PC lent internet très lent
Utilisateur anonyme
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
mon pc est lent et chaque page d'internet met au moins une minute à s'ouvrir!...
je vous joint les divers rapports conseillés sur le site: zhp diag, mbam, avira antivir
Merci
Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013
Run by Administrat at 21/06/2013 20:31:07
WebSite: https://nicolascoolman.webs.com/
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 9.0.1 (Defaut)
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : MQ3CQ
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
Avira AntiVir Personal - Free Antivirus v10.2.0.167
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.22 =>Piriform Ltd
---\\ Peer To Peer (P2P)
eMule
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 299 GB (65%) free of 454 GB
---\\ Logged in mode
~ Computer Name: PC
~ User Name: Administrat
~ All Users Names: UpdatusUser, Joëlle_2, Cris, Amand, Administrateur, Administrat,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Administrat\AppData\Roaming\
~ %Desktop% : C:\Users\Administrat\Desktop\
~ %Favorites% : C:\Users\Administrat\Favorites\
~ %LocalAppData% : C:\Users\Administrat\AppData\Local\
~ %StartMenu% : C:\Users\Administrat\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 299 Go of 454 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 30 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 1/176
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 0/23
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.013A330F16B1CECBDE5CB6F921689523] - (...) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728] [PID.2264]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.484]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.628]
[MD5.FB85F333D10B1475650C4304F99A1ECE] - (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [44784] [PID.3052] =>Adware.MapsGalaxy
[MD5.35D6CAAA9E4D82974A74DBDB53801F98] - (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096] [PID.856] =>Adware.MapsGalaxy
[MD5.2D821AFA5A1A9CA7F9F997A1AAD09E72] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe [168960] [PID.1712]
[MD5.5132FB1B120FB3FB5442008422FFEF4D] - (.Avira GmbH - Antivirus Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [400040] [PID.5936]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.2796]
[MD5.1A113EB5F555F55A031BFACF6A57DC6E] - (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe [2388336] [PID.4928]
[MD5.2D322383B45CF3726675FC887A657160] - (.Apple Inc. - WebKit2WebProcess.exe.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe [14184] [PID.5108]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.5664]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5876]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.884]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.900]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1196]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1292]
[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.1844]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2144]
[MD5.3CCE4AFA4AACDB28E01A148394212186] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.2172]
[MD5.7EF47644B74EBE721CC32211D3C35E76] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.2204]
[MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.2240]
[MD5.622FCF264119F7DF127BE353F796B319] - (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504] [PID.2324] =>Adware.MapsGalaxy
[MD5.C5052FB77AA42ED440F9F6B4E37145A9] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [869672] [PID.2496]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\system32\IoctlSvc.exe [81920] [PID.2580]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.3928]
[MD5.01CA6E9F4E6E8B2DBE0D365CCAA312C1] - (.Avira GmbH - On-Demand Scanner.) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe [484008] [PID.4696]
~ Processes Running: Scanned in 00mn 33s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\prefs.js
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\user.js
