Problème holasearch

Résolu
29-57 Messages postés 58 Statut Membre -  
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
J'ai découvert ce matin que mon navigateur au lieu de lancer google lancer la barre holasearch. Après avoir cherché sur internet l'origine de ce holasearch, j'ai constaté qu'il s'agissait d'un logiciel malveillant. J'ai parcouru une discussion sur le forum de Comment ça marche ? et animée par une personne se prénommant Gabriel sur le même sujet. Je souhaiterai que l'on puisse m'aider de la même manière. D'avance merci pour vos réponses.

44 réponses

Précédent
Réponse 21 / 44
29-57 Messages postés 58 Statut Membre
 
Bonsoir,
Tu as vraiment de la patience !
J'ai fait tout ce que tu m'as dit et cette fois si avec succès (je m'améliore !!!)
Voici le rapport :

Rapport de ZHPFix 2013.6.4.1 par Nicolas Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-09-06-2013-07-44-52.txt
Fichier d'export Registre :
Run by Parents at 09/06/2013 07:44:51
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Corbeille vidée

========== Logiciel(s) ==========
ABSENT Uninstall Process: c:\program files\plus-hd-2.6\uninstall.exe

========== Processus mémoire ==========
SUPPRIME Memory Process: C:\Users\Parents\AppData\Roaming\BabSolution\Shared\BabMaint.exe
SUPPRIME Memory Process: C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe
SUPPRIME Memory Process: C:\Program Files\Spybot2 - Search & Destroy\SDWinSec.exe

========== Clé(s) du Registre ==========
SUPPRIME [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.6]
SUPPRIME Key: HKCU\Software\AppDataLow\Software\Plus-HD-2.6
SUPPRIME Key: CLSID BHO: {a83c3565-302c-4bf8-b000-6b6f1811d892}
SUPPRIME Key: HKCU\Software\AppDataLow\Software\Crossrider
SUPPRIME Key: HKCU\Software\BabylonToolbar
SUPPRIME Key: HKCU\Software\InstallCore
SUPPRIME Key: HKCU\Software\InstalledBrowserExtensions
SUPPRIME Key: HKLM\Software\Babylon
SUPPRIME Key: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SUPPRIME Key: SearchScopes :{e4a1ece8-ed94-4f93-80ea-75f978ceaf24}
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a83c3565-302c-4bf8-b000-6b6f1811d892}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
SUPPRIME Key: HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB525538DB364CE4495200ECDA84942C
SUPPRIME Key: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\eorezo
SUPPRIME Key: HKLM\Software\Classes\Prod.cap
SUPPRIME Key: HKLM\Software\Classes\Installer\Features\02639FE151B44BD40BAE88E9F2810718
SUPPRIME Key: HKLM\Software\Classes\Installer\Products\02639FE151B44BD40BAE88E9F2810718
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02639FE151B44BD40BAE88E9F2810718
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
SUPPRIME Key: HKLM\Software\Google\Chrome\Extensions\bdcfkjjffkboloijgealjeijakofmalg
ABSENT Key: HKCU\Software\InstalledBrowserExtensions\
SUPPRIME Key: HKLM\Software\Google\Chrome\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla
SUPPRIME Key: HKLM\Software\Classes\CrossriderApp0033440.BHO
SUPPRIME Key: HKLM\Software\Classes\CrossriderApp0033440.BHO.1
SUPPRIME Key: HKLM\Software\Classes\CrossriderApp0033440.Sandbox
SUPPRIME Key: HKLM\Software\Classes\CrossriderApp0033440.Sandbox.1
SUPPRIME Key: HKLM\Software\Classes\Freecompressor.Spointer
SUPPRIME Key: HKLM\Software\Classes\Freecompressor.Spointer.1
SUPPRIME Key: HKLM\Software\Classes\Freecompressor.SpointerCtrl
SUPPRIME Key: HKLM\Software\Classes\Freecompressor.SpointerCtrl.1
SUPPRIME Key: HKLM\Software\Classes\Freecompressor.SpointerWebDisp
SUPPRIME Key: HKLM\Software\Classes\Freecompressor.SpointerWebDisp.1
SUPPRIME Key: HKLM\Software\Classes\Widestream6.Spointer.1
SUPPRIME Key: HKLM\Software\Classes\Widestream6.SpointerCtrl.1
SUPPRIME Key: HKLM\Software\Classes\Widestream6.SpointerWebDisp.1
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}
SUPPRIME Key: HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311341140}
SUPPRIME Key: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342240}
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}
ABSENT Key: \Software\Classes\Installer\Products\\02639FE151B44BD40BAE88E9F2810718
SUPPRIME Key: HKCU\Software\APN PIP
SUPPRIME Key: HKCU\Software\Softonic
SUPPRIME Key: HKLM\Software\PIP
SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPPRIME Key: HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPPRIME Key: HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
SUPPRIME Key: HKLM\Software\Classes\Installer\Features\521D59DC299285843BFEF5F65BF2AB6D
SUPPRIME Key: HKLM\Software\Classes\Installer\Products\521D59DC299285843BFEF5F65BF2AB6D
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\521D59DC299285843BFEF5F65BF2AB6D
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
ABSENT Key: CLSID Extra Buttons: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
SUPPRIME CLSID MPSK: {2182749b-49f8-11e1-af7c-00219b0b6b0c}
SUPPRIME CLSID MPSK: {e7db4e08-4de5-11e1-b874-00219b0b6b0c}
ABSENT Key: Service: SBSDWSCService

========== Valeur(s) du Registre ==========
ABSENT [HKCU\Software\8ed7d0b63fea40]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
ABSENT [HKLM\Software\8ed7d0b63fea40]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
ABSENT RunValue: SpybotSD TeaTimer

========== Préférences navigateur ==========
PRESENT Chrome File: C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Preferences
SUPPRIME Chrome Site: http://www.holasearch.com
ABSENT Folder Chrome: C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla

========== Dossier(s) ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichier(s) ==========
SUPPRIME File: c:\windows\tasks\plus-hd-2.6-codedownloader.job
SUPPRIME File*: c:\users\parents\appdata\roaming\babsolution\shared\babmaint.exe
SUPPRIME File***: c:\program files\plus-hd-2.6\plus-hd-2.6-codedownloader.exe
ABSENT File: c:\windows\prefetch\babmaint.exe-2aec01b2.pf
ABSENT File: c:\windows\prefetch\plus-hd-2.6-codedownloader.ex-070179b6.pf
ABSENT File: c:\users\parents\appdata\roaming\babylon\log_file.txt
ABSENT File: c:\users\parents\appdata\roaming\babsolution\shared\chu.js
ABSENT Folder/File: c:\programdata\babylon
ABSENT Folder/File: c:\programdata\browserdefender
ABSENT Folder/File: c:\users\parents\appdata\roaming\babylon
ABSENT Folder/File: c:\users\parents\appdata\roaming\babsolution
SUPPRIME File: c:\users\parents\downloads\softonicdownloader_pour_geogebra.exe
SUPPRIME File: c:\users\parents\downloads\softonicdownloader_pour_geogebra (1).exe
SUPPRIME File***: c:\program files\spybot2 - search & destroy\sdwinsec.exe
ABSENT File: c:\program files\spybot2 - search & destroy\teatimer.exe
SUPPRIME File: c:\users\parents\appdata\roaming\microsoft\internet explorer\quick launch\meteo.lnk
ABSENT File: c:\users\parents\appdata\roaming\microsoft\internet explorer\quick launch\spybot - search & destroy.lnk
ABSENT File: c:\program files\spybot2 - search & destroy\spybotsd.exe
SUPPRIME File: c:\users\parents\desktop\dofus.lnk
SUPPRIME File: c:\users\parents\desktop\udisk 2.0.lnk
ABSENT File: c:\users\parents\desktop\internet - raccourci.lnk
ABSENT File: c:\windows\prefetch\tfgui.exe-9d46a754.pf
ABSENT File: c:\windows\prefetch\plus-hd-2.6-enabler.exe-d367af39.pf
ABSENT File: c:\windows\prefetch\plus-hd-2.6-firefoxinstaller.-36d052c1.pf
SUPPRIME File: c:\windows\prefetch\threatwork.exe-718f87d0.pf
SUPPRIME File: c:\windows\prefetch\sprtsvc.exe-c1ac7b98.pf
ABSENT File: c:\windows\prefetch\tfun.exe-cc1d3af2.pf
SUPPRIME File: c:\windows\prefetch\tfnotice.exe-01d957fd.pf
SUPPRIME File: c:\windows\prefetch\optproxy.exe-292a5116.pf
ABSENT File: c:\program files\spybot2 - search & destroy\sdwinsec.exe
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Tache planifiée ==========
SUPPRIME Task: EPUpdater
SUPPRIME Task: Plus-HD-2.6-codedownloader
SUPPRIME Task: {A3081DE7-5333-4B4A-BC6C-0C9BE592914C}

