~ Rapport de ZHPDiag v2013.9.28.51 - Nicolas Coolman (28/09/2013) ~ Lancé par Sébastien (28/09/2013 11:54:14) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16686 MFIE: Mozilla Firefox 24.0 (Defaut) OPIE: Opera v12.16 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 2BT4J Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1489.0 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v3.28 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer µTorrent v3.1.3 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 21 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4009 MB (49% free) System Restore: Activé (Enable) System drive C: has 58 GB (38%) free of 150 GB ---\\ Mode de connexion au système ~ Computer Name: SÉBASTIEN-PC ~ User Name: Sébastien ~ All Users Names: UpdatusUser, Sébastien, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Sébastien\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Sébastien\AppData\Roaming\ ~ %Desktop% : C:\Users\Sébastien\Desktop\ ~ %Favorites% : C:\Users\Sébastien\Favorites\ ~ %LocalAppData% : C:\Users\Sébastien\AppData\Local\ ~ %StartMenu% : C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 150 Go) D: Hard drive, Flash drive, Thumb drive (Free 241 Go of 424 Go) E: CD-ROM drive (Free 0 Go of 1 Go) Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes musiques (My Musics) : 1/44 ~ Mes Favoris (My Favorites) : 1/10 ~ Mes Documents (My Documents) : 2/124 ~ Mon Bureau (My Desktop) : 1/343 ~ Menu demarrer (Programs) : 1/33 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.6B4B9B573A7FF15C88C22B0C4B77F2E1] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [1080400] [PID.2612] [MD5.EC5EC34365C024D749F7718C3D6921BC] - (.Samsung Electronics Co., Ltd. - Smart Setting Program.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2276944] [PID.2620] [MD5.221A4BEB1FB8D6DFC934405F1675D8CF] - (.Samsung Electronics - Easy Speed Up Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [1634304] [PID.2636] [MD5.C75CA29048CE2B1E2F7B396FCC55D3E0] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [776704] [PID.2644] [MD5.A5B2F530017144BE8CC08D8CC0714EBF] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe [1814440] [PID.3476] [MD5.D3A1D2987051118159D4DE38E3027CEA] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4403280] [PID.3836] [MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [274840] [PID.4720] [MD5.BCA4EC93ED4B96E3626C288CA09C1F97] - (.WinZip Computing, S.L. - WinZip Executable.) -- C:\Program Files (x86)\WinZip\WZQKPICK.exe [525664] [PID.4908] [MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.2936] [MD5.96418763863481DBD33418A6ABC1E32A] - (.PC Utilities Pro - Optimizer Pro Smart Scan.) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe [418808] [PID.5060] =>PUP.OptimizerPro [MD5.1997D198F22EAC5659AB09B9E2D864F5] - (.PC Utilities Pro - Optimizer Pro Speed Guard.) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe [903160] [PID.4792] =>PUP.OptimizerPro [MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2760] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4840] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4288] [MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.5040] [MD5.82C264DDF53D18F940A07EA91D8FFB01] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392] [PID.3036] [MD5.F289B31D23BB3DC8E6640A6D09E4BF51] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [3395664] [PID.1348] [MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17816] [PID.6084] [MD5.18F20138A715E0677A24A0986BC9AEA2] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.2900] [MD5.A2CB714DCF8F0E134F2429AF673C7C08] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [506744] [PID.5860] [MD5.53B399A4785651C6B638541FD282E9AF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8024576] [PID.4088] [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1408] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1340] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2068] [MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1376] [MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.3244] [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3492] [MD5.792C6BB1F02C528095EC349DAAF4C880] - (.Valve Corporation - Steam Client Service (buildbot_winslave04_s.) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe [565672] [PID.5548] [MD5.F4A17DCAB576267C85663E64F3ACE5A4] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326424] [PID.3964] [MD5.D96DDEA6C699A99832E0186057801971] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416] [PID.5956] [MD5.DB641944F7E4B14C13C3FEFC89843F69] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656536] [PID.3384] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\prefs.js M3 - MFPP: Plugins - [Sébastien] -- C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\searchplugins\BrowserDefender.xml =>Hijacker.Eazel M3 - MFPP: Plugins - [Sébastien] -- C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\searchplugins\iminent.xml =>Adware.IMBooster M3 - MFPP: Plugins - [Sébastien] -- C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\searchplugins\Web Search.xml =>Parasite.Pugi M3 - MFPP: Plugins - [Sébastien] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6 M3 - MFPP: Plugins - [Sébastien] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\StartWeb.xml M2 - MFEP: prefs.js [Sébastien - hbavxpf5.default\d8222698-19e5-4827-b79e-0a077ea8eb7a@7b662f6d-3899-41e4-8864-6393447568da.com] [] Plus-HD-3.5 v (..) =>Adware.PlusHD M2 - MFEP: prefs.js [Sébastien - hbavxpf5.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch M2 - MFEP: prefs.js [Sébastien - hbavxpf5.default\ffxtlbr@iminent.com] [] Iminent Toolbar v1.6.0 (..) =>Adware.IMBooster M2 - MFEP: prefs.js [Sébastien - hbavxpf5.default\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] [] Wajam v1.26 (..) =>Toolbar.Wajam M2 - MFEP: prefs.js [Sébastien - hbavxpf5.default\{ec7fbed5-4fd7-46c4-9943-9e1a4eb94d81}] [] QuickShare Widget v1.26 (..) =>PUP.QuickShare P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (.Search.Us.com - npAPI Plugin.) -- C:\Users\Sébastien\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll P2 - FPN: [HKCU] [@tnt2ghost.com/Plugin] - (.Search.Us.com - npAPI Ghost Plugin.) -- C:\Users\Sébastien\AppData\Local\TNT2\2.0.0.1627\npTNT2ghost.dll ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6 R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://allssearch.com =>Adware.SocialSkinz R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search.us.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.search.us.com ~ IE Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: iminent Helper Object [64Bits] - {112BA211-334C-4A90-90EC-2AD1CDAB287C} . (.Iminent - Pas de description.) -- C:\Program Files (x86)\IminentToolbar\1.8.25.0\bh\iminent.dll =>Adware.IMBooster ~ BHO: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline O3 - Toolbar: Adobe Acrobat Create PDF Toolbar [64Bits] - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe O4 - GS\Desktop [Public]: THOR.lnk . (.Lone Wolf Winter - THOR.) -- C:\Program Files (x86)\THOR\Thor.exe O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Desktop [UpdatusUser]: Plus500.lnk . (...) -- C:\Program Files (x86)\Plus500\Plus500.exe O4 - GS\QuickLaunch [Sébastien]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Sébastien]: Opera11.60 1185.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Program [Sébastien]: Webplayer.lnk . (...) -- C:\Users\Sébastien\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_87FBFC29DF64F25EB06E85.exe O4 - GS\Desktop [Sébastien]: Disque local (C).lnk . (...) -- C:\ O4 - GS\Desktop [Sébastien]: Easy Thumbnails.lnk . (.Fookes Software - Easy Thumbnails.) -- C:\Program Files (x86)\Easy Thumbnails\EzThumbs.exe O4 - GS\Desktop [Sébastien]: Optimizer Pro.lnk . (.PC Utilities Pro - Optimizer Pro.) -- C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe =>PUP.OptimizerPro O4 - GS\Desktop [Sébastien]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe (.not file.) =>Toolbar.DeltaSearch ~ Global Startup: 83 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Executable.) -- C:\Program Files (x86)\WinZip\WZQKPICK.exe O4 - GS\Startup [Sébastien]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\steam.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [Optimizer Pro] . (.PC Utilities Pro - Fix, clean, optimize your PC!.) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe =>PUP.OptimizerPro O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_63] Clé orpheline =>PUP.Eorezo O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-785650546-1832744181-4140763645-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-785650546-1832744181-4140763645-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{DC730B15-ECD1-4228-8D95-86CE37398A08}: DhcpNameServer = 89.2.0.1 89.2.0.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{DC730B15-ECD1-4228-8D95-86CE37398A08}: DhcpNameServer = 89.2.0.1 89.2.0.