Publicité
Publicité
Format du document : text/plain
Prévisualisation
script zhpfix
G1 - GCS: Preference [User Data\Default] http://start.mysearchdial.com =>Adware.MyWebSearch
P2 - FPN: [HKLM] [@ei.MapsGalaxy_39.com/Plugin] - (...) -- C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (.not file.) =>Adware.MapsGalaxy
O2 - BHO: Discount Dragon BHO - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} . (.Pas de propri�taire - FrameworkBHO.) -- C:\Program Files\Discount Dragon\FrameworkBHO.dll =>PUP.DiscountDragon
O4 - GS\Desktop [Public]: Express Zip - Logiciel de compression de fichiers.lnk . (...) -- C:\Program Files\NCH Software\ExpressZip\expresszip.exe (.not file.)
O4 - GS\QuickLaunch [Didier]: iMesh.lnk . (...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O4 - GS\Desktop [Didier]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe (.not file.) =>Toolbar.DeltaSearch
O4 - HKLM\..\Run: [fst_fr_35] Cl� orpheline =>PUA.FSTfr9
[MD5.00000000000000000000000000000000] [APT] [{DC96D344-F843-4542-AB9D-E40023A2E0C6}] (...) -- H:\JMicron\JMB36x\Windows 7\setup.exe (.not file.) [0]
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {E4C70B89-CE95-4A69-A749-1D1BC45119D7} =>Adware.Boxore
O42 - Logiciel: saVenshaire - (.savEnoshAre.) [HKLM] -- {62D82EC1-0D3A-DF54-8E3E-07E1337A5311} =>Adware.SaveShare
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKLM\Software\Discount Dragon] =>PUP.DiscountDragon
O43 - CFD: 22/12/2013 - 16:53:28 - [1,038] ----D C:\Program Files\Discount Dragon =>PUP.DiscountDragon
O43 - CFD: 30/12/2013 - 09:36:44 - [3,246] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 21/12/2013 - 18:33:43 - [0,005] ----D C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O45 - LFCP:[MD5.C7112A03668FA99DF4373B2114C3E48B] - 04/01/2014 - 17:22:57 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-F2A3F4DA.pf =>PUP.Wajam
O45 - LFCP:[MD5.37D819BF1C77D0745C1E1D877ACA5CB3] - 04/01/2014 - 17:23:13 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-E732FCF0.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.44A1546535C75743CAE340A50BF5C35B] - 04/01/2014 - 17:23:33 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-C40F010F.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.095B8F287687C2547825EE1B3ED261A3] - 04/01/2014 - 17:23:41 ---A- - C:\Windows\Prefetch\MOBOGENIE_SETUP_UN.EXE-A55F52E8.pf
O45 - LFCP:[MD5.5BB1E7C0C4CF6506E03F0C1BE7900DCC] - 04/01/2014 - 18:13:32 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-D63CDE8D.pf
O51 - MPSK:{3427f347-9c3e-11e1-8374-6c626d3dbe00}\AutoRun\command. (...) -- H:\index.html (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Didier\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar
[MD5.67C095AF91363B35F47BD65F786509F5] [SPRF][31/12/2013] (.Pas de propri�taire - rnweinumwwr.) -- C:\Users\Didier\AppData\Local\Temp\fiybtkftfnqo.exe [32256]
O87 - FAEL: "{5EBC0F6F-591E-45E8-97EE-1841E27D6DAA}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{6FC0D143-47E2-45A7-AF70-4C9A76D4935A}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{12BF0139-C8C9-45D3-91A3-46C3A925049A}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{9EC9E386-A9D6-4ED8-930F-34CA2323722D}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{A676317F-6DA4-477A-883B-ED506D4CC5ED}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{B10F5264-F7D0-4961-BC53-D571BC3D780D}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{4FF9E25D-B978-4D5B-8585-67C73959A20E}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\DownTango.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{A6DB9F45-F0E6-4AED-B6E7-ADEE2B70DAF0}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\DownTango.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{BEBBB2E6-4432-483B-A52F-8456E95387AF}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\pyload-dist\pyLoadCore.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{23BA6637-234A-4492-B97D-5544DD2F68E2}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\pyload-dist\pyLoadCore.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{F9699FB1-34D6-495C-AFF9-98F16ED6AE9E}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Didier\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace
O87 - FAEL: "{90A126CA-4E5B-455F-BC9C-4734140AC50E}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Didier\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace
