cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par Kiss (6/04/2015 12:09:21)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17691
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v41.0.2272.118

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avast Free Antivirus v10.0.2208
McAfee Internet Security Suite v11.0.678
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 8172 MB (82% free)
System Restore: Activé (Enable)
System drive C: has 670 GB (72%) free of 921 GB

---\\ Mode de connexion au système
~ Computer Name: KISS-PC
~ User Name: Kiss
~ All Users Names: UpdatusUser, Kiss, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Kiss\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Kiss\AppData\Roaming\
~ %Desktop% : C:\Users\Kiss\Desktop\
~ %Favorites% : C:\Users\Kiss\Favorites\
~ %LocalAppData% : C:\Users\Kiss\AppData\Local\
~ %StartMenu% : C:\Users\Kiss\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 670 Go of 921 Go)
D: Hard drive, Flash drive, Thumb drive (Free 920 Go of 921 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 02:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/39
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 4/22
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1772]
[MD5.28B02EA673489A4EFBB20A9B302D523C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.2548]
[MD5.AAABC95EDF39164FC36464D985736EC7] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [736264] [PID.2564]
[MD5.4E8288547D53DB9555067DE7FDCCB127] - (.Adobe Systems, Inc. - Adobe Flash Player 16.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe [1880752] [PID.3036]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.832]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Kiss\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\prefs.js
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\user.js
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\dokotoolbar.xml =>Hijacker.Doko
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\searchgol.xml =>Hijacker.SearchGol
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\trovi-search.xml =>Hijacker.Trovigo
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\trovi.xml
M3 - MFPP: Plugins - [Kiss] -- C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\WebSearch.xml
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\aaeio@iucqm.co.uk] [] saaFeweab v1.1 (..) =>PUP.SafeWeb
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\ffxtlbr@dokotoolbar.com] [] dokotoolbar.com v1.6.0 (..) =>Hijacker.Doko
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\iobitascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v2.0 (..)
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\toolbar@ask.com] [] LimeWire Toolbar v3.6.12.178 (..)
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\uauislcfakaz@yai-oei.co.uk] [] SearchNewTab v1.0 (..) =>Adware.FastSaveApp
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\xxi1-extt@ddviyu-d.co.uk] [] saVe on v2.14 (..) =>PUP.SaveOn
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\zgeu@ploieyiqq.co.uk] [] Download. keepear v1.6 (..) =>PUP.DownloadKeeper
M2 - MFEP: prefs.js [Kiss - yxcv5mli.default\{f531b93a-b50b-4ff1-8288-404c881ac4da}] [] 01NET.com Main v10.35.0.503 (..)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: dokotoolbar Helper Object [64Bits] - {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} . (.Doko-Toolbar - Pas de description.) -- C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll =>Hijacker.Doko
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files (x86)\eMule\emule.exe =>P2P.eMule
O4 - GS\Desktop [Public]: GoforFiles.lnk . (.http://goforfiles.com/ - GoforFiles Application.) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe =>P2P.GoforFiles
O4 - GS\QuickLaunch [Kiss]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\QuickLaunch [Kiss]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\TaskBar [Kiss]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files (x86)\eMule\emule.exe =>P2P.eMule
O4 - GS\Program [Kiss]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Desktop [Kiss]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
~ Global Startup: 8 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [ZapWallPaper-Classic] . (.ZapWallPaper - ZapWallPaper-Classic.) -- C:\Program Files (x86)\ZapWallPaper\Classic\ZapWallPaper-Classic.exe
