cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par Lilian (01/08/2015 18:41:33)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17843

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.8.0204.0
McAfee Security Scan Plus v3.11.149.2
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
Adobe Reader 9.5.5

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 45 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 16337 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 393 GB (42%) free of 931 GB

---\\ Mode de connexion au système
~ Computer Name: LILIAN-PC
~ User Name: Lilian
~ All Users Names: teso2, Lilian, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Lilian.Lilian-PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Lilian.Lilian-PC\AppData\Roaming\
~ %Desktop% : C:\Users\Lilian.Lilian-PC\Desktop\
~ %Favorites% : C:\Users\Lilian.Lilian-PC\Favorites\
~ %LocalAppData% : C:\Users\Lilian.Lilian-PC\AppData\Local\
~ %StartMenu% : C:\Users\Lilian.Lilian-PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 393 Go of 931 Go)
D: CD-ROM drive (Free 0 Go of 8 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/05/2015 - 18:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/3166
~ Mon Bureau (My Desktop) : 1/101
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.362B66474F4A423E1242A7CF878DC55F] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [358696] [PID.3544] =>PUP.Elex
[MD5.3F564861B1CBDD24BD10669918A235BD] - (.FNet Co., Ltd. - XFast USB.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360] [PID.3476]
[MD5.5A9104B784E6F03AD51BA46EF80CDF17] - (.Creative Technology Ltd - Sound Blaster Control Panel.) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [871936] [PID.3252]
[MD5.994B8BF5CA5FD971647DD9E41630973E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720] [PID.4132]
[MD5.426E2536F0EA123AF3FAC7E6EF864632] - (.Razer Inc. - Razer Cortex.) -- C:\Program Files (x86)\Razer\Razer Cortex\main.exe [1722024] [PID.4364]
[MD5.43D3EC83B0D0C0A1170D235D15691BC7] - (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptr.exe [67344] [PID.3180]
[MD5.3B86DD3C9AAFD07B69007E191AF1A642] - (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptr_im.exe [45840] [PID.228]
[MD5.98FA788238E71D9563D4BF177A4FC22C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.5688]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.1396]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.596] =>PUP.Elex
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.1048] =>PUP.Elex
[MD5.EDBA1382E5D7D1E71442B43E170CF8D4] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424] [PID.1604]
[MD5.8BB98519E71252777108798B2703FDFF] - (.Creative Technology Ltd - Creative High Definition Audio Service.) -- C:\Windows\sysWow64\CtHdaSvc.exe [104448] [PID.2176]
[MD5.9FE061CEBE2478FABC37BBA9557C6DAA] - (.Razer Inc. - RzKLService.exe.) -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168] [PID.2484]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 92.127.243.76 www.92.127.243.76.25.215.238.98
O1 - Hosts: 92.127.243.76 92.127.243.76.25.215.238.98
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
~ Nombre lignes détournées 3/26 (Hosts file redirected)
~ Hosts File: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: YAC.lnk . (.Elex do Brasil Participações Ltda - iStart.) -- C:\Program Files (x86)\Elex-tech\YAC\iStart.exe =>PUP.Elex
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [XFast LAN] . (.cFos Software GmbH - cFosSpeed Window.) -- C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [cpuminer] C:\Windows\system32\cpuminer-gw64.exe (.not file.)