M3 - MFPP: Plugins - [Administrat] -- C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Administrat] -- C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\searchplugins\delta.xml
M0 - MFSP: prefs.js [Administrat - faes9ovn.default]
M2 - MFEP: prefs.js [Administrat - faes9ovn.default\39ffxtbr@MapsGalaxy_39.com] [] MapsGalaxy v2.73.1.10084 (..) =>Adware.MapsGalaxy
M2 - MFEP: prefs.js [Administrat - faes9ovn.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
P2 - FPN: [HKLM] [@MapsGalaxy_39.com/Plugin] - (.MindSpark - MindSpark Toolbar Platform Plugin Stub for 32-bit Windows.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll =>Adware.MapsGalaxy
~ Firefox Browser: 46 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll =>Adware.MapsGalaxy
O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} . (.MindSpark - MindSpark Search Assistant.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll =>Adware.MapsGalaxy
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll =>Toolbar.DeltaSearch
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: barre d'outils Orange - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O3 - Toolbar: MapsGalaxy - [HKLM]{364ea597-e728-4ce4-bb4a-ed846ef47970} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll =>Adware.MapsGalaxy
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll =>Toolbar.DeltaSearch
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [MapsGalaxy Search Scope Monitor] . (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe =>Adware.MapsGalaxy
O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] . (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe =>Adware.MapsGalaxy
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] . (.Pas de propriétaire - Setup/Uninstall.) -- C:\Windows\is-PPJCO.exe
O4 - HKUS\S-1-5-18\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: FormatFactory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Skype.lnk - Clé orpheline
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 06s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7636244C-31B3-4E5A-BBF4-E4B6ED8E18A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E74ADCC2-77F9-4473-858A-FAD76961B96F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{7636244C-31B3-4E5A-BBF4-E4B6ED8E18A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E74ADCC2-77F9-4473-858A-FAD76961B96F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{7636244C-31B3-4E5A-BBF4-E4B6ED8E18A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E74ADCC2-77F9-4473-858A-FAD76961B96F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BrowserDefendert (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) . (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe =>Adware.MapsGalaxy
O23 - Service: (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
~ Services: 15 Legitimates Filtered in 38mn 18s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\img27.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.0F131210712F7005C3ABE7A9FABF47BA] [APT] [Your File Updater] (.http://yourfiledownloader.com.) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe [245168] =>PUP.YourFileDownloader
~ Scheduled Task: 16 Legitimates Filtered in 00mn 35s
---\\ Logiciels installés (O42)
O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: MapsGalaxy Toolbar - (.Mindspark Interactive Network.) [HKLM] -- MapsGalaxy_39bar Uninstall =>Adware.MapsGalaxy
~ Logic: 128 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5b6d98be56fba14]
[HKCU\Software\AppDataLow\Software\Giant Savings] =>Adware.VidSaver
[HKCU\Software\AppDataLow\Software\MapsGalaxy_39] =>Adware.MapsGalaxy
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKLM\Software\5b6d98be56fba14]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\MapsGalaxy_39] =>Adware.MapsGalaxy
[HKLM\Software\YourFileDownloader] =>PUP.YourFileDownloader
[HKLM\Software\ilivid] =>Adware.Bandoo
~ Key Software: 198 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/06/2013 - 19:05:53 - [2,336] ----D C:\Program Files\Delta