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [iLivid] . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Kiss\AppData\Local\Microsoft\OneDrive\OneDrive.exe
O4 - HKCU\..\Run: [bbjoin_crr_uninst] . (.Pay By Ads LTD - Pas de description.) -- C:\Users\Kiss\AppData\Local\dokotoolbar\dokotoolbar\1.3.22.2\bbjoin.exe =>Hijacker.Doko
O4 - HKCU\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe =>.Western Digital Technologies
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-1181751833-1509114774-889553886-1002\..\Run: [ZapWallPaper-Classic] . (.ZapWallPaper - ZapWallPaper-Classic.) -- C:\Program Files (x86)\ZapWallPaper\Classic\ZapWallPaper-Classic.exe
O4 - HKUS\S-1-5-21-1181751833-1509114774-889553886-1002\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-1181751833-1509114774-889553886-1002\..\Run: [iLivid] . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - HKUS\S-1-5-21-1181751833-1509114774-889553886-1002\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Kiss\AppData\Local\Microsoft\OneDrive\OneDrive.exe
O4 - HKUS\S-1-5-21-1181751833-1509114774-889553886-1002\..\Run: [bbjoin_crr_uninst] . (.Pay By Ads LTD - Pas de description.) -- C:\Users\Kiss\AppData\Local\dokotoolbar\dokotoolbar\1.3.22.2\bbjoin.exe =>Hijacker.Doko
O4 - HKUS\S-1-5-21-1181751833-1509114774-889553886-1002\..\Run: [Advanced SystemCare 8] . (.IObit - Advanced SystemCare 8.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{05429C45-E48F-42BC-AD44-126002FC9A26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B2977C8-68A0-4238-A9C2-7EFB21A9BED9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05429C45-E48F-42BC-AD44-126002FC9A26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B2977C8-68A0-4238-A9C2-7EFB21A9BED9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05429C45-E48F-42BC-AD44-126002FC9A26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B2977C8-68A0-4238-A9C2-7EFB21A9BED9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll (.not file.) =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
~ Services: 32 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 3 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\Windows\sysWOW64\drivers\HWiNFO64A.sys
O41 - Driver: (vugwvtht) . (. - .) - C:\Windows\system32\drivers\vugwvtht.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM][64Bits] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Doko toolbar - (.Doko-Toolbar.) [HKLM][64Bits] -- dokotoolbar =>Hijacker.Doko
O42 - Logiciel: LimeWire 5.5.16 - (.Lime Wire, LLC.) [HKLM][64Bits] -- LimeWire
O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKCU][64Bits] -- iLivid =>Adware.Bandoo
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ask.com]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\Doko-Toolbar] =>Hijacker.Doko
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\d53d7dae235ea48] =>PUP.BitGuard
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Doko-Toolbar] =>Hijacker.Doko
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\d53d7dae235ea48] =>PUP.BitGuard
[HKLM\Software\Wow6432Node\dlQUE]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 411 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/07/2013 - 13:27:47 - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 15/10/2013 - 11:26:20 - [] ----D C:\Program Files (x86)\Doko-Toolbar =>Hijacker.Doko
O43 - CFD: 28/05/2013 - 17:23:17 - [] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 2/05/2014 - 19:16:59 - [] ----D C:\Program Files (x86)\LyricsTube =>Adware.AddLyrics
O43 - CFD: 16/03/2014 - 01:54:51 - [0] ----D C:\Program Files (x86)\saaFeweab =>PUP.SafeWeb
O43 - CFD: 6/07/2014 - 16:43:19 - [0] ----D C:\Program Files (x86)\saVe on =>PUP.SaveOn
O43 - CFD: 2/05/2014 - 19:20:44 - [0] ----D C:\Program Files (x86)\Ss.Helper =>Adware.SaveShare
O43 - CFD: 2/05/2014 - 19:21:04 - [0] ----D C:\Program Files (x86)\WebSearch
O43 - CFD: 6/07/2014 - 16:43:20 - [] ----D C:\ProgramData\891088793e44c0d
O43 - CFD: 26/04/2013 - 22:19:21 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 2/05/2014 - 19:21:18 - [] ----D C:\ProgramData\Brrowse2save =>Adware.Browse2Save
O43 - CFD: 11/06/2013 - 13:39:26 - [] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly
O43 - CFD: 4/04/2015 - 09:45:14 - [] ----D C:\ProgramData\Download. keepear =>PUP.DownloadKeeper