O4 - HKLM\..\Run: [gpuminer] . (...) -- C:\Users\teso2\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B2FDB930086BF0F188E9BACE6B2FCCD9] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKLM\..\Wow6432Node\Run: [XFastUSB] . (.FNet Co., Ltd. - XFast USB.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
O4 - HKLM\..\Wow6432Node\Run: [Sound Blaster Recon3D PCIe Control Panel] . (.Creative Technology Ltd - Sound Blaster Control Panel.) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Raptr] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe
O4 - HKLM\..\Wow6432Node\Run: [RazerCortex] . (.Razer Inc. - RazerCortex.exe.) -- C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [systray] C:\Program Files (x86)\Notation\NotationSysTray.exe (.not file.) =>Hijacker.Proxy
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1164874959-1107069884-223155611-1122\..\Run: [GoogleChromeAutoLaunch_B2FDB930086BF0F188E9BACE6B2FCCD9] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1164874959-1107069884-223155611-1122\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5360CCE9-EBE0-4599-85CB-AA78A98CC581}: NameServer = 52.17.204.69,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 52.17.204.69,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{5360CCE9-EBE0-4599-85CB-AA78A98CC581}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5360CCE9-EBE0-4599-85CB-AA78A98CC581}: NameServer = 52.17.204.69,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 52.17.204.69,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{5360CCE9-EBE0-4599-85CB-AA78A98CC581}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5360CCE9-EBE0-4599-85CB-AA78A98CC581}: NameServer = 52.17.204.69,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 52.17.204.69,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{5360CCE9-EBE0-4599-85CB-AA78A98CC581}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: F06DEFF2-5B9C-490D-910F-35D3A91196222 (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (...) - C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg (.not file.) =>PUP.SystemK
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
~ Services: 6 Legitimates Filtered in 00mn 02s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [5a379bca-416d-4a80-9186-e5c8ef846c60-1] (...) -- C:\Program Files (x86)\BrowsersApp_Pro_v1.1\BrowsersApp_Pro_v1.1-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [7968905b-190e-499d-81ad-f58daec54437-10_user] (...) -- C:\Program Files (x86)\Com NotificationsV06.03\7968905b-190e-499d-81ad-f58daec54437-10.exe (.not file.) [0] =>PUP.ComNotification
[MD5.00000000000000000000000000000000] [APT] [7968905b-190e-499d-81ad-f58daec54437-5] (...) -- C:\Program Files (x86)\Com NotificationsV06.03\7968905b-190e-499d-81ad-f58daec54437-5.exe (.not file.) [0] =>PUP.ComNotification
[MD5.00000000000000000000000000000000] [APT] [7968905b-190e-499d-81ad-f58daec54437-5_user] (...) -- C:\Program Files (x86)\Com NotificationsV06.03\7968905b-190e-499d-81ad-f58daec54437-5.exe (.not file.) [0] =>PUP.ComNotification
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-1-6] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-1-6.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-1-7] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-1-7.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-3] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-3.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-5] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-5.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-5.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-6] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-6.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [8f994e69-f187-4fc4-b82a-c31f826d01f8-7] (...) -- C:\Program Files (x86)\CrossBrowse-1.4V13.04\8f994e69-f187-4fc4-b82a-c31f826d01f8-7.exe (.not file.) [0] =>PUP.CrossBrowser
[MD5.00000000000000000000000000000000] [APT] [avaxvyyvyf] (...) -- C:\Users\Lilian\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe (.not file.) [0] =>Adware.Pirrit
[MD5.00000000000000000000000000000000] [APT] [fun4u_notification_service] (...) -- C:\Program Files (x86)\fun4u\fun4u_notification_service.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [fun4u_updating_service] (...) -- C:\Program Files (x86)\fun4u\fun4u_updating_service.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [gzXL1fkRr1] (...) -- C:\Users\Lilian\AppData\Roaming\gzXL1fkRr1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [JVUEG] (...) -- C:\Users\Lilian\AppData\Roaming\JVUEG.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SimpleFilesUpdate] (...) -- C:\Program Files (x86)\SimpleFiles\SFUpdater.exe (.not file.) [0] =>Adware.SimpleFiles
[MD5.00000000000000000000000000000000] [APT] [SPBIW_UpdateTask_Time_3838363330393037352d5b5b4a346c4123452a5a556c] (...) -- C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe (.not file.) [0] =>PUP.ShopperPro