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{DC730B15-ECD1-4228-8D95-86CE37398A08}: DhcpNameServer = 89.2.0.1 89.2.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Compatible NVIDIA shim initializatio.) - C:\windows\system32\nvinitx.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup O23 - Service: Service Software Update (Software_update (Software_update) . (.The Software Group - Software Update.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ~ Services: 13 Legitimates Filtered in 00mn 07s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [920] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [924] [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.FC387225841FF92463C5F65054998E0B] [APT] [SoftwareUpdateTaskMachineCore] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore [MD5.FC387225841FF92463C5F65054998E0B] [APT] [SoftwareUpdateTaskMachineUA] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore [MD5.00000000000000000000000000000000] [APT] [{7E8B9F9D-52D2-429B-B7D3-275CD7C0AE3F}] (...) -- C:\Program Files\MetaTrader 5 - ActivTrades\Uninstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{AF5CB8AA-FFB7-49F5-BF04-849A75D8F3C4}] (...) -- C:\Program Files (x86)\FxPro - MetaTrader 4\Uninstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D72C8144-239A-44CD-851B-55533C4CABBC}] (...) -- C:\Program Files (x86)\Markets.com MetaTrader\Uninstall.exe (.not file.) [0] ~ Scheduled Task: 20 Legitimates Filtered in 00mn 05s ---\\ Logiciels installés (O42) O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore O42 - Logiciel: BrowseToSave 1.74 - (...) [HKLM][64Bits] -- SP_f2a323db =>Adware.Browse2Save O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {81FCC50B-950F-4063-8E4A-D99CAA4FBB1F} =>Adware.IMBooster O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup O42 - Logiciel: Plus500 - (...) [HKLM][64Bits] -- Plus500 O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM][64Bits] -- {CC1C2EE8-8E03-4D79-9758-C208D4438A3E} =>PUP.QuickShare O42 - Logiciel: Search Assistant WebSearch 1.74 - (...) [HKLM][64Bits] -- SP_4e24eecb O42 - Logiciel: Search.us.com - (.Search.us.com.) [HKCU][64Bits] -- {BA25B6B5-99CD-4631-A85E-DC65E3B2D00B} O42 - Logiciel: THOR version 1.8.00 - (.Lone Wolf Winter.) [HKLM][64Bits] -- {08CB5273-09AE-482E-9311-39B316CC2F8B}_is1 O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM][64Bits] -- WebConnect =>PUP.WebConnect O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- Webplayer =>Adware.SocialSkinz O42 - Logiciel: xOption - (.X-Trade Brokers DM S.A..) [HKLM][64Bits] -- {904BE4B0-D9B9-4997-B108-403C62FC0D75}_is1 ~ Logic: 160 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5f53dad9e069ef41] [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Boxore] =>Adware.Boxore [HKCU\Software\Delta] [HKCU\Software\Fx1] [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\MSPG32] [HKCU\Software\Microsof] [HKCU\Software\Plus500] [HKCU\Software\SimpleFiles] =>Adware.SimpleFiles [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\TNT2] [HKCU\Software\TutoTag] =>Spyware.AgenceExclusive [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\5f53dad9e069ef41] [HKLM\Software\Wow6432Node\CandleWorks] [HKLM\Software\Wow6432Node\DProtect] =>Trojan.Staser [HKLM\Software\Wow6432Node\Delta] [HKLM\Software\Wow6432Node\MSPG32] [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix [HKLM\Software\Wow6432Node\SimpleFiles] =>Adware.SimpleFiles [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Umbrella] ~ Key Software: 269 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 15/09/2013 - 01:17:17 - [0] ----D C:\Program Files (x86)\allsearch =>Adware.SocialSkinz O43 - CFD: 15/09/2013 - 19:30:51 - [0,471] ----D C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save O43 - CFD: 07/05/2013 - 09:01:55 - [120,313] ----D C:\Program Files (x86)\Candleworks O43 - CFD: 14/09/2013 - 23:45:25 - [0] ----D C:\Program Files (x86)\Delta O43 - CFD: 28/09/2013 - 11:02:53 - [2,228] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster O43 - CFD: 14/09/2013 - 23:43:27 - [27,133] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 14/04/2013 - 11:36:35 - [0,367] ----D C:\Program Files (x86)\Plus500 O43 - CFD: 18/09/2013 - 19:54:37 - [0] ----D C:\Program Files (x86)\predm O43 - CFD: 14/09/2013 - 22:28:43 - [0,050] ----D C:\Program Files (x86)\TextAloud O43 - CFD: 18/02/2012 - 18:18:29 - [1,825] ----D C:\Program Files (x86)\THOR O43 - CFD: 15/09/2013 - 19:30:51 - [0,474] ----D C:\Program Files (x86)\WebSearch O43 - CFD: 28/09/2013 - 11:02:22 - [2,736] ----D C:\Program Files (x86)\Common Files\Umbrella O43 - CFD: 28/09/2013 - 10:22:48 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard O43 - CFD: 20/09/2013 - 06:46:47 - [0,169] ----D C:\ProgramData\BoxUpdChk O43 - CFD: 21/09/2013 - 23:20:33 - [0] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch O43 - CFD: 28/04/2013 - 22:12:27 - [1,369] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 14/09/2013 - 22:17:07 - [0] ----D C:\ProgramData\NextUp O43 - CFD: 07/05/2013 - 09:01:58 - [13,773] --H-D C:\ProgramData\{3FA35B04-FB0C-4FBC-958D-0A3FEE9819E4} O43 - CFD: 16/09/2013 - 20:19:53 - [0] ----D C:\Users\Sébastien\AppData\Roaming\chc O43 - CFD: 29/04/2013 - 06:42:08 - [0] ----D C:\Users\Sébastien\AppData\Roaming\NCdownloader O43 - CFD: 16/07/2013 - 09:19:35 - [0] ----D C:\Users\Sébastien\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles O43 - CFD: 14/07/2013 - 10:18:50 - [0,005] ----D C:\Users\Sébastien\AppData\Local\Lone_Wolf_Winter O43 - CFD: 14/09/2013 - 22:17:04 - [0,063] ----D C:\Users\Sébastien\AppData\Local\NextUp O43 - CFD: 14/04/2013 - 11:37:25 - [27,256] ----D C:\Users\Sébastien\AppData\Local\Plus500 O43 - CFD: 16/09/2013 - 20:44:47 - [3,843] ----D C:\Users\Sébastien\AppData\Local\TNT2 O43 - CFD: 14/09/2013 - 23:45:18 - [0,001] ----D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard O43 - CFD: 14/09/2013 - 23:43:22 - [0,002] ----D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 14/04/2013 - 11:37:29 - [0] ----D C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500 ~ 409 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 650 Legitimates Filtered in 00mn 36s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.5E629EF4F10010AE14A56F188D7F3E58] - 28/09/2013 - 03:41:10 ---A- . (.Pas de propriétaire - SecureGuard Recovery Agent.) -- C:\Windows\Spoolsync.exe [24576] O44 - LFC:[MD5.815372073DA85B2098A37DED84083C8A] - 15/09/2013 - 17:06:56 ---A- . (...) -- C:\Windows\_MSRSTRT.EXE [2560] ~ Files: 27 Legitimates Filtered in 00mn 06s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.1B30E479C8EA143469E3B1737A7369F8] - 28/09/2013 - 09:56:52 ---A- - C:\Windows\Prefetch\MEDIA+PLAYER10SERV.EXE-B729CE8E.pf O45 - LFCP:[MD5.B7E3629CDB9B59C847D9FB4FB8F69E1B] - 28/09/2013 - 09:56:57 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf =>PUP.MyPCBackup O45 - LFCP:[MD5.9B1330495AE18A66F66A8BEE5DF5C856] - 28/09/2013 - 10:01:52 ---A- - C:\Windows\Prefetch\INS7002.EXE-F8C0907D.pf O45 - LFCP:[MD5.EE5686228AE46414B122B0AF92C2B652] - 28/09/2013 - 10:02:09 ---A- - C:\Windows\Prefetch\IMINENTSETUP_2905-512C3791.EX-1E18D27E.pf =>Adware.IMBooster O45 - LFCP:[MD5.FF2EC9BDEB4215EDC4B4C957B7C4DFBA] - 28/09/2013 - 10:02:10 ---A- - C:\Windows\Prefetch\OBBOXORE_0307-76302122.EXE-73C51077.pf =>Adware.Boxore O45 - LFCP:[MD5.DFACC3ACA836F61BD18E68141FE28FAE] - 28/09/2013 - 10:02:11 ---A- - C:\Windows\Prefetch\BOXOREINSTALLER.EXE-6FE8CBEB.pf =>Adware.Boxore O45 - LFCP:[MD5.4CB52EC981D69EEF27A87EF4AB0408CB] - 28/09/2013 - 10:02:36 ---A- - C:\Windows\Prefetch\UMBRELLA.EXE-9B266DB9.pf =>Adware.IMBooster O45 - LFCP:[MD5.7605DCA44B67BC0624835CAB5F096B86] - 28/09/2013 - 10:02:48 ---A- - C:\Windows\Prefetch\IEXPLOREINSTALLER.EXE-C4214187.pf O45 - LFCP:[MD5.C2628B2B2566EE7D1DE9ACFEE3362633] - 28/09/2013 - 10:02:48 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-1B85F60E.pf =>Adware.IMBooster O45 - LFCP:[MD5.E7E8563B5869AE616253B02AC0656ED7] - 28/09/2013 - 10:02:48 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-ED7B9A3A.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.10D58F5FA3AE5C1ABE6DDE97B32D2875] - 28/09/2013 - 10:02:49 ---A- - C:\Windows\Prefetch\OPTIMIZER_PRO.EXE-8BDA60C9.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.2333140AF7F6EDEE51C6F31B11470EA0] - 28/09/2013 - 10:02:50 ---A- - C:\Windows\Prefetch\OPTIMIZER_PRO.TMP-3C8A08E8.