========== Restauration Système ==========
Point de restauration du système créé avec succès

========== Autre ==========
NON TRAITE Spybot - Search & Destroy v1.6.2


========== Récapitulatif ==========
3 : Processus mémoire
65 : Clé(s) du Registre
3 : Valeur(s) du Registre
1 : Dossier(s)
32 : Fichier(s)
1 : Logiciel(s)
3 : Préférences navigateur
3 : Tache planifiée
1 : Restauration Système
1 : Autre


End of clean in 02mn 08s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 06/06/2013 23:13:59 [4976]
C:\ZHP\ZHPFix[R2].txt - 09/06/2013 07:44:51 [9544]

@+
Patrice
0
Réponse 22 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Re,

Je t'en prie c'est normal. :)

Télécharge Malwarebytes'Anti-Malware.

Si problème essaie avec celui-ci : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/


- Enregistre-le sur ton bureau-
- Double clique sur le fichier téléchargé pour lancer le processus d'installation.
- Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte.
- Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour.
Fais le plusieurs fois jusqu'à ce qu'il te dise que tu possèdes la dernière version de base de données.

- Une fois la mise à jour terminée :
- Rends-toi dans l'onglet "Recherche"
- Sélectionne Exécuter un Examen complet.
- Sélectionne Tous les disques si proposé.
- Clique sur Rechercher.
- Le scan démarre, patiente, plusieurs heures de scan sont probables.
- À la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement, clique sur "Afficher les résultats" pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des éléments ont été détectés, clique sur Afficher les résultats.
- Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection Malwarebytes, ce qui va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
- Redémarre le pc si il le fait pas lui même.
- Une fois redémarré double-clique sur Malwarebytes' AntiMalware.
- Rends toi dans l'onglet "Rapports/logs".
- Tu cliques sur le rapport, et tu colles sont contenu dans ta prochaine réponse.


Aide en vidéo ici : http://www-youtube-com/watch?v=QYRwV6Z6Ljg&feature=youtu-be


Si tu as des questions, n'hésite pas à me les poser !

Bonne soirée,

Gabriel.
0
Réponse 23 / 44
29-57 Messages postés 58 Statut Membre
 
Merci Gabriel. Vu le contenu de ton dernier post, je te souhaite également une bonne soirée, te remercie et te dit sans doute à demain "au rapport" ;)
Patrice
0
Réponse 24 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Re,

Merci à demain. ;)

Gabriel.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 44
29-57 Messages postés 58 Statut Membre
 
Bonjour Gabriel,
J'avoue humblement je n'ai pas eu le courage d'attendre la fin de l'opération de Malwarbytes. Ce matin , en ouvrant le poste, la 1er fenêtre visible était le bloc note dont voici le contenu :

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.06.09.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Parents :: PC-DE-PARENTS [administrateur]

Protection: Activé

09/06/2013 08:23:58
mbam-log-2013-06-09 (08-23-58).txt

Type d'examen: Examen complet (C:\|D:\|E:\|G:\|H:\|I:\|K:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 878906
Temps écoulé: 2 heure(s), 16 minute(s), 39 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)


J'ai bien vu : l'examen c'est terminé normalement.
Je n'est pas trouvé : Afficher les résultats.
Du coup je n'ai rien pu sélectionner ni supprimer.
Je ne sais pas si l'ordinateur à redémarrer seul donc je l'ai fermer et redémarrer. J'ai relancer Malwarebytes et ouvert l'onglet Rapports/log. J'ai sélectionné le dernier élément puisque la date me semblait être celle d'hier (c:\ProgramData\Malwarebytes'Anti-Malware\logs\protection-log-2013-06-09.txt). Voici le contenu :

2013/06/09 00:06:23 -1200 PC-DE-PARENTS Parents MESSAGE Starting protection
2013/06/09 00:06:23 -1200 PC-DE-PARENTS Parents MESSAGE Protection started successfully
2013/06/09 00:06:23 -1200 PC-DE-PARENTS Parents MESSAGE Starting IP protection
2013/06/09 00:06:27 -1200 PC-DE-PARENTS Parents MESSAGE IP Protection started successfully
2013/06/09 04:22:47 -1200 PC-DE-PARENTS Parents MESSAGE Starting protection
2013/06/09 04:22:47 -1200 PC-DE-PARENTS Parents MESSAGE Protection started successfully
2013/06/09 04:22:47 -1200 PC-DE-PARENTS Parents MESSAGE Starting IP protection
2013/06/09 04:22:49 -1200 PC-DE-PARENTS Parents MESSAGE IP Protection started successfully
2013/06/09 04:27:17 -1200 PC-DE-PARENTS Parents MESSAGE Starting protection
2013/06/09 04:27:17 -1200 PC-DE-PARENTS Parents MESSAGE Protection started successfully
2013/06/09 04:27:17 -1200 PC-DE-PARENTS Parents MESSAGE Starting IP protection
2013/06/09 04:27:21 -1200 PC-DE-PARENTS Parents MESSAGE IP Protection started successfully
2013/06/09 08:22:31 -1200 PC-DE-PARENTS Parents MESSAGE Starting database refresh
2013/06/09 08:22:31 -1200 PC-DE-PARENTS Parents MESSAGE Stopping IP protection
2013/06/09 08:22:33 -1200 PC-DE-PARENTS Parents MESSAGE IP Protection stopped successfully
2013/06/09 08:23:02 -1200 PC-DE-PARENTS Parents MESSAGE Database refreshed successfully
2013/06/09 08:23:02 -1200 PC-DE-PARENTS Parents MESSAGE Starting IP protection
2013/06/09 08:23:05 -1200 PC-DE-PARENTS Parents MESSAGE IP Protection started successfully
2013/06/09 15:43:22 -1200 PC-DE-PARENTS Parents MESSAGE Executing scheduled update: Daily
2013/06/09 16:52:33 -1200 PC-DE-PARENTS Parents MESSAGE Starting protection
2013/06/09 16:52:33 -1200 PC-DE-PARENTS Parents MESSAGE Protection started successfully
2013/06/09 16:52:33 -1200 PC-DE-PARENTS Parents MESSAGE Starting IP protection
2013/06/09 16:52:38 -1200 PC-DE-PARENTS Parents MESSAGE IP Protection started successfully

Je te décris du mieux possible mes actions car comme cela ne semble pas tout à fait correspondre ta demande, je préfère t'informer de mon cheminement.
Petite question : nous utilisons également des clés USB ainsi qu'un petit disque dur. Faudra-t-il les examiner également ?
Bonne journée et @+
Patrice.
0
Réponse 26 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Salut,

Ok c'est bon. ;)
Oui tu peux examiner aussi avec ce logiciel tes supports externes.

