HKLM\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-804632507-19055872-3853573479-1000\...\MountPoints2: {dfe489e0-79ba-11e1-a31c-e89d8790972b} - G:\LaunchU3.exe -a
HKU\S-1-5-21-804632507-19055872-3853573479-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-804632507-19055872-3853573479-1000\$9906feaf3456986e04115ca7b8b508e9\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-804632507-19055872-3853573479-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {C267B38D-E37F-4F1C-8C05-CF18F69129D8} URL = http://search.condui...2917048118&UM=2
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
S4 LMIRfsClientNP; No ImagePath
2014-10-20 12:52 - 2014-10-30 12:44 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\$Recycle.Bin\S-1-5-18\$9906feaf3456986e04115ca7b8b508e9
C:\$Recycle.Bin\S-1-5-21-804632507-19055872-3853573479-1000\$9906feaf3456986e04115ca7b8b508e9
C:\ProgramData\4odmqrjbnzj.odd
C:\ProgramData\SMRResults322.dat
CustomCLSID: HKU\S-1-5-21-804632507-19055872-3853573479-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-804632507-19055872-3853573479-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
Task: {18EAB22E-1C17-4A96-9C34-58A45A3C8DAE} - System32\Tasks\DigitalSite => C:\Users\mathieu\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\mathieu\AppData\Roaming\DIGITA~1\
Task: C:\windows\Tasks\DigitalSite.job => C:\Users\mathieu\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
CloseProcesses:
EmptyTemp: