C-93960A2905C6}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{DBEA3323-DA63-493D-9197-F01E29B278D5}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{B5700C68-D6F1-403B-BB2E-4FE2578F7D90}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{3B9FB57E-C7F7-4218-9B07-47716A4A158F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{2452BE0F-90B5-4ACE-88B6-D84DCBBDF0E6}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Tidy Favorites\tidyfavorites.exe (.not file.)
O87 - FAEL: "{FAFF4FD0-E6FB-4A5F-AC33-0B46D9BE40AD}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{7283D4E8-34BD-4EB4-B294-7B17C859CBA7}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{F311DB99-F83F-47C0-9EAD-9BC29413A95C}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{A8C86D31-74BE-4905-AC74-F1832F9D6D15}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "TCP Query User{41B90C8F-63A7-499B-B35B-0F9A3696F118}C:\program files\netintellgames\net spite and malice 6\spite.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\netintellgames\net spite and malice 6\spite.exe (.not file.)
O87 - FAEL: "UDP Query User{C534A862-5822-42D9-9363-3442B2CBD614}C:\program files\netintellgames\net spite and malice 6\spite.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\netintellgames\net spite and malice 6\spite.exe (.not file.)
~ Firewall: 222 Legitimates Filtered in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.12472 - (13/06/2013)
Cl�s trouv�es (Keys found) : 245
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 24
Fichiers trouv�s (Files found) : 5
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba679afc-8ba0-48f4-b8bf-c144e8699fbc}] =>Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_FR Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\default tab] =>Adware.IMBooster
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA679AFC-8BA0-48F4-B8BF-C144E8699FBC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{5D4E6FF7-385A-47A3-9E4D-B6A4D9DAAB75}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D4E6FF7-385A-47A3-9E4D-B6A4D9DAAB75}] =>Toolbar.Agent
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder
[HKLM\Software\Classes\gencrawler_gc.GenCrawler] =>PUP.MediaFinder
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Protector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\qvo6Software] =>Hijacker.Qvo6
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar] =>Toolbar.ZoneAlarm
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito
[HKLM\SYSTEM\CurrentControlSet\Services\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2481024] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2613520] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Media Finder =>PUP.MediaFinder
C:\Program Files\Ashampoo_FR =>Toolbar.Agent
C:\Program Files\Desk 365 =>Hijacker.22find
C:\Program Files\Common Files\337 =>Hijacker.22find
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\BrowserDefender =>Hijacker.Eazel
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder =>PUP.MediaFinder
C:\Users\RJ\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\RJ\AppData\Roaming\media finder =>PUP.MediaFinder
C:\Users\RJ\AppData\Roaming\OfferBox =>PUP.OfferBox
C:\Users\RJ\AppData\Roaming\DataMgr =>PUP.Datamngr
C:\Users\RJ\AppData\Roaming\Desk 365 =>Hijacker.22find
C:\Users\RJ\AppData\Roaming\337 =>Hijacker.22find
C:\Users\RJ\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\RJ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder
C:\Users\RJ\AppData\Local\lollipop =>Adware.Lollipop
C:\Users\RJ\AppData\Local\SwvUpdater =>PUP.Software.Updater
C:\Users\RJ\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\RJ\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\RJ\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\RJ\AppData\LocalLow\Ashampoo_FR =>Toolbar.Agent
C:\Users\RJ\AppData\Local\Temp\Desk365 =>Hijacker.22find
C:\Users\RJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\1g6ehhzn.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\qxio7ndl.default-1361788727015\bprotector_prefs.js =>PUP.BProtector
C:\Users\RJ\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Windows\KMService.exe =>Hijacker.Windows
~ Additionnel Scan: 232365 Items scanned in 01mn 01s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "03FF5588EC911BC46A45783B3896CC1E" . (.orlogix RecordNow DX.) -- C:\Windows\Installer\{8855FF30-19CE-4CB1-A654-87B38369CCE1}\MyCDPro.exe
O90 - PUC: "D6847F355B14711498418AB5D0DBCD70" . (.Sound Organizer.) -- C:\Windows\Installer\{53F7486D-41B5-4117-8914-A85B0DBDDC07}\ARPPRODUCTICON.exe
~ Update Products: 55 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\f28a8ab36ee449\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\f28a8ab36ee449\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\f28a8ab36ee449] =>Toolbar.Babylon^
[HKCU\Software\f28a8ab36ee449]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\f28a8ab36ee449]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\f28a8ab36ee449]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKCU\Software\f28a8ab36ee449]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\f28a8ab36ee449]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\f28a8ab36ee449]:SERVICE_NAME="BrowserDefendert"
[HKCU\Software\f28a8ab36ee449]:usrcheckbox="1"
[HKCU\Software\f28a8ab36ee449]:version="2.6.1339.144"
[HKLM\Software\f28a8ab36ee449]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\f28a8ab36ee449]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\f28a8ab36ee449]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKLM\Software\f28a8ab36ee449]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\f28a8ab36ee449]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\f28a8ab36ee449]:SERVICE_NAME="BrowserDefendert"
[HKLM\Software\f28a8ab36ee449]:usrcheckbox="1"
[HKLM\Software\f28a8ab36ee449]:version="2.6.1339.144"
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2827728 | (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
SR - | Auto 15/06/2013 360512 | (eSafeSvc) . (.eSafe Security Co., Ltd..) - C:\ProgramData\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
SS - | Auto 11/12/2007 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Demand 12/02/2010 1574408 | (GenericMount Helper Service) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
SS - | Auto 09/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Demand 26/09/2007 2999664 | C:\Program Files\Symantec\LIVEUP~1\LUCOMS~1.exe (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.exe
SR - | Auto 03/03/2010 4590432 | (Norton Ghost) . (.Symantec Corporation.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
SR - | Auto 06/03/2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 15/06/2013 424104 | (omigaplussvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\Omiga Plus\omigaplusSvc.exe
SS - | Demand 08/11/2012 174176 | (PACSPTISVR-Sound_Organizer) . (.Sony Corporation.) - C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Demand 21/09/2009 1964528 | (SymSnapService) . (.Symantec.) - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
SS - | Demand 0 | (wampapache) . (...) - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
SS - | Demand 0 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 15/06/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by RJ at 16/06/2013 09:38:03
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll vsmraid.sys dxgkrnl.sys nvlddmkm.sys ndis.sys intelppm.sys tunnel.sys rassstp.sys Rt86win7.sys pacer.sys tcpip.sys NETIO.SYS tdx.sys afd.sys netw5v32.sys
C:\Windows\system32\drivers\vsmraid.sys VIA Technologies Inc.,Ltd VIA RAID driver
C:\Windows\system32\DRIVERS\nvlddmkm.sys NVIDIA Corporation NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67
~ MBR: 10 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by RJ at 16/06/2013 09:38:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1819 Legitimates filtered by white list
End of the scan (1412 lines in 11mn 42s)(1)