[MD5.00000000000000000000000000000000] [APT] [xCHtdPQfhpbMT04bJ1] (...) -- C:\Users\Lilian\AppData\Roaming\xCHtdPQfhpbMT04bJ1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0315A1EB-076C-42F4-B9C8-26AFDADD25D6}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{08F5D301-F4AF-4644-960B-A9B268797642}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{0C5D6C92-3DBF-4441-B578-A5A1E5601B9A}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{1FEF6E89-5DB3-4471-B665-74F540F2D846}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3D574D10-F093-4CCD-9D9B-C920F29FD7D6}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{45E97772-26F4-4872-9F9E-4687DFF648B7}] (...) -- C:\Users\Lilian\Downloads\Gamez Aion Installer (1).exe (.not file.) [0]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{4BD27AEA-D5D9-48CB-97FB-E978C4294A0C}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.06D61BC28C8CE32AE3F5EDC8C7DD34BA] [APT] [{4E3E4BF3-4661-45E3-8EBA-DA122CD642A8}] (.ArenaNet.) -- C:\Users\Lilian\Guild Wars 2\Gw2.exe [22875128]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{55FC3243-2C17-4D70-A3D5-2942D282B8B8}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{56299F80-C592-411A-A580-89152D6930C8}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{5794AFC7-D9F1-4721-80B0-1E2D68844BD5}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{5A963717-6B88-40B7-88C4-3A18E4044A99}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{62E43717-97A7-4877-BE16-834D9CD66BEB}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{67903427-54A1-4C48-AD35-860B21F6702D}] (...) -- C:\Users\Lilian\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.) [0] =>Hijacker.OurSurfing
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{6AFEE8E9-7871-4E13-AC9C-E29C17AE6D2F}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{6BB836CC-2557-4FD5-B9EE-493C5DB45023}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{6E242E9C-F4FB-485E-A621-A0BFD10547F3}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{74115DD1-3D23-4AC2-ACE6-C36ABD885695}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{7FDD2D8B-1505-4387-96C7-BFBC62F28D1B}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9859B62D-2203-4882-82EE-0DC04EB87097}] (...) -- C:\Users\Lilian\Downloads\dxwebsetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{99785C97-5613-4DBC-B8CF-A2C758F3CABC}] (...) -- C:\Program Files (x86)\speed browser\Application\browser.exe (.not file.) [0] =>PUP.SpeedBrowser
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{9D833DE8-BE83-4695-9A3C-5FB7633A79EB}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{ADD211F7-AE85-4D2D-8FBC-0B4565632ED4}] (...) -- C:\Users\Lilian\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{AFC19D82-9164-4065-99FF-29ECA25C2AB2}] (...) -- C:\Users\Lilian\Downloads\Gamez Aion Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B76D465B-7125-49BF-889B-03711A61FA29}] (...) -- C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C0C047EC-FD90-4DED-8507-7AFD062A47D6}] (...) -- C:\Users\Lilian\Downloads\Gamez Aion Installer.exe (.not file.) [0]
[MD5.21AF79AF5B6C0FDE78B78DFB5F180170] [APT] [{C154F600-048E-4E41-8235-BB71D70261D4}] (.ZeniMax Online Studios.) -- C:\Program Files (x86)\Launcher\Bethesda.net_Launcher.exe [15958800]
[MD5.00000000000000000000000000000000] [APT] [{CA42F7ED-D4A9-418D-BA54-71CBA22BF407}] (...) -- C:\Users\Lilian\Downloads\vcredist_x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D6ADF02C-DECC-4AE7-86D8-848AB12B6481}] (...) -- C:\Users\Lilian\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.) [0] =>PUP.StartSearch
O39 - APT: - (..) -- C:\Windows\Tasks\4126d003-52af-4405-8870-9c38eaf51664-1.job [3472] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\4126d003-52af-4405-8870-9c38eaf51664-5.job [2450] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\4126d003-52af-4405-8870-9c38eaf51664-5_user.job [2450] =>PUP.CrossRider
O39 - APT: 5a379bca-416d-4a80-9186-e5c8ef846c60-1 - (...) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-1.job [3458] =>PUP.CrossRider
O39 - APT: 5a379bca-416d-4a80-9186-e5c8ef846c60-1 - (...) -- C:\Windows\System32\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-1 [3458] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-11.job [5178] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-2.job [2104] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-3.job [4488] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-4.job [4152] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-5.job [2440] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-5_user.job [2440] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-6.job [4152] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-7.job [3808] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\67662e70-b55a-4eb1-bd4a-2db123c6ad9d-1.job [3748] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\67662e70-b55a-4eb1-bd4a-2db123c6ad9d-5.job [2760] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\67662e70-b55a-4eb1-bd4a-2db123c6ad9d-5_user.job [2760] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\704b6984-416f-457a-ac34-ff8870284dd0-1.job [3760] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\704b6984-416f-457a-ac34-ff8870284dd0-5.job [2766] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\704b6984-416f-457a-ac34-ff8870284dd0-5_user.job [2766] =>PUP.CrossRider
O39 - APT: 7968905b-190e-499d-81ad-f58daec54437-10_user - (...) -- C:\Windows\Tasks\7968905b-190e-499d-81ad-f58daec54437-10_user.job [2116]