A present, fais moi un nouveau rapport ZHPdiag. Et tente de regarder si AdwCleaner fonctionne.

Gabriel.
0
Réponse 27 / 44
29-57 Messages postés 58 Statut Membre
 
Bonsoir Gabriel,
Les contraintes du travail font que j'espace mes posts. Excuse-moi pour ces délais.
J'ai réessayé Adwcleaner avec l'option Supprimer. A nouveau la barre de suppression s'est bloquée à environ 1/10ème de la progression normale puis plus rien (l'ordinateur était bloqué). Seule possibilité, la coupure brutale de l'alimentation et relance du système.
J'ai lancé ZHPdiag. Voici le lien pour accéder au rapport : https://www.cjoint.com/?CFkxJ7hWfCm
@+
Patrice
0
Réponse 28 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Salut,

Ok. :)

- Copie les lignes qui sont à l'intérieur de ce lien (Ctrl + A puis Ctrl + C) : https://dl.dropboxusercontent.com/u/32869654/Pour%2029-57%202.txt


- Ouvre ZHPfix, icone seringue (Vista/7/8 : "Exécuter en tant qu'administrateur").
- Colle les lignes helpers si elles ne sont déjà présentes. Pour ce, clique sur la balise document (Coller le presse papier), à droite de l'appareil photo.
- Clique sur Go.
- Clique sur Oui pour confirmer le nettoyage des données.
- Copie le rapport, et colle-le dans la prochaine réponse sur le forum.

P.S. Si le bureau disparaît, fais Ctrl + Alt + Suppr afin d'ouvrir le gestionnaire des tâches puis dans Applications, clique sur Nouvelle tâche puis tape explorer.exe. Le bureau devrait normalent réapparaître.

/!\ Attention, ta corbeille va être vidée. Vérifie qu'il n'y ait aucun fichier supprimé par mégarde à l'intérieur. /!\

Aide en vidéo ici : https://www.youtube.com/watch?v=8gBWXPow8s0&feature=youtu.be


Si tu as des questions, n'hésite pas à me les poser.

@+

Gabriel.
0
Réponse 29 / 44
29-57 Messages postés 58 Statut Membre
 
Bonsoir Gabriel,
Bonne émission ce soir sur A2 (cache investigation : évasion fiscale) voilà la raison pour laquelle ma réponse est tardive !
Pour info, ma fille a eu un problème identique sur son ordi portable : installation de "Deal seach" en barre de recherche sur son navigateur google chrome. J'ai télécharger Adwcleaner, j'ai fait Rechercher puis Supprimer et cela a bien fonctionné. Mystère !!!!

Concernant mon ordi, voici donc le rapport de ZHPfix que tu m'as demandé :

Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-11-06-2013-23-01-08.txt
Run by Parents at 11/06/2013 23:01:08
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Corbeille vidée

========== Processus mémoire ==========
SUPPRIME Memory Process: C:\Users\Parents\Desktop\plus-hd-2-6.exe

========== Clé(s) du Registre ==========
SUPPRIME Key: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
SUPPRIME Key: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
SUPPRIME Key: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
SUPPRIME Key: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
SUPPRIME Key: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
SUPPRIME Key: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}
SUPPRIME Key: HKLM\Software\Plus-HD-2.6
SUPPRIME Key: HKCU\Software\8ed7d0b63fea40
SUPPRIME Key: HKLM\Software\8ed7d0b63fea40

========== Valeur(s) du Registre ==========
SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}
SUPPRIME [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440}
SUPPRIME [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater
ABSENT [HKCU\Software\8ed7d0b63fea40]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
ABSENT [HKLM\Software\8ed7d0b63fea40]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:INSTALL_FOLDER_NAME="BrowserDefender"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
ABSENT [HKCU\Software\8ed7d0b63fea40]:PROTECT_EXE_NAME="BrowserDefender.exe"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKCU\Software\8ed7d0b63fea40]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKCU\Software\8ed7d0b63fea40]:SERVICE_NAME="BrowserDefendert"
ABSENT [HKCU\Software\8ed7d0b63fea40]:usrcheckbox="1"
ABSENT [HKCU\Software\8ed7d0b63fea40]:version="2.6.1339.144"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:INSTALL_FOLDER_NAME="BrowserDefender"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
ABSENT [HKLM\Software\8ed7d0b63fea40]:PROTECT_EXE_NAME="BrowserDefender.exe"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
ABSENT [HKLM\Software\8ed7d0b63fea40]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
ABSENT [HKLM\Software\8ed7d0b63fea40]:SERVICE_NAME="BrowserDefendert"
ABSENT [HKLM\Software\8ed7d0b63fea40]:usrcheckbox="1"
ABSENT [HKLM\Software\8ed7d0b63fea40]:version="2.6.1339.144"

========== Préférences navigateur ==========
SUPPRIME Folder Chrome: C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl

========== Dossier(s) ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichier(s) ==========
SUPPRIME File: c:\users\parents\desktop\plus-hd-2-6.exe
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
1 : Processus mémoire
15 : Clé(s) du Registre
311 : Valeur(s) du Registre
1 : Dossier(s)
3 : Fichier(s)
1 : Préférences navigateur
1 : Restauration Système


End of clean in 02mn 59s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 06/06/2013 23:13:59 [4976]
C:\ZHP\ZHPFix[R2].txt - 09/06/2013 07:44:51 [9596]
C:\ZHP\ZHPFix[R3].txt - 11/06/2013 23:01:08 [44404]

@+
Patrice
0
Réponse 30 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Salut,

Ok. :)
HolaSearch est toujours là ?

Fais moi un nouveau ZHPdiag pour vérification.

Merci,

Gabriel.
0
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Yop
Tu m'expliques c'était quoi ce fix registre tout pourri ? ^^
0
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Salut,
Ouais j'aurai pas du mettre le reste des clés^^
0
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Il me semble aussi, tu t'es cassé la tête à virer les annotations de Zeb Help Process sur toutes les lignes en plus :p
0
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Oui je le fais sur tous les scripts ça :)
Et pas toutes puisqu'il y avait pas mal de non traitées, donc pas d'annotation sur celles ci :p
0
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Ah ouais elle passe en non traité celle là ^^
0
Réponse 31 / 44
29-57 Messages postés 58 Statut Membre
 
-Bonsoir,
Hola seach a disparu de mon navigateur. Maintenant a-t-il disparu de l'ordi ? je suis incapable de te le dire. Sans doute que le rapport que tu me demandes y répondra. Personnellement, je n'y comprends rien, c'est du chinois ! Donc voici le rapport que tu m'as demandé :

Rapport de ZHPDiag v2013.6.10.15 par Nicolas Coolman, Update du 10/06/2013
Run by Parents at 12/06/2013 19:13:23
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox 17.0.1
GCIE: Google Chrome v27.0.1453.110 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : B9HD2
Windows License : OK
Windows Automatic Updates : OK