O43 - CFD: 23/12/2009 - 20:34:15 - [20,446] ----D C:\Program Files\IncrediMail
O43 - CFD: 23/04/2013 - 22:47:20 - [8,116] ----D C:\Program Files\MapsGalaxy_39 =>Adware.MapsGalaxy
O43 - CFD: 11/07/2012 - 19:59:33 - [6,624] ----D C:\Program Files\YourFileDownloader =>PUP.YourFileDownloader
O43 - CFD: 20/06/2013 - 19:04:40 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 20/06/2013 - 19:06:00 - [7,883] ----D C:\ProgramData\BrowserDefender
O43 - CFD: 23/12/2009 - 20:35:19 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 23/12/2009 - 20:34:16 - [10,899] ----D C:\ProgramData\IncrediMail
O43 - CFD: 20/06/2013 - 19:05:54 - [1,566] ----D C:\Users\Administrat\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 20/06/2013 - 19:04:40 - [0,009] ----D C:\Users\Administrat\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 20/06/2013 - 19:06:03 - [0,001] ----D C:\Users\Administrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
O43 - CFD: 15/03/2013 - 18:07:35 - [0,001] ----D C:\Users\Administrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Hijacker.Eazel
~ Program Folder: 171 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17D90B10782083EB832985FD8E030AEC] - 21/06/2013 - 18:42:03 ---A- . (...) -- C:\Windows\is-PPJCO.lst [390]
O44 - LFC:[MD5.5B8995D2BC885A6FDE6E635F92FAFAC3] - 21/06/2013 - 18:42:03 ---A- . (...) -- C:\Windows\is-PPJCO.msg [14498]
O44 - LFC:[MD5.CD18E303B47E126EAACDEFAD26B006B2] - 21/06/2013 - 18:42:03 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\Windows\is-PPJCO.exe [712264]
O44 - LFC:[MD5.27163204BDCCB7784387874962EA2259] - 21/06/2013 - 18:08:00 ---A- . (...) -- C:\Windows\System32\cc_20130621_190757.reg [1136]
O44 - LFC:[MD5.DB23F7F7B622873E5949C67901C47391] - 21/06/2013 - 18:07:36 ---A- . (...) -- C:\Windows\System32\cc_20130621_190715.reg [445596]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/06/2013 - 06:04:25 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0]
~ Files: 45 Legitimates Filtered in 01mn 21s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F6E9F758A66DC2BB8EFCF27384373E39] - 17/06/2013 - 19:48:18 ---A- - C:\Windows\Prefetch\PICTUREVIEWER.EXE-624252B8.pf
O45 - LFCP:[MD5.21A09794F66B8E5290145069E687A45F] - 20/06/2013 - 18:04:25 ---A- - C:\Windows\Prefetch\UPDATEREX.EXE-1D6BF23C.pf
O45 - LFCP:[MD5.2B7FEA6873833EFB4BE05AA813BEEEED] - 20/06/2013 - 18:04:49 ---A- - C:\Windows\Prefetch\DELTATB.EXE-FF646432.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.E087FB620E18DEF82F2298100470F6FE] - 20/06/2013 - 18:05:55 ---A- - C:\Windows\Prefetch\DELTASRV.EXE-DF2D02CA.pf
O45 - LFCP:[MD5.DC7751DC644E80D33FA7923BAC301AD0] - 20/06/2013 - 18:05:56 ---A- - C:\Windows\Prefetch\DELTA4FFX.EXE-58A5666F.pf
O45 - LFCP:[MD5.E855098B4EA1D8CC00C7708B9D4F8EBD] - 20/06/2013 - 18:05:56 ---A- - C:\Windows\Prefetch\DELTA4IE.EXE-D978DE41.pf
O45 - LFCP:[MD5.32084850A3FFCC079AA59817002E23E0] - 20/06/2013 - 18:06:02 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-4437692A.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.44AD35A0615B95D9D7F7D52050F0D3BF] - 20/06/2013 - 18:06:04 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-6B4C69BC.pf
O45 - LFCP:[MD5.F2E0EF8EEEB4536397877BDECBBACD9E] - 20/06/2013 - 18:24:38 ---A- - C:\Windows\Prefetch\HOOLAPP.EXE-FCE9B1FA.pf
O45 - LFCP:[MD5.C4E13EB57C2E1F1A6474D7094C9E8BAE] - 21/06/2013 - 06:22:50 ---A- - C:\Windows\Prefetch\HOOLAPP.EXE-33A9FCCD.pf
O45 - LFCP:[MD5.D2CBB89B9764DE6234B17704D2B758E9] - 21/06/2013 - 07:59:16 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-E8C448EB.pf
O45 - LFCP:[MD5.36BA3FB2C1D28418B27BFDD0F50AD34E] - 21/06/2013 - 08:00:06 ---A- - C:\Windows\Prefetch\BABSCHEDULER2000201.EXE-AB13D838.pf
O45 - LFCP:[MD5.79888E59749D2BF0B76AFE6107849F4C] - 21/06/2013 - 08:00:25 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-921D0974.pf
O45 - LFCP:[MD5.A9C511174CBAC76927C01F433A378315] - 21/06/2013 - 10:15:48 ---A- - C:\Windows\Prefetch\DFRGIFC.EXE-F4F4B289.pf
O45 - LFCP:[MD5.3BC68F899594EEE0530F8E807A534A39] - 21/06/2013 - 11:47:51 ---A- - C:\Windows\Prefetch\CNMSE93.EXE-70378D07.pf