O43 - CFD: 25/02/2015 - 18:47:56 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 29/07/2014 - 23:44:53 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 7/08/2014 - 22:33:41 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 5/04/2015 - 11:54:03 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 2/05/2014 - 19:23:03 - [] ----D C:\ProgramData\saaFeweab =>PUP.SafeWeb
O43 - CFD: 29/08/2014 - 03:46:32 - [] ----D C:\ProgramData\saVe on =>PUP.SaveOn
O43 - CFD: 4/04/2015 - 09:45:06 - [] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
O43 - CFD: 5/04/2015 - 10:58:25 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 2/05/2014 - 19:25:10 - [] ----D C:\ProgramData\YoutubeAdblocker =>PUP.YouTuAdBlocker
O43 - CFD: 5/04/2015 - 11:53:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
O43 - CFD: 28/05/2013 - 17:23:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire
O43 - CFD: 21/11/2010 - 09:16:41 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 5/05/2013 - 14:36:32 - [] ----D C:\Users\Kiss\AppData\Roaming\B1Toolbar =>Hijacker.SearchB1org
O43 - CFD: 26/04/2013 - 22:19:21 - [] ----D C:\Users\Kiss\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 15/10/2013 - 11:26:16 - [] ----D C:\Users\Kiss\AppData\Roaming\Doko-Toolbar =>Hijacker.Doko
O43 - CFD: 9/12/2012 - 04:13:32 - [] ----D C:\Users\Kiss\AppData\Roaming\Hoyle Casino Vol. 3
O43 - CFD: 31/05/2013 - 01:42:46 - [] ----D C:\Users\Kiss\AppData\Roaming\LimeWire
O43 - CFD: 5/04/2015 - 13:59:12 - [] ----D C:\Users\Kiss\AppData\Roaming\ProductData
O43 - CFD: 27/10/2014 - 23:05:46 - [] ----D C:\Users\Kiss\AppData\Roaming\RHEng
O43 - CFD: 5/05/2013 - 14:36:36 - [] ----D C:\Users\Kiss\AppData\Local\B1E
O43 - CFD: 23/02/2014 - 21:31:27 - [0] ----D C:\Users\Kiss\AppData\Local\Conduit
O43 - CFD: 11/06/2013 - 13:39:26 - [] ----D C:\Users\Kiss\AppData\Local\DealPlyLive =>PUP.DealPly
O43 - CFD: 30/03/2015 - 10:24:07 - [] ----D C:\Users\Kiss\AppData\Local\dokotoolbar =>Hijacker.Doko
O43 - CFD: 4/04/2015 - 09:44:48 - [] -SH-D C:\Users\Kiss\AppData\Local\EmieBrowserModeList
O43 - CFD: 9/06/2014 - 18:58:27 - [] ----D C:\Users\Kiss\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 30/03/2015 - 10:23:55 - [] ----D C:\Users\Kiss\AppData\Local\ShdUpdate
O43 - CFD: 5/04/2015 - 11:56:59 - [0] ----D C:\Users\Kiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 28/05/2013 - 17:23:17 - [0] ----D C:\Users\Kiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
~ 44 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 365 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0EECDB932DBF3DFC217903DFF21392AB] - 5/04/2015 - 14:43:33 ---A- . (...) -- C:\Windows\CleanMem Setup Log.txt [16721]
O44 - LFC:[MD5.9A02480595A80745511F061C85835055] - 5/04/2015 - 14:47:51 ---A- . (...) -- C:\Windows\cmm.dat [22]
O44 - LFC:[MD5.2316C1FBEBAE0CEAF774B15448C0726C] - 5/04/2015 - 20:17:23 ----- . (...) -- C:\bootsqm.dat [3664]
O44 - LFC:[MD5.8A55F46BC31B64378B6D2CD9373EBDB1] - 5/04/2015 - 20:27:26 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24608]
O44 - LFC:[MD5.8A55F46BC31B64378B6D2CD9373EBDB1] - 5/04/2015 - 20:27:26 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24608]
O44 - LFC:[MD5.ABAE04595A85C4B0BEF04616CAE98EB7] - 6/04/2015 - 11:06:33 ---A- . (...) -- C:\Windows\ntbtlog.txt [69454]
~ Files: 71 Legitimates Filtered in 00mn 05s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{20b1da63-d9ec-11e2-8125-e840f20d595a}\AutoRun\command. (...) -- N:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:15/01/2015 - 22:24:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:15/01/2015 - 22:24:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:15/01/2015 - 22:24:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:30/06/2011 - 07:03:04 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [54784]
O58 - SDL:30/06/2011 - 07:03:02 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [77696]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:21/03/2015 - 10:49:26 ---A- . (...) -- C:\Windows\System32\Drivers\SPPD.sys [21976]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:18/03/2013 - 15:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:5/04/2015 - 10:53:57 ---A- . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528]
~ Drivers: 77 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\searchplugins\conduit.xml
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("CT3285358.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN1220[...]