---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Emsisoft Anti-Malware 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Ad-Aware v9.5.0

---\\ System Optimizer
CCleaner v4.02 =>Piriform Ltd

---\\ Peer To Peer (P2P)
µTorrent v3.3.0.29082 =>P2P.µTorrent

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.4 - Français
Java 7 Update 21

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3325 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 312 GB (53%) free of 586 GB

---\\ Logged in mode
~ Computer Name: PC-DE-PARENTS
~ User Name: Parents
~ All Users Names: temporaire, Parents, Maud, Matthieu, gestion, commun, ASPNET, Anaëlle, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Parents\AppData\Roaming\
~ %Desktop% : C:\Users\Parents\Desktop\
~ %Favorites% : C:\Users\Parents\Favorites\
~ %LocalAppData% : C:\Users\Parents\AppData\Local\
~ %StartMenu% : C:\Users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 312 Go of 586 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 10 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 34 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.28/10/2008 - 18:29:41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.20/01/2008 - 14:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DA5A72211661C7F162B332FEA4F09A69] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 03:00:34.) -- C:\Windows\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/01/2008 - 14:24:49.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 01:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.0D83C87A801A3DFCD1BF73893FE7518C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.31/12/2008 - 12:53:16.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.20/01/2008 - 14:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/01/2008 - 14:23:02.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 02:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/01/2008 - 14:23:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.20/01/2008 - 14:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.20/01/2008 - 14:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 00:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.20/01/2008 - 14:24:59.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/01/2008 - 14:23:51.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.01/11/2006 - 20:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/01/2008 - 14:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/01/2008 - 14:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.20/01/2008 - 14:25:00.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.20/01/2008 - 14:24:53.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/01/2008 - 14:23:21.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1510
~ Mes musiques (My Musics) : 1/66
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/40
~ Mes Documents (My Documents) : 1/162
~ Mon Bureau (My Desktop) : 1/1172
~ Menu demarrer (Programs) : 1/88
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D7080C7CA741961C60A3AAC1A1B69A84] - (.Emsi Software GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3045688] [PID.952]
[MD5.A98D17BDF713E30E23C0353AA92BBC26] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [675840] [PID.1156]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1416]
[MD5.DB29915209770D8B59654345EC2D943A] - (.Stardock Corporation - Dock Login Service.) -- C:\Program Files\Dell\DellDock\DockLogin.exe [155648] [PID.1552]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1804]
[MD5.462B0FC065F6539F070462EEB7ECB20E] - (.Lavasoft Limited - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2151640] [PID.1864]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1876]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2444]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2512]
[MD5.65F714A909311F2DC06C812A53C0F94E] - (...) -- C:\Program Files\Lupc\malupc.exe [544852] [PID.2768]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware-2\mbamscheduler.exe [418376] [PID.2808]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware-2\mbamservice.exe [701512] [PID.2828]
[MD5.9D1CCE440552500DED3A62F9D779CDB4] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [503080] [PID.2848]
[MD5.2A5578A33BAF46AFEF748ACE0F973AE7] - (.PC Tools - PC Tools ThreatFire Service.) -- C:\Program Files\ThreatFire\TFService.exe [70928] [PID.3100]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware-2\mbamgui.exe [532040] [PID.2816]
[MD5.8C7DDBBF366869A61218AB7A6802C3E9] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4452352] [PID.2940]
[MD5.9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F] - (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192] [PID.3852]
[MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.1184]
[MD5.E977A3AF3D7B55C2E88D6489D7AFD467] - (.Pas de propriétaire - DataSafeOnline.) -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600] [PID.3992]
[MD5.3917664C26B4344768C288BBA6FEFCB6] - (.SupportSoft, Inc. - Pas de description.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064] [PID.1044]
[MD5.D4383AE2470815877F78DE8F0F69DBD0] - (...) -- C:\Program Files\Lupc\infochild.exe [532564] [PID.3876]
[MD5.6A52A7525AA33C7DF2867BF3A7876E1C] - (.PC Tools - PC Tools ThreatFire Tray App.) -- C:\Program Files\ThreatFire\TFTray.exe [378128] [PID.1984]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.2936]
[MD5.4AFFDCAADCB1DBBFFAF06C7F82E7F6FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421776] [PID.2480]
[MD5.B5D64828E01A0731D6223AF7A6521821] - (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344] [PID.4056]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3916]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.528]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.1032]
[MD5.7DE00EC41F65B590753F0D15EC95B3F6] - (.Microsoft Corporation - Microsoft Encarta Dictionary Tools.) -- C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe [301776] [PID.1524]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4088]
[MD5.BC0EA61246F8D940FBC5F652D337D6BD] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [821648] [PID.5980]
[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.5852]
[MD5.98F93E72BC73292210D10FE7606977B9] - (.Lavasoft Limited - Ad-Aware Tray Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [1191216] [PID.2412]
[MD5.777115C9CC675BD98127660712D2F784] - (.SupportSoft, Inc. - SupportSoft Agent Service.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968] [PID.2528]
[MD5.2F3390C8E3620B3991D7D82014E26AA7] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [825808] [PID.5296]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.524]
[MD5.3A32FAFEEE290E6E6C058DE59EC4EC88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7478272] [PID.3756]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.6120]
[MD5.D41D8CD98F00B204E9800998ECF8427E] - (...) -- C:\Program Files\ZHPDiag\mbr.exe [89088] [PID.3072]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aaaaojmikegpiepcfdkkjaplodkpfmlo] Ask Toolbar v.7.15.23.42079 (Désactivé) =>Toolbar.Ask
G2 - GCE: Preference [User Data\Default] [bnbaboaihhkjoaolfnfoablhllahjnee] GeoGebra v.4.2.0.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ppmfajacidhcjbddpgmcmigffpppcadd] Plus-HD-2.6 v.1.23.7, (Activé)
~ Google Browser: 20 Legitimates Filtered in 00mn 15s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Parents\AppData\Roaming\Mozilla\Firefox\Profiles\vgbn7law.default\prefs.js
C:\Users\Parents\AppData\Roaming\Mozilla\Firefox\Profiles\vgbn7law.default\user.js
M3 - MFPP: Plugins - [Parents] -- C:\Program Files\Mozilla FireFox\searchplugins\MediaDICO-fr.xml
~ Firefox Browser: 44 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 14749