~ Prefetcher: 143 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\CanonMyPrinter [Key] . (...) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.C161E9A616B4697B873A1966B84BF26F] - 20/05/2013 - 11:25:09 RSH-- . (...) -- C:\Windows\System32\43CA0DE3BB.sys [56]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/06/2013 - 18:06:06 ---A- C:\Users\Administrat\AppData\Roaming\Babylon\log_file.txt [9951] =>Toolbar.Babylon
~ 3 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 71 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119556&tt=130313_80cr&babsrc=HP_ss&mntrId=007B001E9038[...] =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.id", "007bacfe000000000000001e90389745");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.instlDay", "15876");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.vrsnTs", "1.8.21.519:05:54");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta_i.babTrack", "affID=119357&tt=180613_ndt7&tsp=4919");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://rws.search.ke.voila.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://rws.search.ke.voila.fr
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.18D34FC8F7420E65A8F2E179CF5F0A7C] [SPRF][09/08/2010] (...) -- C:\ProgramData\ezsidmv.dat [48]
[MD5.38615D250BC3F3CD0541048C15339420] [SPRF][16/03/2013] (...) -- C:\Users\Administrat\Desktop\delfix.exe [706714]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 05s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{416DEBB2-C245-42BE-806F-591859E4631E}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{A525345E-FE78-4675-A1D6-928018BDD129}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{FE82F7FC-DDBD-40FF-A49E-44522AFB8BED}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{B03E1CEF-CA84-4707-9E7A-61D4B9B648F2}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{E6EE9085-4762-4709-ADA5-301C379D45B9}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{F020EF88-5123-436E-9DFD-084994E924DF}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{B78137B6-8C71-4BDC-AD68-168B40805E83}" | In - Public - P6 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\Downloader.exe =>PUP.YourFileDownloader
O87 - FAEL: "{3D373D4A-1BC7-41F1-A44A-477B4F5A3A0C}" | In - Public - P17 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\Downloader.exe =>PUP.YourFileDownloader
O87 - FAEL: "{F238223A-2FCB-4D1E-9364-5C280199A2C9}" | In - Public - P6 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\YourFile.exe =>PUP.YourFileDownloader
O87 - FAEL: "{AF5FD3DF-06CC-4859-9146-C62DF619603C}" | In - Public - P17 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\YourFile.exe =>PUP.YourFileDownloader
~ Firewall: 213 Legitimates Filtered in 00mn 23s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Clés trouvées (Keys found) : 65
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 2
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\ilivid] =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
C:\Program Files\yourfiledownloader =>PUP.YourFileDownloader
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\BrowserDefender =>Hijacker.Eazel
C:\Users\Administrat\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Administrat\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\bprotector_prefs.js =>PUP.BProtector
~ Additionnel Scan: 269644 Items scanned in 00mn 42s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
~ Update Products: 79 Legitimates Filtered in 00mn 01s
---\\ Random Export Key (O91)
[HKCU\Software\5b6d98be56fba14\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5b6d98be56fba14\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\5b6d98be56fba14] =>Toolbar.Babylon^
[HKCU\Software\5b6d98be56fba14]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\5b6d98be56fba14]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\5b6d98be56fba14]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKCU\Software\5b6d98be56fba14]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwM
mon pc est lent et chaque page d'internet met au moins une minute à s'ouvrir!...