O39 - APT: 7968905b-190e-499d-81ad-f58daec54437-10_user - (...) -- C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-10_user [2116]
O39 - APT: 7968905b-190e-499d-81ad-f58daec54437-5 - (...) -- C:\Windows\Tasks\7968905b-190e-499d-81ad-f58daec54437-5.job [2450] =>PUP.CrossRider
O39 - APT: 7968905b-190e-499d-81ad-f58daec54437-5 - (...) -- C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5 [2450] =>PUP.CrossRider
O39 - APT: 7968905b-190e-499d-81ad-f58daec54437-5_user - (...) -- C:\Windows\Tasks\7968905b-190e-499d-81ad-f58daec54437-5_user.job [2450] =>PUP.CrossRider
O39 - APT: 7968905b-190e-499d-81ad-f58daec54437-5_user - (...) -- C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5_user [2450] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\7ff8baa5-431b-4e2b-831f-6df26dd921fc.job [574]
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-1.job [3466] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-10_user.job [1244]
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-11.job [5182] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-2.job [2108] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-3.job [4492] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-4.job [4492] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-5.job [2444] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-5_user.job [2788] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-6.job [5516] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-7.job [5516] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-1-6 - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-1-6.job [3138]
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-1-6 - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-1-6 [3138]
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-1-7 - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-1-7.job [3474]
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-1-7 - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-1-7 [3474]
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-3 - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-3.job [4494] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-3 - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-3 [4494] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-5 - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5.job [2446] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-5 - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5 [2446] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user.job [2446] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user [2446] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-6 - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-6.job [5518] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-6 - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-6 [5518] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-7 - (...) -- C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-7.job [5518] =>PUP.CrossRider
O39 - APT: 8f994e69-f187-4fc4-b82a-c31f826d01f8-7 - (...) -- C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-7 [5518] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\db0e0afe-85f7-49fd-a9c1-47f56984e24e.job [1384]
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-1.job [3458] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-11.job [5178] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-2.job [2104] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-3.job [4488] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-4.job [4488] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-5.job [2440] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-5_user.job [2440] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-6.job [5512] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-7.job [5512] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1164874959-1107069884-223155611-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1164874959-1107069884-223155611-1000UA [932]
O39 - APT: fun4u_notification_service - (...) -- C:\Windows\Tasks\fun4u_notification_service.job [1284] =>PUP.CrossRider
O39 - APT: fun4u_notification_service - (...) -- C:\Windows\System32\Tasks\fun4u_notification_service [1284] =>PUP.CrossRider
O39 - APT: fun4u_updating_service - (...) -- C:\Windows\Tasks\fun4u_updating_service.job [646] =>PUP.CrossRider
O39 - APT: fun4u_updating_service - (...) -- C:\Windows\System32\Tasks\fun4u_updating_service [646] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryOneClickOptimizer 5 [378]
O39 - APT: gzXL1fkRr1 - (...) -- C:\Windows\Tasks\gzXL1fkRr1.job [1016]
O39 - APT: gzXL1fkRr1 - (...) -- C:\Windows\System32\Tasks\gzXL1fkRr1 [1016]
O39 - APT: JVUEG - (...) -- C:\Windows\Tasks\JVUEG.job [1336]
O39 - APT: JVUEG - (...) -- C:\Windows\System32\Tasks\JVUEG [1336]
O39 - APT: - (..) -- C:\Windows\Tasks\MVJIPJ.job [1330]
O39 - APT: - (..) -- C:\Windows\Tasks\PQTLJ.job [1328]
O39 - APT: xCHtdPQfhpbMT04bJ1 - (...) -- C:\Windows\Tasks\xCHtdPQfhpbMT04bJ1.job [1032]
O39 - APT: xCHtdPQfhpbMT04bJ1 - (...) -- C:\Windows\System32\Tasks\xCHtdPQfhpbMT04bJ1 [1032]
~ Scheduled Task: 132 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (cherimoya) . (. - .) - C:\Windows\System32\drivers\cherimoya.sys (.not file.)