O87 - FAEL: "{29CB774A-69B5-4774-AF56-CBA42A1879FB}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{24B235D9-5DEB-40FC-BDFF-EAC8743DAC7D}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "TCP Query User{250850D1-FFF3-4066-9065-42E348EB37A6}C:\program files\imesh applications\imesh\imesh.exe" |In - Private - P6 - FALSE | .(...) -- C:\program files\imesh applications\imesh\imesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "UDP Query User{34B621BA-A977-4C11-A919-C7EADAFFF55C}C:\program files\imesh applications\imesh\imesh.exe" |In - Private - P17 - FALSE | .(...) -- C:\program files\imesh applications\imesh\imesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "TCP Query User{0B3C4BFA-D9CF-48A8-9CCA-5ED9259AB8AF}C:\windows\keygen.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
O87 - FAEL: "UDP Query User{5781C547-FEBB-44C6-BA40-ACC5D129FF99}C:\windows\keygen.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
O90 - PUC: "98B07C4E59EC96A47A94D1B14C15917D" . (.Boxore Client.) -- C:\Windows\Installer\{E4C70B89-CE95-4A69-A749-1D1BC45119D7}\boxore.ico =>Adware.Boxore
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\391283b1.msi [343040] =>PUP.Babylon
[MD5.CAB419763C92DDA8461F9ECFEBF7B951] [WIS][28/01/2013] (.iMesh Inc. - iMesh.) -- C:\Windows\Installer\3a434d.msi [331776] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}] =>PUP.DiscountDragon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4C70B89-CE95-4A69-A749-1D1BC45119D7}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}] =>Adware.SaveShare^
[HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{03480F0D-7897-4FC0-86D8-18B6FF450D2A}] =>Adware.MapsGalaxy
[HKLM\Software\Classes\Interface\{09B8C335-1622-42C7-8650-A79D56551343}] =>Adware.MapsGalaxy
[HKLM\Software\Classes\TypeLib\{65B63E36-72E0-492F-AB29-BED6DA43125B}] =>Adware.MapsGalaxy
[HKLM\Software\Classes\MapsGalaxy_39Installer.Start] =>Adware.MapsGalaxy
[HKLM\Software\Classes\MapsGalaxy_39Installer.Start.1] =>Adware.MapsGalaxy
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_35 =>PUA.FSTfr9^
C:\Program Files\Discount Dragon =>PUP.DiscountDragon^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKLM\Software\Discount Dragon] =>PUP.DiscountDragon^
C:\Windows\Installer\391283b1.msi =>PUP.Babylon^
C:\Windows\Installer\3a434d.msi =>PUP.iMesh^
C:\Windows\AutoKMS.exe =>Trojan.Keygen
SysRestore
FirewallRAZ
EmptyCLSID
EmptyTemp
EmptyFlash
G1 - GCS: Preference [User Data\Default] http://start.mysearchdial.com =>Adware.MyWebSearch
P2 - FPN: [HKLM] [@ei.MapsGalaxy_39.com/Plugin] - (...) -- C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (.not file.) =>Adware.MapsGalaxy
O2 - BHO: Discount Dragon BHO - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} . (.Pas de propri�taire - FrameworkBHO.) -- C:\Program Files\Discount Dragon\FrameworkBHO.dll =>PUP.DiscountDragon
O4 - GS\Desktop [Public]: Express Zip - Logiciel de compression de fichiers.lnk . (...) -- C:\Program Files\NCH Software\ExpressZip\expresszip.exe (.not file.)
O4 - GS\QuickLaunch [Didier]: iMesh.lnk . (...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O4 - GS\Desktop [Didier]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe (.not file.) =>Toolbar.DeltaSearch
O4 - HKLM\..\Run: [fst_fr_35] Cl� orpheline =>PUA.FSTfr9
[MD5.00000000000000000000000000000000] [APT] [{DC96D344-F843-4542-AB9D-E40023A2E0C6}] (...) -- H:\JMicron\JMB36x\Windows 7\setup.exe (.not file.) [0]
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {E4C70B89-CE95-4A69-A749-1D1BC45119D7} =>Adware.Boxore
O42 - Logiciel: saVenshaire - (.savEnoshAre.) [HKLM] -- {62D82EC1-0D3A-DF54-8E3E-07E1337A5311} =>Adware.SaveShare
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKLM\Software\Discount Dragon] =>PUP.DiscountDragon
O43 - CFD: 22/12/2013 - 16:53:28 - [1,038] ----D C:\Program Files\Discount Dragon =>PUP.DiscountDragon
O43 - CFD: 30/12/2013 - 09:36:44 - [3,246] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 21/12/2013 - 18:33:43 - [0,005] ----D C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O45 - LFCP:[MD5.C7112A03668FA99DF4373B2114C3E48B] - 04/01/2014 - 17:22:57 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-F2A3F4DA.pf =>PUP.Wajam
O45 - LFCP:[MD5.37D819BF1C77D0745C1E1D877ACA5CB3] - 04/01/2014 - 17:23:13 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-E732FCF0.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.44A1546535C75743CAE340A50BF5C35B] - 04/01/2014 - 17:23:33 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-C40F010F.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.095B8F287687C2547825EE1B3ED261A3] - 04/01/2014 - 17:23:41 ---A- - C:\Windows\Prefetch\MOBOGENIE_SETUP_UN.EXE-A55F52E8.pf
O45 - LFCP:[MD5.5BB1E7C0C4CF6506E03F0C1BE7900DCC] - 04/01/2014 - 18:13:32 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-D63CDE8D.pf
O51 - MPSK:{3427f347-9c3e-11e1-8374-6c626d3dbe00}\AutoRun\command. (...) -- H:\index.html (.not file.)