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} . (.Microsoft Corporation - Microsoft Encarta Web Companion.) -- C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} . (.Dell Inc. - BAE.dll.) -- C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} Clé orpheline
~ BHO: 26 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Compagnon Web Encarta - [HKLM]{147D6308-0614-4112-89B1-31402F9B82C4} . (.Microsoft Corporation - Microsoft Encarta Web Companion.) -- C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.dll
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe IE plugin.) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Google Desktop Search] . (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] . (.Pas de propriétaire - DataSafeOnline.) -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
O4 - HKLM\..\Run: [dellsupportcenter] . (.SupportSoft, Inc. - Pas de description.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
O4 - HKLM\..\Run: [lupc] . (...) -- C:\Program Files\Lupc\infochild.exe
O4 - HKLM\..\Run: [ThreatFire] . (.PC Tools - PC Tools ThreatFire Tray App.) -- C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CloneCDTray] . (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKCU\..\Run: [E06FXLRD_2114889] . (.Microsoft Corporation - Microsoft Encarta Dictionary Tools.) -- C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1563574918-745387030-823163246-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1563574918-745387030-823163246-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1563574918-745387030-823163246-1000\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-21-1563574918-745387030-823163246-1000\..\Run: [E06FXLRD_2114889] . (.Microsoft Corporation - Microsoft Encarta Dictionary Tools.) -- C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe
O4 - HKUS\S-1-5-21-1563574918-745387030-823163246-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1563574918-745387030-823163246-1000\..\Run: [Google Update] C:\Users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Emsisoft Anti-Malware.lnk . (.Emsi Software GmbH - Security Center.) -- C:\Program Files\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch: GeoGebra.lnk . (.International GeoGebra Institute - GeoGebra.) -- C:\Program Files\GeoGebra 4.2\GeoGebra.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\QuickLaunch: SnagIt 6.lnk . (.TechSmith Corporation - SnagIt - La capture d'écran sous Windows.) -- C:\Program Files\TechSmith\SnagIt 6\SnagIt32.exe
O4 - GS\QuickLaunch: SolidWorks eDrawings 2010.lnk . (.Dassault Systèmes SolidWorks Corp. - EModelViewer Module.) -- C:\Program Files\Common Files\eDrawings2010\EModelViewer.exe
O4 - GS\QuickLaunch: ThreatFire.lnk . (.PC Tools - File Description.) -- C:\Program Files\ThreatFire\TFGui.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Parents\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Dofus2.lnk . (...) -- C:\Program Files\Dofus2\app\UpLauncher.exe
O4 - GS\Desktop: echanges (PC-DE-PARENTS) -.lnk . (...) -- \\PC-DE-PARENTS\echanges
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Dofus.lnk . (...) -- C:\Program Files\Dofus\UpLauncher.exe (.not file.)
O4 - GS\QuickLaunch: DofusArena.lnk . (...) -- C:\Program Files\dofus arena\DofusArena\UpLauncher.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Wakfu.lnk . (...) -- C:\Program Files\Wakfu\UpLauncher.exe (.not file.)
O4 - GS\Desktop: AMCAP.lnk . (...) -- C:\Program Files\SEUCDaS\0.8\vcp\amcap\amcap.exe
O4 - GS\Desktop: Dofus 2.lnk . (...) -- C:\Program Files\Dofus 2\app\UpLauncher.exe (.not file.)
O4 - GS\Desktop: Dorgem.lnk . (...) -- C:\Program Files\SEUCDaS\0.8\vcp\dorgem\Dorgem.chm
O4 - GS\Desktop: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Securitoo\Contrôle Parental\securitoo_controle_parentalv41.exe
O4 - GS\Desktop: OV519CAP.lnk . (.OmniVision Technologies, Inc. - OV519 Still Image Capture Program.) -- C:\Program Files\SEUCDaS\0.8\vcp\ov519cap\OV519CAP.exe
O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - GS\Desktop: Useful Links.lnk . (...) -- C:\Program Files\SEUCDaS\0.8\docs\websites.htm
O4 - GS\Desktop: Wakfu.lnk . (...) -- C:\Program Files\Wakfu\UpLauncher.exe (.not file.)
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\QuickLaunch: Ares.lnk . (...) -- C:\Program Files\Ares\Ares.exe (.not file.)
O4 - GS\Desktop: audacity - Raccourci.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) -- C:\audacity\Audacity 1.3 Beta (Unicode)\audacity.exe
O4 - GS\Desktop: Dofus2.lnk . (...) -- C:\Program Files\dofus2\app\UpLauncher.exe
O4 - GS\Desktop: Internet - Raccourci.lnk - Clé orpheline
~ Global Startup: Scanned in 00mn 06s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2608BBBC-C912-4545-BBF3-933C1BCE835E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{78F10025-D0D1-4C47-9734-CA34A077B887}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2608BBBC-C912-4545-BBF3-933C1BCE835E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{78F10025-D0D1-4C47-9734-CA34A077B887}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2608BBBC-C912-4545-BBF3-933C1BCE835E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{78F10025-D0D1-4C47-9734-CA34A077B887}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GoToAssist . (.Citrix Online, a division of Citrix Systems - Citrix Online GoToAssist.) -- C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) . (.Emsi Software GmbH - Emsisoft Anti-Malware Service.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft Limited - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Limitation du temps de connexion des uti (Lupc) . (...) - C:\Program Files\Lupc\malupc.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) . (.Orange - Contrôle Parental.) - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: ThreatFire (ThreatFire) . (.PC Tools - PC Tools ThreatFire Service.) - C:\Program Files\ThreatFire\TFService.exe
~ Services: 16 Legitimates Filtered in 01mn 03s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Matthieu\fond-ecran-pomme-3d.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Matthieu\fond-ecran-pomme-3d.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.6-chromeinstaller.job [1884]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.6-enabler.job [1090]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job [1810]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.6-updater.job [1186]
[MD5.456F40DD726AD2CDA699D9053D37159C] [APT] [Ad-Aware Update (Weekly)] (.Lavasoft Limited.) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [1744312]
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.6-chromeinstaller] (...) -- C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.6-enabler] (...) -- C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-enabler.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.6-firefoxinstaller] (...) -- C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.6-updater] (...) -- C:\Program Files\Plus-HD-2.6\Plus-HD-2.6-updater.exe (.not file.) [0]
[MD5.AEF195FC98A19DB3BAF3A88D8708AFBF] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [137864] =>Toolbar.Ask
[MD5.1AB60A16E8A8B9628CE0C10000BA9794] [APT] [{84DA9872-08E3-4922-A432-5CD496A1B397}] (...) -- C:\Program Files\Glary Utilities\unins000.exe [687071]
~ Scheduled Task: 80 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ad-Aware - (.Lavasoft Limited.) [HKLM] -- {D56B3391-1DAB-4AB3-AFF5-D55457911BBB}
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: Crazy Taxi - (...) [HKLM] -- {F68A7F48-9F26-4FB1-A7C2-DF3C0F2D849C}
O42 - Logiciel: Il était une fois la vie - (...) [HKLM] -- Il était une fois la vie
O42 - Logiciel: LUPC 2.9.0 - (.M.A..) [HKLM] -- LUPC_is1
O42 - Logiciel: La petite sirène 2 Retour à l'océan - (...) [HKLM] -- Little Mermaid 2
O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}
O42 - Logiciel: USB Storage R/W v1.16r064 - (...) [HKLM] -- {BD0D05C2-35DD-11D6-B121-00E07DBBAB6C}
O42 - Logiciel: USB-Flash Disk - (...) [HKLM] -- {E9DF086C-8771-4DA0-919B-5437CA1F12A7}
~ Logic: 152 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\Ask.com]
[HKCU\Software\PCTools]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Child]
[HKLM\Software\Digital Basic]
[HKLM\Software\IncrediMail]
[HKLM\Software\PCTools]
~ Key Software: 228 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/06/2013 - 04:25:26 - [3,515] ----D C:\Program Files\Ask.com
O43 - CFD: 31/12/2008 - 05:28:13 - [2,594] ----D C:\Program Files\HCW85
O43 - CFD: 11/02/2009 - 10:44:51 - [6,147] ----D C:\Program Files\Lupc
O43 - CFD: 12/10/2011 - 08:48:45 - [11,779] ----D C:\Program Files\mChicheReplay