O41 - Driver: (dwhzhoxi) . (. - .) - C:\Windows\system32\drivers\dwhzhoxi.sys (.not file.)
O41 - Driver: (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (. - .) - C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg (.not file.) =>PUP.SystemK
O41 - Driver: (innfd_1_10_0_14) . (.Infonaut - Infonaut Driver x64.) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys =>PUP.Infonaut
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlMon) . (.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys =>PUP.Elex
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>PUP.Elex
O41 - Driver: (scfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\scfd_1_10_0_16.sys (.not file.)
O41 - Driver: (wpnfd_1_10_0_2) . (. - .) - C:\Windows\System32\drivers\wpnfd_1_10_0_2.sys (.not file.)
~ Drivers: 108 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: 4K YouTube to MP3 2.10 - (.Open Media LLC.) [HKLM][64Bits] -- 4K YouTube to MP3_is1
O42 - Logiciel: MSS version 1.02 - (...) [HKLM][64Bits] -- {365C5DC2-679A-4A5D-B40B-5096A49087A8}_is1
O42 - Logiciel: Middle-earth: Shadow of Mordor - (.Monolith Productions, Inc..) [HKLM][64Bits] -- Steam App 241930
O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM][64Bits] -- {57EA96CA-4648-4CB3-8594-3E1A9E37E86F} =>PUP.QuickShare
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe =>PUP.Elex
~ Logic: 28 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\24Seven savings] =>PUP.24sevenSavings
[HKCU\Software\24Sevensavings]
[HKCU\Software\4kdownload.com]
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\OB]
[HKCU\Software\ext coupons]
[HKCU\Software\extcoupons]
[HKCU\Software\fun4u]
[HKCU\Software\gzXL1fkRr1]
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\2d20a8a0-fc0c-47bc-a3f6-92c9a9ce7c74] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\351ab93f-d4cf-4f60-96ed-f411273746e7] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\5aa51ca8-cbfb-4e52-a9b4-f049518b86a0] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\8ae6d333-f739-4a9d-965c-4fc91f721a85] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Client]
[HKLM\Software\Wow6432Node\CrossBrowse-1.4V13.04-nv-ie] =>PUP.CrossBrowser
[HKLM\Software\Wow6432Node\CrossBrowse-1.4V13.04-nv] =>PUP.CrossBrowser
[HKLM\Software\Wow6432Node\CrossBrowse-1.4V13.04] =>PUP.CrossBrowser
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex
[HKLM\Software\Wow6432Node\HQProVideo 1.6V11.11-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\HQProVideo 1.6V11.11] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16] =>PUP.SuperClick
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\VideoMedia+Player_v2.3-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\VideoMedia+Player_v2.3]
[HKLM\Software\Wow6432Node\WordProser_1.10.0.2] =>PUP.WordProser
[HKLM\Software\Wow6432Node\Zenimax_Online]
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]
[HKLM\Software\Wow6432Node\alpha_update]
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024] =>PUP.CrossRider
~ Key Software: 353 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/07/2015 - 13:23:52 - [] ----D C:\Program Files (x86)\03000200-1430243594-0500-0006-000700080009