O68 - StartMenuInternet:
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar
[MD5.67C095AF91363B35F47BD65F786509F5] [SPRF][31/12/2013] (.Pas de propri�taire - rnweinumwwr.) -- C:\Users\Didier\AppData\Local\Temp\fiybtkftfnqo.exe [32256]
O87 - FAEL: "{5EBC0F6F-591E-45E8-97EE-1841E27D6DAA}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{6FC0D143-47E2-45A7-AF70-4C9A76D4935A}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{12BF0139-C8C9-45D3-91A3-46C3A925049A}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{9EC9E386-A9D6-4ED8-930F-34CA2323722D}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{A676317F-6DA4-477A-883B-ED506D4CC5ED}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{B10F5264-F7D0-4961-BC53-D571BC3D780D}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{4FF9E25D-B978-4D5B-8585-67C73959A20E}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\DownTango.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{A6DB9F45-F0E6-4AED-B6E7-ADEE2B70DAF0}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\DownTango.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{BEBBB2E6-4432-483B-A52F-8456E95387AF}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\pyload-dist\pyLoadCore.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{23BA6637-234A-4492-B97D-5544DD2F68E2}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\Red Sky\DownTango\pyload-dist\pyLoadCore.exe (.not file.) =>Adware.DownTango
O87 - FAEL: "{F9699FB1-34D6-495C-AFF9-98F16ED6AE9E}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Didier\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace
O87 - FAEL: "{90A126CA-4E5B-455F-BC9C-4734140AC50E}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Didier\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace
O87 - FAEL: "{29CB774A-69B5-4774-AF56-CBA42A1879FB}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{24B235D9-5DEB-40FC-BDFF-EAC8743DAC7D}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "TCP Query User{250850D1-FFF3-4066-9065-42E348EB37A6}C:\program files\imesh applications\imesh\imesh.exe" |In - Private - P6 - FALSE | .(...) -- C:\program files\imesh applications\imesh\imesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "UDP Query User{34B621BA-A977-4C11-A919-C7EADAFFF55C}C:\program files\imesh applications\imesh\imesh.exe" |In - Private - P17 - FALSE | .(...) -- C:\program files\imesh applications\imesh\imesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "TCP Query User{0B3C4BFA-D9CF-48A8-9CCA-5ED9259AB8AF}C:\windows\keygen.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
O87 - FAEL: "UDP Query User{5781C547-FEBB-44C6-BA40-ACC5D129FF99}C:\windows\keygen.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\keygen.exe (.not file.)
O90 - PUC: "98B07C4E59EC96A47A94D1B14C15917D" . (.Boxore Client.) -- C:\Windows\Installer\{E4C70B89-CE95-4A69-A749-1D1BC45119D7}\boxore.ico =>Adware.Boxore
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\391283b1.msi [343040] =>PUP.Babylon
[MD5.CAB419763C92DDA8461F9ECFEBF7B951] [WIS][28/01/2013] (.iMesh Inc. - iMesh.) -- C:\Windows\Installer\3a434d.msi [331776] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}] =>PUP.DiscountDragon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4C70B89-CE95-4A69-A749-1D1BC45119D7}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}] =>Adware.SaveShare^
[HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{03480F0D-7897-4FC0-86D8-18B6FF450D2A}] =>Adware.MapsGalaxy
[HKLM\Software\Classes\Interface\{09B8C335-1622-42C7-8650-A79D56551343}] =>Adware.MapsGalaxy
[HKLM\Software\Classes\TypeLib\{65B63E36-72E0-492F-AB29-BED6DA43125B}] =>Adware.MapsGalaxy
[HKLM\Software\Classes\MapsGalaxy_39Installer.Start] =>Adware.MapsGalaxy
[HKLM\Software\Classes\MapsGalaxy_39Installer.Start.1] =>Adware.MapsGalaxy
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_35 =>PUA.FSTfr9^
C:\Program Files\Discount Dragon =>PUP.DiscountDragon^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKLM\Software\Discount Dragon] =>PUP.DiscountDragon^
C:\Windows\Installer\391283b1.msi =>PUP.Babylon^
C:\Windows\Installer\3a434d.msi =>PUP.iMesh^
C:\Windows\AutoKMS.exe =>Trojan.Keygen
SysRestore
FirewallRAZ
EmptyCLSID
EmptyTemp
EmptyFlash