O43 - CFD: 05/03/2013 - 22:23:52 - [18,628] ----D C:\Program Files\ThreatFire
O43 - CFD: 18/05/2011 - 01:22:14 - [10,854] ----D C:\Program Files\TLC
O43 - CFD: 02/06/2010 - 09:51:11 - [0,071] ----D C:\Program Files\USB Storage RW
O43 - CFD: 12/06/2013 - 19:14:32 - [0,117] ----D C:\Program Files\Common Files\lupc
O43 - CFD: 11/02/2009 - 10:20:42 - [0,013] ----D C:\Program Files\Common Files\lupc-1
O43 - CFD: 05/06/2013 - 03:09:41 - [0,308] ----D C:\Users\Parents\AppData\Roaming\File Scout
O43 - CFD: 06/06/2013 - 22:48:40 - [0] ----D C:\Users\Parents\AppData\Roaming\PerformerSoft
O43 - CFD: 09/06/2013 - 04:25:07 - [0,192] ----D C:\Users\Parents\AppData\Local\APN
O43 - CFD: 06/06/2011 - 04:50:57 - [0,188] ----D C:\Users\Parents\AppData\Local\TempFichierSauvegardeSW
O43 - CFD: 11/02/2009 - 10:44:47 - [0,002] ----D C:\Users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilisation PC
~ Program Folder: 262 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.304C73BF906D14613B9723DB168D98DD] - 12/06/2013 - 18:52:46 ---A- . (...) -- C:\error.log [1254151]
O44 - LFC:[MD5.056AEBC949F71EBD69446E87926053EF] - 12/06/2013 - 18:52:23 ---A- . (...) -- C:\aaw7boot.log [467993]
O44 - LFC:[MD5.A6FE44B5183EA72FBF861D5D2494E933] - 09/06/2013 - 04:03:55 ---A- . (...) -- C:\Windows\ntbtlog.txt [220846]
O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 09/06/2013 - 03:46:37 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003]
O44 - LFC:[MD5.39295C973480FD6470F8726E0ED9C899] - 07/06/2013 - 18:42:47 ---A- . (...) -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [102296]
~ Files: 26 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E388FB3DE26FA3B32463D7F13527A1D2] - 09/06/2013 - 15:08:01 ---A- - C:\Windows\Prefetch\PLUS-HD-2.6-ENABLER.EXE-D367AF39.pf
O45 - LFCP:[MD5.10FAAD4A1C8AD13FF2B9FC98B9B931BE] - 09/06/2013 - 15:08:03 ---A- - C:\Windows\Prefetch\PLUS-HD-2.6-FIREFOXINSTALLER.-36D052C1.pf
O45 - LFCP:[MD5.7BD4CF7569E9B5F165622D3BE9FB3FDA] - 10/06/2013 - 22:40:50 ---A- - C:\Windows\Prefetch\PDFTOTEXT.EXE-0D0B40F3.pf
O45 - LFCP:[MD5.81E75076A2D23A06322EF9CFEC203CBA] - 10/06/2013 - 22:58:48 ---A- - C:\Windows\Prefetch\OPTPROXY.EXE-292A5116.pf
O45 - LFCP:[MD5.06ACDB29B50DF63ECDAFA4429EB588A5] - 11/06/2013 - 23:15:00 ---A- - C:\Windows\Prefetch\TFNOTICE.EXE-01D957FD.pf
O45 - LFCP:[MD5.3DF709C8057FDE11AB6457B9F99890FD] - 12/06/2013 - 07:04:58 ---A- - C:\Windows\Prefetch\TFSERVICE.EXE-51582F98.pf
O45 - LFCP:[MD5.BF01B593518B2ECCCC39988DE0DEB60B] - 12/06/2013 - 18:54:48 ---A- - C:\Windows\Prefetch\AAWTRAY.EXE-AE63BC5E.pf
O45 - LFCP:[MD5.8BD0FE46D4231E51A79C0C79C83B5237] - 12/06/2013 - 18:55:14 ---A- - C:\Windows\Prefetch\THREATWORK.EXE-718F87D0.pf
O45 - LFCP:[MD5.E878F2E133615FE4AD287E5C88BF6736] - 12/06/2013 - 18:55:15 ---A- - C:\Windows\Prefetch\AD-AWAREADMIN.EXE-D0D13FD8.pf
O45 - LFCP:[MD5.4C2DEA090E22F9550ACF19BF031E78E4] - 12/06/2013 - 18:56:27 ---A- - C:\Windows\Prefetch\SPRTSVC.EXE-C1AC7B98.pf
O45 - LFCP:[MD5.5E3A5E61F8FCE5B73F8E7920A59BC2CF] - 12/06/2013 - 19:02:59 ---A- - C:\Windows\Prefetch\TFUN.EXE-CC1D3AF2.pf
~ Prefetcher: 129 Legitimates Filtered in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\OPTENET_GUI [Key] . (.Orange - Contrôle Parental.) -- C:\Program Files\Controle Parental\bin\OPTGui.exe
O53 - SMSR:HKLM\...\startupreg\ShowIcon_Winbond Electronics Corp._USB Storage R/W v1.16r064 [Key] . (.MyComp - shwicon.) -- C:\Program Files\USB Storage RW\shwicon.exe
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 20/01/2008 - 14:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 01/11/2006 - 19:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 03/12/2015 - 23:06:38 ---A- C:\Users\Parents\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll [14744]
O61 - LFC: 12/06/2013 - 13:19:20 ---A- C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269813]
O61 - LFC: 12/06/2013 - 19:12:33 ---A- C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Local State [47221]
O61 - LFC: 25/06/2033 - 04:56:16 ---A- C:\Users\Parents\AppData\Roaming\Microsoft\OIS\Toolbars.dat [666]
~ 9 Fichiers temporaires (Temporary files)
~ Files: 101 Legitimates Filtered in 00mn 09s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 18/08/2011 - C:\Windows\System32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD
~ Legacy: 87 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.2JLDOC2BXJFBSHKX6UJXOT24ZE> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Parents\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome.IXWTZVXX73ITPEWAXHTRNXCBCQ> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Parents\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome.Q4UQNEGS4ZVTL33VZ4U2F6WF6M> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Parents\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {2F73FC98-C4D6-4553-97AF-1469CD5A9848} - (Yahoo!Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {70D46D94-BF1E-45ED-B567-48701376298E} - (Google Desktop) - http://127.0.0.1:4664/search&s=uX6tvmODLctbPNwTni4S-cu-xSs?q={searchTerms}
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\LaCie\ACDSee Pro v.2.5.332 + KeyGen_DnGnMsTr\acdseepro-2-5-332-en.exe
C:\LaCie\ACDSee Pro v.2.5.332 + KeyGen_DnGnMsTr\acdseepro-2-5-332-en.exe
C:\LaCie\ACDSee Pro v.2.5.332 + KeyGen_DnGnMsTr\acdseepro-2-5-332-en.exe
~ Files: Scanned in 04mn 08s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.970971B2FD130AB62621AFA88931579A] [SPRF][02/02/2009] (...) -- C:\Users\Parents\AppData\Local\d3d9caps.dat [680]
[MD5.9101ECA8C97CB5A0345AA70307F51D11] [SPRF][18/01/2009] (...) -- C:\Users\Parents\AppData\Local\fusioncache.dat [95]
[MD5.6AC365B716BF5C77A64708F9A5AA004A] [SPRF][12/06/2013] (...) -- C:\Users\Parents\AppData\Local\Temp\mbr.sys [25088]
[MD5.71ED72BA5069E10C2B2838169778879E] [SPRF][30/11/2009] (.Dell, Inc. - Setup Launcher Unicode.) -- C:\Users\Parents\AppData\Roaming\DataSafeDotNet.exe [8653312]
[MD5.CCC5ED90EB3D538499005BA0CEB8F226] [SPRF][26/08/2012] (...) -- C:\Users\Parents\AppData\Roaming\wklnhst.dat [17492]
[MD5.71686CDE16E0766DE3A908439101AE47] [SPRF][05/06/2013] (.International GeoGebra Institute - GeoGebra Installer.) -- C:\Users\Parents\Desktop\GeoGebra-Windows-Installer-4-2-47-0.exe [29623968]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648]
[MD5.0C135B4FEFF52ED92CF08BB3F0A75A90] [SPRF][10/09/2006] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [484272]
~ Files: Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (10/06/2013)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo] =>Toolbar.Ask
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Users\Parents\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
~ Additionnel Scan: 354703 Items scanned in 00mn 32s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>Toolbar.Ask
O90 - PUC: "C04AC77760206FE40ACF16B80FB68F0D" . (..) -- C:\Windows\Installer\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}\ARPPRODUCTICON.exe
~ Update Products: 140 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/11/2012 3045688 | (a2AntiMalware) . (.Emsi Software GmbH.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
SS - | Demand 23/01/2009 69632 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 20/05/2008 675840 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 08/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 23/09/2008 155648 | (DockLoginService) . (.Stardock Corporation.) - C:\Program Files\Dell\DellDock\DockLogin.exe
SS - | Demand 18/07/2010 30192 | (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Demand 31/12/2008 16680 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
SS - | Auto 28/09/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/09/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 12/09/2011 2151640 | (Lavasoft Ad-Aware Service) . (.Lavasoft Limited.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 544852 | (Lupc) . (...) - C:\Program Files\Lupc\malupc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware-2\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware-2\mbamservice.exe
SS - | Demand 27/01/2013 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SS - | Auto 05/12/2006 624504 | (OPTENET_FILTER) . (.Orange.) - C:\Program Files\Controle Parental\bin\optproxy.exe
SS - | Auto 09/11/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 21/03/2010 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
SR - | Auto 04/10/2008 201968 | (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
SR - | Auto 14/01/2010 70928 | (ThreatFire) . (.PC Tools.) - C:\Program Files\ThreatFire\TFService.exe
SS - | Auto 20/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Parents at 12/06/2013 19:20:39