O43 - CFD: 01/08/2015 - 18:37:25 - [0] ----D C:\Program Files (x86)\0eca4313-39c2-4f6b-8a6b-cecf3bb006f5
O43 - CFD: 01/08/2015 - 19:08:22 - [] ----D C:\Program Files (x86)\4KDownload
O43 - CFD: 01/08/2015 - 18:37:26 - [] ----D C:\Program Files (x86)\CoolSaalECoUpon =>PUP.CoolSaleCoupon
O43 - CFD: 01/08/2015 - 18:37:26 - [] ----D C:\Program Files (x86)\CoolSaleCouuppon =>PUP.CoolSaleCoupon
O43 - CFD: 01/08/2015 - 18:37:26 - [] ----D C:\Program Files (x86)\CoOOLSSaLoeeCoupon =>PUP.CoolSaleCoupon
O43 - CFD: 01/08/2015 - 18:37:26 - [0] ----D C:\Program Files (x86)\CrossBrowse-1.4V13.04 =>PUP.CrossBrowser
O43 - CFD: 01/08/2015 - 18:37:27 - [] ----D C:\Program Files (x86)\CS Browser Assistant
O43 - CFD: 01/08/2015 - 18:37:27 - [] ----D C:\Program Files (x86)\d174ea19-1622-4ec7-bacf-a29743d2290c
O43 - CFD: 06/06/2015 - 12:25:54 - [] ----D C:\Program Files (x86)\dEaal4reaal =>PUP.Deal4reaL
O43 - CFD: 19/06/2015 - 20:36:11 - [] ----D C:\Program Files (x86)\eAusytoshop =>PUP.EasyToShop
O43 - CFD: 22/07/2015 - 11:26:46 - [] ----D C:\Program Files (x86)\Elex-tech =>PUP.Elex
O43 - CFD: 01/08/2015 - 18:37:27 - [] ----D C:\Program Files (x86)\FFleXibleSHOpper =>PUP.FlexibleShoper
O43 - CFD: 01/08/2015 - 18:37:27 - [] ----D C:\Program Files (x86)\FlexibloeSShoPper =>PUP.FlexibleShoper
O43 - CFD: 01/08/2015 - 18:37:27 - [] ----D C:\Program Files (x86)\gmsd_fr_005010021 =>PUP.CrossRider
O43 - CFD: 01/08/2015 - 18:37:28 - [] ----D C:\Program Files (x86)\gmsd_fr_486 =>PUP.CrossRider
O43 - CFD: 01/08/2015 - 18:37:28 - [] ----D C:\Program Files (x86)\gmsd_fr_495 =>PUP.CrossRider
O43 - CFD: 01/08/2015 - 18:37:29 - [] ----D C:\Program Files (x86)\gmsd_fr_552 =>PUP.CrossRider
O43 - CFD: 01/08/2015 - 18:37:29 - [] ----D C:\Program Files (x86)\gmsd_fr_618 =>PUP.CrossRider
O43 - CFD: 01/08/2015 - 18:37:30 - [] ----D C:\Program Files (x86)\GPXPlus Notifier
O43 - CFD: 01/08/2015 - 18:37:30 - [] ----D C:\Program Files (x86)\Holmes
O43 - CFD: 01/08/2015 - 18:37:24 - [] ----D C:\Program Files (x86)\Infonaut_1.10.0.14 =>PUP.Infonaut
O43 - CFD: 28/04/2015 - 19:48:51 - [] ----D C:\Program Files (x86)\MSS
O43 - CFD: 06/06/2014 - 18:58:13 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 03/05/2015 - 20:48:03 - [] ----D C:\Program Files (x86)\Priceless =>PUP.PriceLess
O43 - CFD: 06/06/2015 - 12:25:53 - [] ----D C:\Program Files (x86)\savaer ibOx =>PUP.SaverBox
O43 - CFD: 01/08/2015 - 18:37:24 - [0] ----D C:\Program Files (x86)\SectionDouble
O43 - CFD: 19/06/2015 - 20:36:11 - [] ----D C:\Program Files (x86)\SShopperMastoer
O43 - CFD: 01/08/2015 - 18:37:30 - [] ----D C:\Program Files (x86)\WowCCoupoin =>PUP.WOwCoupon
O43 - CFD: 01/08/2015 - 18:37:30 - [] ----D C:\Program Files (x86)\WowCCoupoon =>PUP.WOwCoupon
O43 - CFD: 01/08/2015 - 18:37:30 - [] ----D C:\Program Files (x86)\WoWCeoupon =>PUP.WOwCoupon
O43 - CFD: 01/08/2015 - 18:37:31 - [] ----D C:\Program Files (x86)\WowCouupon =>PUP.WOwCoupon
O43 - CFD: 01/08/2015 - 18:37:31 - [] ----D C:\Program Files (x86)\WowuCouppon =>PUP.WOwCoupon
O43 - CFD: 01/08/2015 - 18:37:31 - [] ----D C:\Program Files (x86)\WWoawCoupon =>PUP.WOwCoupon
O43 - CFD: 29/07/2015 - 00:57:17 - [] ----D C:\Program Files (x86)\ZSoft
O43 - CFD: 01/08/2015 - 18:17:11 - [] ----D C:\Program Files (x86)\Common Files\Config