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("CT3285358.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("CT3285358.originalHomepage", "http://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=FE93E840F20D595A"); =>PUP.Babylon
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3285358&octid=CT3285358&SearchSource=61&CUI=UN122050[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("Smartbar.ConduitSearchEngineList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("Smartbar.ConduitSearchUrlList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("Smartbar.TBHomepagesList", "http://search.conduit.com/?ctid=CT3285358&octid=CT3285358&SearchSource=61&CUI=UN12205032062[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("aol_toolbar.default.homepage.check", false);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("aol_toolbar.default.search.check", false);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("browser.search.defaultthis.engineName", "01NET.com Main Customized Web Search");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>PUP.Babylon
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>PUP.Babylon
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.id", "fe93f969000000000000e840f20d595a");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.instlDay", "15867");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.vrsnTs", "1.8.21.513:39:36");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta_i.babTrack", "affID=121845");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3285358&CUI=UN12205032062946963&UM=2&SearchSource=13,[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN1[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("smartbar.homepageList", "http://search.conduit.com/?ctid=CT3285358&CUI=UN12205032062946963&UM=2&SearchSource=13,http://[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("smartbar.originalHomepage", "http://search.conduit.com/?ctid=CT3285358&CUI=UN12205032062946963&UM=2&SearchSource=13"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("smartbar.searchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN12205032[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); =>PUP.SweetIM
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); =>PUP.SweetIM
O69 - SBI: prefs.js [Kiss - yxcv5mli.default] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Trovi search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Trovi) - http://www.trovi.com =>Hijacker.TroviCom
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web) - http://www.max-start.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (webssearches) - http://istart.webssearches.com =>Hijacker.WebsSearches
O69 - SBI: SearchScopes [HKCU] {4848765F-A7D7-4B8B-AE3A-2022A02A9F17} - (01NET.com Main Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.wisesearch.info =>PUP.Mocaflix
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1C115CDD66108C779B7123C40DF95528] [SPRF][6/10/2012] (.Pas de propriétaire - PdmFwExe MFC Application.) -- C:\Users\Kiss\AppData\Roaming\sa3125_02_fus_eng.exe [2170880]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{26E36C0C-CD7F-4B4F-B947-C7FDB9864644}" | In - Private - P6 - TRUE | .(.http://goforfiles.com/ - goforfilesdl Application.) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe =>P2P.GoforFiles
O87 - FAEL: "{40ECDF89-A981-45FD-9C92-E26A83A706E2}" | In - Private - P17 - TRUE | .(.http://goforfiles.com/ - goforfilesdl Application.) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe =>P2P.GoforFiles
O87 - FAEL: "{514D1DC0-1530-4E7C-A12F-5BF0F3F35BB6}" | In - Private - P6 - TRUE | .(.http://goforfiles.com/ - GoforFiles Application.) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe =>P2P.GoforFiles
O87 - FAEL: "{9D058E77-FA6A-4CA6-92B8-13BC0F720E36}" | In - Private - P17 - TRUE | .(.http://goforfiles.com/ - GoforFiles Application.) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe =>P2P.GoforFiles
O87 - FAEL: "{73554D93-47E2-4254-8C06-0B084585E374}" | In - None - P6 - TRUE | .(.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O87 - FAEL: "{1349F8F0-9E42-469F-8E70-987ADA3E5454}" | In - None - P17 - TRUE | .(.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\Kiss\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
~ Firewall: 6 Legitimates Filtered in 00mn 01s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\d53d7dae235ea48\2.6.1339.144\upd]:="upd=1" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\2.6.1519.190\upd]:="upd=1" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\2.6.1673.238\upd]:="upd=1" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\2.6.1694.246\upd]:="upd=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\2.7.1769.27\upd]:="upd=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\2.7.1832.68\upd]:="upd=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:version="2.7.1769.27" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:usrcheckbox="1" =>PUP.BitGuard