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.D9E9A3B45D46230F7B986583A993D2DF] - 28/09/2013 - 10:02:54 ---A- - C:\Windows\Prefetch\IMINENT4FFX.EXE-0BEDEC24.pf =>Adware.IMBooster O45 - LFCP:[MD5.58D193AE132D22790EB586FD728535D0] - 28/09/2013 - 10:02:54 ---A- - C:\Windows\Prefetch\IMINENTSRV.EXE-3D168865.pf =>Adware.IMBooster O45 - LFCP:[MD5.084D3E24DE2896EA75EC26E9B4962627] - 28/09/2013 - 10:02:55 ---A- - C:\Windows\Prefetch\IMINENT4IE.EXE-C4D8A9FE.pf =>Adware.IMBooster O45 - LFCP:[MD5.83ED929FD6FFEA652EBCCE087988BBBF] - 28/09/2013 - 10:02:58 ---A- - C:\Windows\Prefetch\IMINENTTOOLBAR.EXE-3C9970BD.pf =>Adware.IMBooster O45 - LFCP:[MD5.4DF0AE4E11F5C56BFA86CC481B7D1C53] - 28/09/2013 - 10:03:02 ---A- - C:\Windows\Prefetch\OPTPROSTART.EXE-9FA07807.pf O45 - LFCP:[MD5.E42D872791709A789488279607C61E4B] - 28/09/2013 - 10:07:02 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-6BA116FA.pf O45 - LFCP:[MD5.447E6C904014E46D9A7A0EDDA3AAD23E] - 28/09/2013 - 10:44:34 ---A- - C:\Windows\Prefetch\WZQKPICK.EXE-4011D1D2.pf ~ Prefetcher: 139 Legitimates Filtered in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{c3935122-c575-11e0-951a-806e6f6e6963}\AutoRun\command. (.Microsoft Corporation - Microsoft Autorun.) -- E:\autorun.exe ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.5573AA70993A2BB81525B1C704B88763] - 09/05/2013 - 09:59:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] ~ Drivers: 16 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 25/09/2013 - 07:47:43 ---A- . (...) -- C:\Users\Sébastien\AppData\Local\GDIPFONTCACHEV1.DAT [72608] O61 - LFC: 28/09/2013 - 10:08:09 ---A- . (...) -- C:\Users\Sébastien\Documents\Optimizer Pro\CookiesException.txt [64] =>PUP.OptimizerPro O61 - LFC: 28/09/2013 - 10:54:12 ---A- . (...) -- C:\Users\Sébastien\AppData\Roaming\ZHP\TestsZHPDiag.txt [2959] =>.Nicolas Coolman O61 - LFC: 28/09/2013 - 10:55:32 ---A- . (...) -- C:\Users\Sébastien\AppData\Roaming\ZHP\Log.txt [67607] =>.Nicolas Coolman ~ 24 Fichiers temporaires (Temporary files) ~ Files: 96 Legitimates Filtered in 00mn 34s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7} ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Opera.exe" http://www.qvo6.com =>Hijacker.Qvo6 ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.crossrider.bic", "14072456efe7cf3aef86049e49e96668"); =>PUP.CrossRider O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.dfltLng", "fr"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.ffxUnstlRst", true); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.id", "4e40de3000000000000078929c402b71"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.instlDay", "15966"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.vrsn", "1.8.24.6"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.vrsnTs", "1.8.24.620:47:47"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta.vrsni", "1.8.24.6"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta_i.babExt", ""); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta_i.babTrack", "affID=119357&tt=150913_ctrl&tsp=5009"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.delta_i.srcExt", "ss"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.DockingPositionDown", false); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.SmartbarDisabled", false); =>Hijacker.SmartBar O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>Hijacker.SmartBar O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.Visibility", false); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.countryiso", "fr"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.downloadprovider", "quickobrw"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.installationid", "ec7fbed5-4fd7-46c4-9943-9e1a4eb94d81"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.installdate", "16/07/2013"); O69 - SBI: prefs.js [Sébastien - hbavxpf5.default] user_pref("extensions.helperbar.publisher", "quickobrw"); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6 O69 - SBI: SearchScopes [HKCU] {B68680DB-51BF-4060-8FC0-DB395129E76D} - (Search.us) - http://search.us.com O69 - SBI: SearchScopes [HKCU] {E5E5651C-6473-480A-804C-15829021960A} - (Yahoo!) - http://search.yahoo.com =>Toolbar.Yahoo ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\Sébastien\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore [MD5.48FAF20613200AC8341E313A69E9E088] [SPRF][28/09/2013] (...) -- C:\Users\Sébastien\AppData\Local\Temp\Uninst.bat [650] [MD5.887173F53072CD2D238014F4199B35CF] [SPRF][02/11/2012] (...) -- C:\Users\Sébastien\AppData\Local\Temp\xmlUpdater.exe [118784] [MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][28/09/2013] (...) -- C:\Users\Sébastien\Desktop\AdwCleaner_1.606_En.exe [581957] [MD5.CD6562008DD6EECEF9C8D6530ED2DA33] [SPRF][28/09/2013] (...) -- C:\Users\Sébastien\Desktop\RogueKiller.exe [922112] ~ Files: 7 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{62AECCFD-6979-498A-85D1-3015777FCF9C}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\MetaTrader 5 - ActivTrades\metatester64.exe (.not file.) O87 - FAEL: "{25EA996B-320A-4BDA-9D53-88A47BA970A8}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SimpleFiles\downloader.exe (.not