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1604 Legitimates filtered by white list
End of the scan (657 lines in 07mn 15s)(3)


Peux-tu en qqs mots m'expliquer ce que fait ZHPdiag et ZHPfix. A quoi correspondent toutes ces lignes ? comment les lit-on ?
Merci
@+
Patrice
0
Réponse 32 / 44
29-57 Messages postés 58 Statut Membre
 
Bonjour Gabriel,
Je m'étonne de ne plus avoir de réponse.
Si tu penses que le problème est définitivement résolu, Fait moi le savoir et je souhaite également te remercier vivement pour le temps que tu as consacré à résoudre notre difficulté ;)
Patrice.
0
Réponse 33 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Salut,

Oups, je suis désolé, je suis passé à côté de ta réponse... Tu as bien fait de relancer.

- Copie les lignes qui sont à l'intérieur de ce lien (Ctrl + A puis Ctrl + C) : https://dl.dropboxusercontent.com/u/32869654/Pour%2029-57%203.txt


- Ouvre ZHPfix, icone seringue (Vista/7/8 : "Exécuter en tant qu'administrateur").
- Colle les lignes helpers si elles ne sont déjà présentes. Pour ce, clique sur la balise document (Coller le presse papier), à droite de l'appareil photo.
- Clique sur Go.
- Clique sur Oui pour confirmer le nettoyage des données.
- Copie le rapport, et colle-le dans la prochaine réponse sur le forum.

P.S. Si le bureau disparaît, fais Ctrl + Alt + Suppr afin d'ouvrir le gestionnaire des tâches puis dans Applications, clique sur Nouvelle tâche puis tape explorer.exe. Le bureau devrait normalent réapparaître.

/!\ Attention, ta corbeille va être vidée. Vérifie qu'il n'y ait aucun fichier supprimé par mégarde à l'intérieur. /!\

Aide en vidéo ici : https://www.youtube.com/watch?v=8gBWXPow8s0&feature=youtu.be


Si tu as des questions, n'hésite pas à me les poser.

@+

Gabriel.
0
Réponse 34 / 44
29-57 Messages postés 58 Statut Membre
 
Bonsoir Gabriel,
Voici le dernier rapport de ZHPfix :

Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
Fichier d'export Registre :
Run by Parents at 15/06/2013 08:04:02
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Corbeille vidée

========== Logiciel(s) ==========
ABSENT Software Key: {86D4B82A-ABED-442A-BE86-96357B70F4FE}
ABSENT Software Key: {79A765E1-C399-405B-85AF-466F52E918B0}

========== Clé(s) du Registre ==========
ABSENT Key: HKCU\Software\APN
ABSENT Key: HKCU\Software\AppDataLow\Software\AskToolbar
ABSENT Key: HKCU\Software\Ask.com
ABSENT Key: HKLM\Software\APN
ABSENT Key: HKLM\Software\AskToolbar
ABSENT Key: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ABSENT Key: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
ABSENT Key: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
ABSENT Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
ABSENT Key: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
ABSENT Key: HKLM\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
ABSENT Key: \Software\Classes\Installer\Products\\A28B4D68DEBAA244EB686953B7074FEF

========== Préférences navigateur ==========
ABSENT Folder Chrome: C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmfajacidhcjbddpgmcmigffpppcadd
ABSENT Folder Chrome: C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

========== Dossier(s) ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichier(s) ==========
ABSENT File: c:\windows\tasks\plus-hd-2.6-enabler.job
ABSENT File: c:\windows\tasks\plus-hd-2.6-updater.job
ABSENT Folder/File: c:\program files\ask.com\updatetask.exe
ABSENT Folder/File: c:\program files\ask.combar
ABSENT Folder/File: c:\users\parents\appdata\locallow\asktoolbartbar
ABSENT File: c:\windows\prefetch\plus-hd-2.6-enabler.exe-d367af39.pf
ABSENT File: c:\windows\prefetch\plus-hd-2.6-firefoxinstaller.-36d052c1.pf
ABSENT File: c:\windows\prefetch\pdftotext.exe-0d0b40f3.pf
ABSENT File: c:\windows\prefetch\optproxy.exe-292a5116.pf
ABSENT File: c:\windows\prefetch\tfnotice.exe-01d957fd.pf
ABSENT File: c:\windows\prefetch\tfservice.exe-51582f98.pf
ABSENT File: c:\windows\prefetch\aawtray.exe-ae63bc5e.pf
ABSENT File: c:\windows\prefetch\threatwork.exe-718f87d0.pf
ABSENT File: c:\windows\prefetch\ad-awareadmin.exe-d0d13fd8.pf
ABSENT File: c:\windows\prefetch\sprtsvc.exe-c1ac7b98.pf
ABSENT File: c:\windows\prefetch\tfun.exe-cc1d3af2.pf
ABSENT Folder/File: c:\users\parents\appdata\local\temp\mbr.sys
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Tache planifiée ==========
ABSENT Task: Plus-HD-2.6-chromeinstaller
ABSENT Task: Plus-HD-2.6-enabler
ABSENT Task: Plus-HD-2.6-firefoxinstaller
ABSENT Task: Plus-HD-2.6-updater
ABSENT Task: Scheduled Update for Ask Toolbar

========== Restauration Système ==========
Point de restauration du système créé avec succès