[HKCU\Software\d53d7dae235ea48]:version="2.7.1832.68" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:usrcheckbox="1" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:version="2.7.1832.68" =>PUP.BitGuard
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASAPI32 =>PUP.PerformanceOptimizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASMANCS =>PUP.PerformanceOptimizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASMANCS =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 190 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 26/03/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 4/11/2014 815392 | (AdvancedSystemCareService8) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
SS - | Demand 6/10/2014 34136 | (AIDA64Driver) . (...) - C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64
SS - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 15/01/2015 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SS - | Auto 31/08/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/08/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 6/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Auto 29/07/2014 702344 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SS - | Auto 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SS - | Demand 13/02/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SS - | Auto 16/01/2015 2724128 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 28/01/2011 249936 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Demand 9/03/2011 224704 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe
SS - | Demand 9/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 28/01/2011 249936 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 28/01/2011 249936 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 23/08/2012 502064 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 28/01/2011 249936 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 28/01/2011 249936 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 30/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28/01/2011 249936 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SS - | Auto 4/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 1/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SS - | Auto 24/02/2011 1005160 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 4/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Auto 24/02/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Auto 25/02/2015 2604856 | (TuneUp.UtilitiesSvc) . (.AVG Technologies.) - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
SS - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Auto 19/09/2012 1157056 | (WDBackup) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SS - | Auto 19/09/2012 248248 | (WDDriveService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SS - | Auto 19/09/2012 1177536 | (WDRulesService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/01/2011 249936 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/01/2011 249936 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Auto 25/05/2012 199304 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 25/05/2012 210616 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 25/05/2012 162224 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
~ Services: Scanned in 00mn 08s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 77
Valeurs trouvées (Values found) : 9
Dossiers trouvés (Folders found) : 36
Fichiers trouvés (Files found) : 24

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}] =>Hijacker.Doko^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\dokotoolbar] =>Hijacker.Doko^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\AskToolbarInfo] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}] =>Hijacker.Doko
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}] =>Hijacker.Doko
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}] =>Hijacker.Doko
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B399EDE8-1525-458C-8DD9-31EADF632D06}] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B399EDE8-1525-458C-8DD9-31EADF632D06}] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}] =>Hijacker.SearchGol
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}] =>Hijacker.SearchGol
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00078E95-3A4A-4137-8DE7-2824908D1C17}] =>Hijacker.SearchGol