file.) =>Adware.SimpleFiles O87 - FAEL: "{24EE4909-8BA7-4C01-BD50-3F4AEF06898A}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SimpleFiles\downloader.exe (.not file.) =>Adware.SimpleFiles O87 - FAEL: "{58DF060F-3489-4E4C-9329-977491356374}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe (.not file.) =>Adware.SimpleFiles O87 - FAEL: "{1A885AC8-6E2E-49A0-88E2-FDB4B7F50501}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe (.not file.) =>Adware.SimpleFiles O87 - FAEL: "{E19684CA-5666-448B-AFF3-AAE53E21A471}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{57A36939-F185-400F-BD2F-2A49BD23D709}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{56738FC8-18BE-41A0-B187-6278DBF1703B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{E6E8FF35-E139-4C62-AB44-90FC3A3C4B5D}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles O87 - FAEL: "{DFB4182F-962C-4CB5-B488-78E4ABDD4BB2}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Sébastien\AppData\Local\DProtect\DProtectSvc.exe (.not file.) =>Trojan.Staser O87 - FAEL: "{74E18A19-9634-4050-811C-1EE28862B581}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster O87 - FAEL: "{E1AE6582-DFF6-46C2-99A1-194DF0AA504A}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster ~ Firewall: 250 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "B05CCF18F0593604E8A49DC9AAF4BBF1" . (.Iminent.) -- C:\windows\Installer\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}\imbooster.ico =>Adware.IMBooster O90 - PUC: "DF42B2AC01EE9B240B94AA0862E8E712" . (.Boxore Client.) -- C:\windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore ~ Update Products: 501 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\5f53dad9e069ef41]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKCU\Software\5f53dad9e069ef41]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKCU\Software\5f53dad9e069ef41]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard [HKCU\Software\5f53dad9e069ef41]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\5f53dad9e069ef41]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\5f53dad9e069ef41]:SERVICE_NAME="BitGuard" =>PUP.BitGuard [HKCU\Software\5f53dad9e069ef41]:usrcheckbox="1" [HKCU\Software\5f53dad9e069ef41]:version="2.6.1673.238" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:SERVICE_NAME="BitGuard" =>PUP.BitGuard [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:usrcheckbox="1" [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:version="2.6.1673.238" ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.09C0A82DBFE03EA3371A73609D678285] [WIS][14/09/2013] (.The Software Group - Software Update Helper.) -- C:\Windows\Installer\6ad2ddc.msi [45056] =>Adware.Boxore [MD5.729CD9BDFEF2A0BADBBF9D71414BC52E] [WIS][28/09/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\828fe.msi [10227712] =>Adware.IMBooster [MD5.5C6FB6D689D444AACBD8FC557FA37127] [WIS][15/09/2013] (.Linkury Inc. - QuickShare Widget.) -- C:\Windows\Installer\8d4689.msi [8941568] =>PUP.QuickShare ~ WIS: 504 Legitimates Filtered in 00mn 41s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 20/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Auto 01/07/2013 32808 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 05/05/2011 326424 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SS - | Demand 18/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 04/06/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 05/06/2011 1997416 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe SS - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 28/09/2013 119408 | (Software_update) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore SS - | Demand 28/09/2013 119408 | (Software_update_m) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore SS - | Auto 07/08/2013 2868544 | (SProtection) . (.Iminent.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster SR - | Demand 21/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 05/05/2011 2656536 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 42s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Sébastien at 28/09/2013 11:57:27 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Sébastien at 28/09/2013 11:57:29 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12930 - (28/09/2013) Clés trouvées (Keys found) : 88 Valeurs trouvées (Values found) : 7 Dossiers trouvés (Folders found) : 24 Fichiers trouvés (Files found) : 42 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] =>Adware.IMBooster^ [HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^ [HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^ [HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db] =>Adware.Browse2Save^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC1C2EE8-8E03-4D79-9758-C208D4438A3E}] =>PUP.QuickShare^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect] =>PUP.WebConnect^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webplayer] =>Adware.SocialSkinz^ [HKLM\Software\Classes\TypeLib\{18FB3DED-CD6D-4420-9DD5-8E531BDF666F}] =>Spyware.AgenceExclusive [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2}] =>Spyware.AgenceExclusive [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2}] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2}] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{8F682661-3653-47FA-8713-9DF7424B6E09}] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Classes\Interface\{8F682661-3653-47FA-8713-9DF7424B6E09}] =>Spyware.AgenceExclusive [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKLM\Software\Classes\I] =>Adware.IncrediBar [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam [HKCU\Software\Boxore] =>Adware.Boxore [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\priam_bho.DLL] =>Toolbar.Wajam [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASAPI32] =>PUP.QuickShare [HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASMANCS] =>PUP.QuickShare [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db] =>Adware.Browse2Save [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake [HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =>PUP.WebConnect [HKLM\Software\Classes\esrv.iminentESrvc] =>Adware.IMBooster [HKLM\Software\Classes\esrv.iminentESrvc.1] =>Adware.IMBooster [HKLM\Software\Classes\iminent.iminentappCore] =>Adware.IMBooster [HKLM\Software\Classes\iminent.iminentappCore.1] =>Adware.IMBooster [HKLM\Software\Classes\iminent.iminentdskBnd] =>Adware.IMBooster [HKLM\Software\Classes\iminent.iminentdskBnd.1] =>Adware.IMBooster [HKLM\Software\Classes\iminent.iminentHlpr] =>Adware.IMBooster [HKLM\Software\Classes\iminent.iminentHlpr.1] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Tuto4pcFrSoftonicBHO.Tuto4pcBHO] =>Spyware.AgenceExclusive [HKLM\Software\Classes\Tuto4pcFrSoftonicBHO.Tuto4pcBHO.1] =>Spyware.AgenceExclusive [HKLM\Software\Classes\AppID\Tuto4pcFrSoftonicBHO.DLL] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Classes\esrv.iminentESrvc] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\esrv.iminentESrvc.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\iminent.iminentappCore] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\iminent.iminentappCore.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\iminent.iminentdskBnd] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\iminent.iminentdskBnd.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\iminent.iminentHlpr] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\iminent.iminentHlpr.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Tuto4pcFrSoftonicBHO.Tuto4pcBHO] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Classes\Tuto4pcFrSoftonicBHO.Tuto4pcBHO.1] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\AppID\Tuto4pcFrSoftonicBHO.DLL] =>Spyware.AgenceExclusive [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Optimizer Pro =>PUP.OptimizerPro^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_63 =>PUP.Eorezo^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\d8222698-19e5-4827-b79e-0a077ea8eb7a@7b662f6d-3899-41e4-8864-6393447568da.com =>Adware.PlusHD^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\ffxtlbr@delta.com =>Toolbar.DeltaSearch^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\ffxtlbr@iminent.com =>Adware.IMBooster^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} =>Toolbar.Wajam^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\{ec7fbed5-4fd7-46c4-9943-9e1a4eb94d81} =>PUP.QuickShare^ C:\Program Files (x86)\allsearch =>Adware.SocialSkinz^ C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save^ C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^ C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^ C:\ProgramData\BitGuard =>PUP.BitGuard^ C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\Users\Sébastien\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles^ C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^ C:\Users\Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\WebSearch =>Hijacker.LookForiThere C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro =>PUP.OptimizerPro C:\Users\Sébastien\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz C:\Users\Sébastien\AppData\Roaming\Optimizer Pro =>PUP.OptimizerPro C:\Users\Sébastien\AppData\Local\Software =>Adware.Boxore C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\bprotector_extensions.sqlite =>PUP.BProtector C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\bprotector_prefs.js =>PUP.BProtector C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe =>PUP.OptimizerPro^ C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe =>PUP.OptimizerPro^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\searchplugins\BrowserDefender.xml =>Hijacker.Eazel^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\searchplugins\iminent.xml =>Adware.IMBooster^ C:\Users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\hbavxpf5.default\searchplugins\Web Search.xml =>Parasite.Pugi^ C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml =>Hijacker.Qvo6^ C:\Program Files (x86)\IminentToolbar\1.8.25.0\bh\iminent.dll =>Adware.IMBooster^ C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe =>PUP.OptimizerPro^ C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup^ C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe =>PUP.OptimizerPro^ C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup^ C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^ C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\SimpleFiles] =>Adware.SimpleFiles^ [HKCU\Software\TutoTag] =>Spyware.AgenceExclusive^ [HKLM\Software\Wow6432Node\DProtect] =>Trojan.Staser^ [HKLM\Software\Wow6432Node\SimpleFiles] =>Adware.SimpleFiles^ C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf =>PUP.MyPCBackup^ C:\Windows\Prefetch\IMINENTSETUP_2905-512C3791.EX-1E18D27E.pf =>Adware.IMBooster^ C:\Windows\Prefetch\OBBOXORE_0307-76302122.EXE-73C51077.pf =>Adware.Boxore^ C:\Windows\Prefetch\BOXOREINSTALLER.EXE-6FE8CBEB.pf =>Adware.Boxore^ C:\Windows\Prefetch\UMBRELLA.EXE-9B266DB9.pf =>Adware.IMBooster^ C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-1B85F60E.pf =>Adware.IMBooster^ C:\Windows\Prefetch\OPTIMIZERPRO.EXE-ED7B9A3A.pf =>PUP.OptimizerPro^ C:\Windows\Prefetch\OPTIMIZER_PRO.EXE-8BDA60C9.pf =>PUP.OptimizerPro^ C:\Windows\Prefetch\OPTIMIZER_PRO.TMP-3C8A08E8.pf =>PUP.OptimizerPro^ C:\Windows\Prefetch\IMINENT4FFX.EXE-0BEDEC24.pf =>Adware.IMBooster^ C:\Windows\Prefetch\IMINENTSRV.EXE-3D168865.pf =>Adware.IMBooster^ C:\Windows\Prefetch\IMINENT4IE.EXE-C4D8A9FE.pf =>Adware.IMBooster^ C:\Windows\Prefetch\IMINENTTOOLBAR.EXE-3C9970BD.pf =>Adware.IMBooster^ C:\Users\Sébastien\Documents\Optimizer Pro\CookiesException.txt =>PUP.OptimizerPro^ C:\Users\Sébastien\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^ C:\windows\Installer\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}\imbooster.ico =>Adware.IMBooster^ C:\windows\Installer\{CA2B24FD-EE10-42B9-B049-AA80268E7E21}\boxore.ico =>Adware.Boxore^ [HKCU\Software\5f53dad9e069ef41]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKLM\Software\Wow6432Node\5f53dad9e069ef41]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ C:\Windows\Installer\6ad2ddc.msi =>Adware.Boxore^ C:\Windows\Installer\828fe.msi =>Adware.IMBooster^ C:\Windows\Installer\8d4689.msi =>PUP.QuickShare^ ~ Additionnel Scan: 320204 Items scanned in 00mn 24s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi =>Parasite.Pugi ~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6 ~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare =>PUP.QuickShare ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save ~ http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect =>PUP.WebConnect ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver ~ http://nicolascoolman.webs.com/apps/blog/show/33161900-adware-simplefiles =>Adware.SimpleFiles ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar ~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive ~ http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser =>Trojan.Staser ~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector ~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software ~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype ~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake ~ http://nicolascoolman.webs.com/apps/blog/show/29285781-hijacker-lookforithere =>Hijacker.LookForiThere ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ MSI: 36 link(s) detected in 00mn 24s ~ 2328 Legitimates filtered by white list End of the scan (1132 lines in 03mn 40s)(0)