je vous joint les divers rapports conseillés sur le site: zhp diag, mbam, avira antivir
Merci
Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013
Run by Administrat at 21/06/2013 20:31:07
WebSite: https://nicolascoolman.webs.com/
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 9.0.1 (Defaut)
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : MQ3CQ
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
Avira AntiVir Personal - Free Antivirus v10.2.0.167
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.22 =>Piriform Ltd
---\\ Peer To Peer (P2P)
eMule
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 299 GB (65%) free of 454 GB
---\\ Logged in mode
~ Computer Name: PC
~ User Name: Administrat
~ All Users Names: UpdatusUser, Joëlle_2, Cris, Amand, Administrateur, Administrat,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Administrat\AppData\Roaming\
~ %Desktop% : C:\Users\Administrat\Desktop\
~ %Favorites% : C:\Users\Administrat\Favorites\
~ %LocalAppData% : C:\Users\Administrat\AppData\Local\
~ %StartMenu% : C:\Users\Administrat\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 299 Go of 454 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 30 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 1/176
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 0/23
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.013A330F16B1CECBDE5CB6F921689523] - (...) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728] [PID.2264]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.484]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.628]
[MD5.FB85F333D10B1475650C4304F99A1ECE] - (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [44784] [PID.3052] =>Adware.MapsGalaxy
[MD5.35D6CAAA9E4D82974A74DBDB53801F98] - (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096] [PID.856] =>Adware.MapsGalaxy
[MD5.2D821AFA5A1A9CA7F9F997A1AAD09E72] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe [168960] [PID.1712]
[MD5.5132FB1B120FB3FB5442008422FFEF4D] - (.Avira GmbH - Antivirus Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [400040] [PID.5936]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.2796]
[MD5.1A113EB5F555F55A031BFACF6A57DC6E] - (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe [2388336] [PID.4928]
[MD5.2D322383B45CF3726675FC887A657160] - (.Apple Inc. - WebKit2WebProcess.exe.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe [14184] [PID.5108]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.5664]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5876]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.884]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.900]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1196]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1292]
[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.1844]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2144]
[MD5.3CCE4AFA4AACDB28E01A148394212186] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.2172]
[MD5.7EF47644B74EBE721CC32211D3C35E76] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.2204]
[MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.2240]
[MD5.622FCF264119F7DF127BE353F796B319] - (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504] [PID.2324] =>Adware.MapsGalaxy
[MD5.C5052FB77AA42ED440F9F6B4E37145A9] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [869672] [PID.2496]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\system32\IoctlSvc.exe [81920] [PID.2580]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.3928]
[MD5.01CA6E9F4E6E8B2DBE0D365CCAA312C1] - (.Avira GmbH - On-Demand Scanner.) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe [484008] [PID.4696]
~ Processes Running: Scanned in 00mn 33s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\prefs.js
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\user.js
M3 - MFPP: Plugins - [Administrat] -- C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Administrat] -- C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\searchplugins\delta.xml
M0 - MFSP: prefs.js [Administrat - faes9ovn.default]
M2 - MFEP: prefs.js [Administrat - faes9ovn.default\39ffxtbr@MapsGalaxy_39.com] [] MapsGalaxy v2.73.1.10084 (..) =>Adware.MapsGalaxy