========== Autre ==========
NON TRAITE [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]TBar
NON TRAITE [HKCU\Software\Ask.com]Bar
NON TRAITE [HKCU\Software\AppDataLow\Software\AskToolbar]TBar
NON TRAITE [HKLM\Software\AskToolbar]TBar
NON TRAITE [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}]Bar


========== Récapitulatif ==========
34 : Clé(s) du Registre
1 : Dossier(s)
19 : Fichier(s)
2 : Logiciel(s)
2 : Préférences navigateur
5 : Tache planifiée
1 : Restauration Système
5 : Autre


End of clean in 00mn 13s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 06/06/2013 23:13:59 [4976]
C:\ZHP\ZHPFix[R2].txt - 09/06/2013 07:44:51 [9596]
C:\ZHP\ZHPFix[R3].txt - 11/06/2013 23:01:08 [44457]
C:\ZHP\ZHPFix[R4].txt - 15/06/2013 07:55:55 [7267]
C:\ZHP\ZHPFix[R5].txt - 15/06/2013 08:00:21 [6903]
C:\ZHP\ZHPFix[R6].txt - 15/06/2013 08:04:02 [6903]

@+
Patrice
0
Réponse 35 / 44
29-57 Messages postés 58 Statut Membre
 
Bonsoir,
Ce fut un peu laborieux pour le coup ! Je m'y suis repris à 3 fois. Etrangement le temps mis pour faire le diag c'est réduit : 14mn puis 12mn et enfin 7mn. C'est ce dernier que tu trouveras ici :
https://www.cjoint.com/?CFpx6pAXCnR
A demain.
Patrice
0
Réponse 36 / 44
29-57 Messages postés 58 Statut Membre
 
Bonjour Gabriel,
Je n'avais pas bien compris le sens de ta phrase ! Je me demandais s'il s'agissait d'une question ou d'une affirmation avec un point ? à travers lequel tu te posais la question pourquoi est-il présent ?
Comme je te l'ai dit dans un précédent post, holasearch n'apparaît plus comme barre de recherche. Maintenant, je pensais que les différents diags (pour lesquel je ne comprends rien !) te confirmaient cet état. L'ordi à l'air de bien se comporter.
As-tu vu au travers des différents diags des éléments qu'il serait souhaitable d'éliminer et qui ralentissent le PC.
Merci pour ta réponse.
Patrice
0
Réponse 37 / 44
29-57 Messages postés 58 Statut Membre
 
Bonjour Gabriel,
Il m'a fallu du temps pour réaliser tout ce que tu avais indiqué.
Voici les 2 rapport que tu as demandé :
1°) Delfix :

# DelFix v10.3 - Rapport créé le 18/06/2013 à 11:38:55
# Mis à jour le 08/06/2013 par Xplode
# Nom d'utilisateur : Parents - PC-DE-PARENTS
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\Users\Parents\Downloads\SecurityCheck.exe

########## - EOF - ##########

2°) security check :

Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 1 x86 (UAC is enabled)
[url=https://support.microsoft.com/en-us/windows/install-windows-vista-service-pack-2-sp2-468d1d75-4f9b-0855-6900-47d65cbdac1b][color=red][b]Out of date service pack!![/color][/url][/b]
[b][u]''''''''''''''Antivirus/Firewall Check:''''''''''''''[/b][/u]
Lavasoft Ad-Watch Live! Antivirus
avast! Antivirus
Antivirus up to date!
[b][u]'''''''''Anti-malware/Other Utilities Check:'''''''''[/b][/u]
Ad-Aware
MVPS Hosts File
ThreatFire
Malwarebytes Anti-Malware version 1.75.0.1300
TuneUp Companion 2.0.10
CCleaner
Java(TM) 6 Update 33
Java 7 Update 21
Java(TM) 6 Update 7
Adobe Flash Player 11.7.700.169
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox 17.0.1 [color=red][b]Firefox out of Date![/b][/color]
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
[b][u]''''''''Process Check: objlist.exe by Laurent''''''''[/b][/u]
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Emsisoft Anti-Malware a2service.exe
Lupc malupc.exe
Malwarebytes' Anti-Malware-2 mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
[b][u]'''''''''''''''''System Health check'''''''''''''''''[/b][/u]
Total Fragmentation on Drive C: %
[b][u]''''''''''''''''''''End of Log''''''''''''''''''''''[/b][/u]

Quant à la défragmentation avec Defraggler durée une nuit complète !!!
@+
Patrice
0
Réponse 38 / 44
29-57 Messages postés 58 Statut Membre
 
Rebonjour,
Sur le bureau, j'ai trouvé ce 2ème rapport je ne sais pas s'il peut être utile pour ton analyse. Je le joins pour ton appréciation :

Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 1 x86 (UAC is enabled)
[url=https://support.microsoft.com/en-us/windows/install-windows-vista-service-pack-2-sp2-468d1d75-4f9b-0855-6900-47d65cbdac1b][color=red][b]Out of date service pack!![/color][/url][/b]
[b][u]''''''''''''''Antivirus/Firewall Check:''''''''''''''[/b][/u]
Lavasoft Ad-Watch Live! Antivirus
avast! Antivirus
Antivirus up to date!
[b][u]'''''''''Anti-malware/Other Utilities Check:'''''''''[/b][/u]
Ad-Aware
MVPS Hosts File
ThreatFire
Malwarebytes Anti-Malware version 1.75.0.1300
TuneUp Companion 2.0.10
CCleaner
Java(TM) 6 Update 33
Java 7 Update 21
Java(TM) 6 Update 7
Adobe Flash Player 11.7.700.169
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox 17.0.1 [color=red][b]Firefox out of Date![/b][/color]
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
[b][u]''''''''Process Check: objlist.exe by Laurent''''''''[/b][/u]
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Emsisoft Anti-Malware a2service.exe
Lupc malupc.exe
Malwarebytes' Anti-Malware-2 mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
[b][u]'''''''''''''''''System Health check'''''''''''''''''[/b][/u]
Total Fragmentation on Drive C: %
[b][u]''''''''''''''''''''End of Log''''''''''''''''''''''[/b][/u]

@+
Patrice
0
Réponse 39 / 44
29-57 Messages postés 58 Statut Membre
 
Bonsoir Gabriel,
Tout terminé peut-être pas. Je n'ai pas encore vacciné tous les supports (clés USB, disques durs externes) mais je vais le faire. Il faut pour cela que je récupère l'ensemble des supports et cela suppose que les différents utilisateurs n'en aient pas besoin. Or il y a des examens chez moi en ce moment (bac entre autres) qui rendent les susceptibilités très exacerbées. Mais j'ai bon espoir ;)
J'ai mis à jour adobe reader et firefox. Mais j'ai eu une drôle de surprise en ouvrant firefox. Dans la barre d'onglet, il y avait encore holasearch. Dans les options, son adresse figurait comme page d'accueil. J'ai supprimé l'onglet et j'ai remplacé dans "Outils" "Options" son adresse par celle de google.fr. Maintenant, quand je lance Firefox "holasearch" n'apparaît plus.
Qu'en penses-tu ?
@+
Patrice
0
Réponse 40 / 44
2011N2 Messages postés 13352 Date d'inscription   Statut Contributeur sécurité Dernière intervention   917
 
Salut,

Ok. :)
Concernant HolaSearch sur Firefox, est-ce que tu sais si à un moment de la désinfection il est parti, après une manipulation que j'ai donnée ?
Car si c'est revenu, c'est embêtant, mais s'il n'est jamais parti, ce n'est pas étonnant d'avoir cette manipulation à faire pour l'éradiquer entièrement. ;)

Gabriel.
0