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00078E95-3A4A-4137-8DE7-2824908D1C17}] =>Hijacker.SearchGol
[HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:iLivid =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\extensions\aaeio@iucqm.co.uk =>PUP.SafeWeb^
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\extensions\ffxtlbr@dokotoolbar.com =>Hijacker.Doko^
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\extensions\uauislcfakaz@yai-oei.co.uk =>Adware.FastSaveApp^
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\extensions\xxi1-extt@ddviyu-d.co.uk =>PUP.SaveOn^
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\extensions\zgeu@ploieyiqq.co.uk =>PUP.DownloadKeeper^
C:\Program Files (x86)\Doko-Toolbar =>Hijacker.Doko^
C:\Program Files (x86)\LyricsTube =>Adware.AddLyrics^
C:\Program Files (x86)\saaFeweab =>PUP.SafeWeb^
C:\Program Files (x86)\saVe on =>PUP.SaveOn^
C:\Program Files (x86)\Ss.Helper =>Adware.SaveShare^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\Brrowse2save =>Adware.Browse2Save^
C:\ProgramData\DealPlyLive =>PUP.DealPly^
C:\ProgramData\Download. keepear =>PUP.DownloadKeeper^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\saaFeweab =>PUP.SafeWeb^
C:\ProgramData\saVe on =>PUP.SaveOn^
C:\ProgramData\SearchNewTab =>Adware.FastSaveApp^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\YoutubeAdblocker =>PUP.YouTuAdBlocker^
C:\Users\Kiss\AppData\Roaming\B1Toolbar =>Hijacker.SearchB1org^
C:\Users\Kiss\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Kiss\AppData\Roaming\Doko-Toolbar =>Hijacker.Doko^
C:\Users\Kiss\AppData\Local\DealPlyLive =>PUP.DealPly^
C:\Users\Kiss\AppData\Local\dokotoolbar =>Hijacker.Doko^
C:\Users\Kiss\AppData\Local\iLivid =>Adware.Bandoo^
C:\Users\Kiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\WebSearch =>Hijacker.LookForiThere
C:\Users\Kiss\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Kiss\AppData\Local\B1E =>Toolbar.BrotherSoft
C:\Users\Kiss\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Kiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakpajgggjjcjmidfbnnncnbaihjneaj =>Toolbar.Conduit
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\Smartbar =>Hijacker.SmartBar
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\bprotector_prefs.js =>PUP.BProtector
C:\Users\Kiss\AppData\Roaming\Mozilla\Firefox\Profiles\yxcv5mli.default\SearchPlugins\conduit.xml =>Toolbar.Conduit
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DealPlyLive] =>PUP.DealPly^
[HKCU\Software\Doko-Toolbar] =>Hijacker.Doko^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\DomaIQ] =>Adware.DomaIQ^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Doko-Toolbar] =>Hijacker.Doko^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\d53d7dae235ea48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\d53d7dae235ea48]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKLM\Software\Wow6432Node\d53d7dae235ea48]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
~ Additionnel Scan: 379431 Items scanned in 00mn 44s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/34208035-hijacker-doko =>Hijacker.Doko
http://nicolascoolman.fr/hijacker-searchgol =>Hijacker.SearchGol
http://nicolascoolman.fr/hijacker-trovigo =>Hijacker.Trovigo
http://nicolascoolman.fr/pup-safeweb =>PUP.SafeWeb
http://nicolascoolman.fr/adware-fastsaveapp =>Adware.FastSaveApp
http://nicolascoolman.fr/pup-saveon =>PUP.SaveOn
http://nicolascoolman.fr/33571597-pup-downloadkeepeor =>PUP.DownloadKeeper
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-dealply =>PUP.DealPly
http://nicolascoolman.fr/pup-filescout =>PUP.FileScout
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-domaiq =>Adware.DomaIQ
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/pup-mocaflix =>PUP.Mocaflix
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
http://nicolascoolman.fr/31929570-adware-saveshare =>Adware.SaveShare
http://nicolascoolman.fr/adware-browse2save =>Adware.Browse2Save
http://www.nicolascoolman.fr/blog/ =>PUP.YouTuAdBlocker
http://nicolascoolman.fr/30703839-hijacker-searchb1org =>Hijacker.SearchB1org
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.PerformanceOptimizer
http://nicolascoolman.fr/pup-vafplayer =>PUP.VAFPlayer
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskTBar
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolman.fr/29285781-hijacker-lookforithere =>Hijacker.LookForiThere
http://www.nicolascoolman.fr/blog/ =>Toolbar.BrotherSoft
~ MSI: 47 link(s) detected in 00mn 00s



~ 1163 Legitimates filtered by white list
End of the scan (1322 lines in 01mn 44s)(0)

Publicité


Signaler le contenu de ce document

Publicité