M2 - MFEP: prefs.js [Administrat - faes9ovn.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
P2 - FPN: [HKLM] [@MapsGalaxy_39.com/Plugin] - (.MindSpark - MindSpark Toolbar Platform Plugin Stub for 32-bit Windows.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll =>Adware.MapsGalaxy
~ Firefox Browser: 46 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll =>Adware.MapsGalaxy
O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} . (.MindSpark - MindSpark Search Assistant.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll =>Adware.MapsGalaxy
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll =>Toolbar.DeltaSearch
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: barre d'outils Orange - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O3 - Toolbar: MapsGalaxy - [HKLM]{364ea597-e728-4ce4-bb4a-ed846ef47970} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll =>Adware.MapsGalaxy
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll =>Toolbar.DeltaSearch
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [MapsGalaxy Search Scope Monitor] . (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe =>Adware.MapsGalaxy
O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] . (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe =>Adware.MapsGalaxy
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] . (.Pas de propriétaire - Setup/Uninstall.) -- C:\Windows\is-PPJCO.exe
O4 - HKUS\S-1-5-18\..\Run: [orangeinside] . (.Orange - Executable Orange Inside.) -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: FormatFactory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Skype.lnk - Clé orpheline
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 06s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7636244C-31B3-4E5A-BBF4-E4B6ED8E18A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E74ADCC2-77F9-4473-858A-FAD76961B96F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{7636244C-31B3-4E5A-BBF4-E4B6ED8E18A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E74ADCC2-77F9-4473-858A-FAD76961B96F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{7636244C-31B3-4E5A-BBF4-E4B6ED8E18A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E74ADCC2-77F9-4473-858A-FAD76961B96F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BrowserDefendert (BrowserDefendert) . (...) - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) . (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe =>Adware.MapsGalaxy
O23 - Service: (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
~ Services: 15 Legitimates Filtered in 38mn 18s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\img27.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.0F131210712F7005C3ABE7A9FABF47BA] [APT] [Your File Updater] (.http://yourfiledownloader.com.) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe [245168] =>PUP.YourFileDownloader
~ Scheduled Task: 16 Legitimates Filtered in 00mn 35s
---\\ Logiciels installés (O42)
O42 - Logiciel: BrowserDefender - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: MapsGalaxy Toolbar - (.Mindspark Interactive Network.) [HKLM] -- MapsGalaxy_39bar Uninstall =>Adware.MapsGalaxy
~ Logic: 128 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5b6d98be56fba14]
[HKCU\Software\AppDataLow\Software\Giant Savings] =>Adware.VidSaver
[HKCU\Software\AppDataLow\Software\MapsGalaxy_39] =>Adware.MapsGalaxy
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKLM\Software\5b6d98be56fba14]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\MapsGalaxy_39] =>Adware.MapsGalaxy
[HKLM\Software\YourFileDownloader] =>PUP.YourFileDownloader
[HKLM\Software\ilivid] =>Adware.Bandoo
~ Key Software: 198 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/06/2013 - 19:05:53 - [2,336] ----D C:\Program Files\Delta
O43 - CFD: 23/12/2009 - 20:34:15 - [20,446] ----D C:\Program Files\IncrediMail
O43 - CFD: 23/04/2013 - 22:47:20 - [8,116] ----D C:\Program Files\MapsGalaxy_39 =>Adware.MapsGalaxy
O43 - CFD: 11/07/2012 - 19:59:33 - [6,624] ----D C:\Program Files\YourFileDownloader =>PUP.YourFileDownloader
O43 - CFD: 20/06/2013 - 19:04:40 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 20/06/2013 - 19:06:00 - [7,883] ----D C:\ProgramData\BrowserDefender
O43 - CFD: 23/12/2009 - 20:35:19 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 23/12/2009 - 20:34:16 - [10,899] ----D C:\ProgramData\IncrediMail
O43 - CFD: 20/06/2013 - 19:05:54 - [1,566] ----D C:\Users\Administrat\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 20/06/2013 - 19:04:40 - [0,009] ----D C:\Users\Administrat\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 20/06/2013 - 19:06:03 - [0,001] ----D C:\Users\Administrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
O43 - CFD: 15/03/2013 - 18:07:35 - [0,001] ----D C:\Users\Administrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Hijacker.Eazel
~ Program Folder: 171 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17D90B10782083EB832985FD8E030AEC] - 21/06/2013 - 18:42:03 ---A- . (...) -- C:\Windows\is-PPJCO.lst [390]
O44 - LFC:[MD5.5B8995D2BC885A6FDE6E635F92FAFAC3] - 21/06/2013 - 18:42:03 ---A- . (...) -- C:\Windows\is-PPJCO.msg [14498]
O44 - LFC:[MD5.CD18E303B47E126EAACDEFAD26B006B2] - 21/06/2013 - 18:42:03 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\Windows\is-PPJCO.exe [712264]
O44 - LFC:[MD5.27163204BDCCB7784387874962EA2259] - 21/06/2013 - 18:08:00 ---A- . (...) -- C:\Windows\System32\cc_20130621_190757.reg [1136]
O44 - LFC:[MD5.DB23F7F7B622873E5949C67901C47391] - 21/06/2013 - 18:07:36 ---A- . (...) -- C:\Windows\System32\cc_20130621_190715.reg [445596]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/06/2013 - 06:04:25 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0]
~ Files: 45 Legitimates Filtered in 01mn 21s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F6E9F758A66DC2BB8EFCF27384373E39] - 17/06/2013 - 19:48:18 ---A- - C:\Windows\Prefetch\PICTUREVIEWER.EXE-624252B8.pf
O45 - LFCP:[MD5.21A09794F66B8E5290145069E687A45F] - 20/06/2013 - 18:04:25 ---A- - C:\Windows\Prefetch\UPDATEREX.EXE-1D6BF23C.pf
O45 - LFCP:[MD5.2B7FEA6873833EFB4BE05AA813BEEEED] - 20/06/2013 - 18:04:49 ---A- - C:\Windows\Prefetch\DELTATB.EXE-FF646432.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.E087FB620E18DEF82F2298100470F6FE] - 20/06/2013 - 18:05:55 ---A- - C:\Windows\Prefetch\DELTASRV.EXE-DF2D02CA.pf
O45 - LFCP:[MD5.DC7751DC644E80D33FA7923BAC301AD0] - 20/06/2013 - 18:05:56 ---A- - C:\Windows\Prefetch\DELTA4FFX.EXE-58A5666F.pf
O45 - LFCP:[MD5.E855098B4EA1D8CC00C7708B9D4F8EBD] - 20/06/2013 - 18:05:56 ---A- - C:\Windows\Prefetch\DELTA4IE.EXE-D978DE41.pf
O45 - LFCP:[MD5.32084850A3FFCC079AA59817002E23E0] - 20/06/2013 - 18:06:02 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-4437692A.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.44AD35A0615B95D9D7F7D52050F0D3BF] - 20/06/2013 - 18:06:04 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-6B4C69BC.pf
O45 - LFCP:[MD5.F2E0EF8EEEB4536397877BDECBBACD9E] - 20/06/2013 - 18:24:38 ---A- - C:\Windows\Prefetch\HOOLAPP.EXE-FCE9B1FA.pf
O45 - LFCP:[MD5.C4E13EB57C2E1F1A6474D7094C9E8BAE] - 21/06/2013 - 06:22:50 ---A- - C:\Windows\Prefetch\HOOLAPP.EXE-33A9FCCD.pf
O45 - LFCP:[MD5.D2CBB89B9764DE6234B17704D2B758E9] - 21/06/2013 - 07:59:16 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-E8C448EB.pf
O45 - LFCP:[MD5.36BA3FB2C1D28418B27BFDD0F50AD34E] - 21/06/2013 - 08:00:06 ---A- - C:\Windows\Prefetch\BABSCHEDULER2000201.EXE-AB13D838.pf
O45 - LFCP:[MD5.79888E59749D2BF0B76AFE6107849F4C] - 21/06/2013 - 08:00:25 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-921D0974.pf
O45 - LFCP:[MD5.A9C511174CBAC76927C01F433A378315] - 21/06/2013 - 10:15:48 ---A- - C:\Windows\Prefetch\DFRGIFC.EXE-F4F4B289.pf
O45 - LFCP:[MD5.3BC68F899594EEE0530F8E807A534A39] - 21/06/2013 - 11:47:51 ---A- - C:\Windows\Prefetch\CNMSE93.EXE-70378D07.pf
~ Prefetcher: 143 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\CanonMyPrinter [Key] . (...) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.C161E9A616B4697B873A1966B84BF26F] - 20/05/2013 - 11:25:09 RSH-- . (...) -- C:\Windows\System32\43CA0DE3BB.sys [56]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/06/2013 - 18:06:06 ---A- C:\Users\Administrat\AppData\Roaming\Babylon\log_file.txt [9951] =>Toolbar.Babylon
~ 3 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 71 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119556&tt=130313_80cr&babsrc=HP_ss&mntrId=007B001E9038[...] =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.id", "007bacfe000000000000001e90389745");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.instlDay", "15876");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta.vrsnTs", "1.8.21.519:05:54");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta_i.babTrack", "affID=119357&tt=180613_ndt7&tsp=4919");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: prefs.js [Administrat - faes9ovn.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://rws.search.ke.voila.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://rws.search.ke.voila.fr
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.18D34FC8F7420E65A8F2E179CF5F0A7C] [SPRF][09/08/2010] (...) -- C:\ProgramData\ezsidmv.dat [48]
[MD5.38615D250BC3F3CD0541048C15339420] [SPRF][16/03/2013] (...) -- C:\Users\Administrat\Desktop\delfix.exe [706714]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 05s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{416DEBB2-C245-42BE-806F-591859E4631E}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{A525345E-FE78-4675-A1D6-928018BDD129}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{FE82F7FC-DDBD-40FF-A49E-44522AFB8BED}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{B03E1CEF-CA84-4707-9E7A-61D4B9B648F2}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{E6EE9085-4762-4709-ADA5-301C379D45B9}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{F020EF88-5123-436E-9DFD-084994E924DF}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{B78137B6-8C71-4BDC-AD68-168B40805E83}" | In - Public - P6 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\Downloader.exe =>PUP.YourFileDownloader
O87 - FAEL: "{3D373D4A-1BC7-41F1-A44A-477B4F5A3A0C}" | In - Public - P17 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\Downloader.exe =>PUP.YourFileDownloader
O87 - FAEL: "{F238223A-2FCB-4D1E-9364-5C280199A2C9}" | In - Public - P6 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\YourFile.exe =>PUP.YourFileDownloader
O87 - FAEL: "{AF5FD3DF-06CC-4859-9146-C62DF619603C}" | In - Public - P17 - TRUE | .(.http://yourfiledownloader.com - YourFile Downloader.) -- C:\Program Files\YourFileDownloader\YourFile.exe =>PUP.YourFileDownloader
~ Firewall: 213 Legitimates Filtered in 00mn 23s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Clés trouvées (Keys found) : 65
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 2
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\ilivid] =>
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0E9201899CF73FC4BA93F631631229A1] =>Toolbar.Agent
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}] =>Adware.MapsGalaxy
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
C:\Program Files\yourfiledownloader =>PUP.YourFileDownloader
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\BrowserDefender =>Hijacker.Eazel
C:\Users\Administrat\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Administrat\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\Administrat\AppData\Roaming\Mozilla\Firefox\Profiles\faes9ovn.default\bprotector_prefs.js =>PUP.BProtector
~ Additionnel Scan: 269644 Items scanned in 00mn 42s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
~ Update Products: 79 Legitimates Filtered in 00mn 01s
---\\ Random Export Key (O91)
[HKCU\Software\5b6d98be56fba14\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5b6d98be56fba14\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\5b6d98be56fba14] =>Toolbar.Babylon^
[HKCU\Software\5b6d98be56fba14]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:INSTALL_FOLDER_NAME="BrowserDefender"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\5b6d98be56fba14]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\5b6d98be56fba14]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\5b6d98be56fba14]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:PROTECTOR_DLL_NAME="BrowserDefender.dll"
[HKCU\Software\5b6d98be56fba14]:PROTECT_EXE_NAME="BrowserDefender.exe"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\5b6d98be56fba14]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwM
A voir également:
- PC lent internet très lent
- Pc tres lent - Guide
- Mon mac est lent comment le nettoyer - Guide
- Mon pc est trop lent et se bloque - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