O43 - CFD: 19/06/2015 - 21:16:33 - [] ----D C:\ProgramData\16620872238937715239
O43 - CFD: 03/05/2015 - 20:39:41 - [0] ----D C:\ProgramData\5432c3680000775a
O43 - CFD: 14/01/2015 - 16:07:32 - [] ----D C:\ProgramData\BetterPriceChec =>PUP.BetterPriceChec
O43 - CFD: 12/11/2014 - 22:16:01 - [] ----D C:\ProgramData\e6a9333d7b08b227
O43 - CFD: 24/04/2015 - 19:27:00 - [] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 28/01/2014 - 19:56:11 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 01/08/2015 - 18:37:24 - [0] ----D C:\ProgramData\SharkManCoupon
O43 - CFD: 17/11/2014 - 14:19:42 - [] ----D C:\ProgramData\ssavaernaEt =>PUP.SaveNet
O43 - CFD: 01/08/2015 - 18:37:24 - [] ----D C:\ProgramData\ysASxE
O43 - CFD: 01/08/2015 - 18:17:06 - [] ----D C:\ProgramData\{b78e9779-4144-a2c5-b78e-e97794145de5}
O43 - CFD: 01/08/2015 - 18:37:24 - [] ----D C:\ProgramData\{bf981bea-321c-1032-bf98-81bea3216fa8}
O43 - CFD: 12/04/2011 - 11:27:56 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 23/12/2012 - 15:31:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN
O43 - CFD: 01/08/2015 - 19:08:34 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
O43 - CFD: 15/01/2015 - 16:23:30 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Roaming\Elex-tech =>PUP.Elex
O43 - CFD: 30/11/2014 - 22:08:19 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Roaming\library_dir
O43 - CFD: 23/07/2015 - 16:02:34 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Local\4kdownload.com
O43 - CFD: 22/02/2015 - 16:27:43 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Local\avaxvyyvyf =>PUP.SearchProtect
O43 - CFD: 27/07/2015 - 16:38:45 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Local\CEF
O43 - CFD: 30/11/2014 - 15:19:04 - [] -SH-D C:\Users\Lilian.Lilian-PC\AppData\Local\EmieBrowserModeList
O43 - CFD: 15/01/2015 - 16:22:25 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Local\Temp{1C1E7ABC-CDFE-499A-8D59-8C7DFDE47A60}
O43 - CFD: 29/07/2015 - 00:57:18 - [] ----D C:\Users\Lilian.Lilian-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
~ Program Folder: 268 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.49E7ECC629C060B25752315A2DEB8605] - 01/08/2015 - 17:20:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [26544]
O44 - LFC:[MD5.49E7ECC629C060B25752315A2DEB8605] - 01/08/2015 - 17:20:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [26544]
O44 - LFC:[MD5.2CD55E75F522EB61ED5FE0E5DD6A852E] - 19/07/2015 - 13:23:23 ----- . (...) -- C:\bootsqm.dat [16376]
O44 - LFC:[MD5.E72E35F53450230C12B1CC133544845E] - 28/07/2015 - 19:43:39 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O44 - LFC:[MD5.9FB02FBA90F6AF59537A30C3DB9777C8] - 28/07/2015 - 19:43:41 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
~ Files: 9 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E134F8BDFE16E74F1D060E4CC9CB1192] - 01/08/2015 - 17:12:41 ---A- - C:\Windows\Prefetch\ISAFESVC.EXE-5419B825.pf =>Trojan.Staser
O45 - LFCP:[MD5.8970B9CC929030231DDE022D9FF69CFF] - 01/08/2015 - 17:12:41 ---A- - C:\Windows\Prefetch\ISAFESVC2.EXE-5DA52757.pf =>Trojan.Staser
O45 - LFCP:[MD5.F056ECCA20BA22E4B75C9A3D569D1497] - 01/08/2015 - 17:12:41 ---A- - C:\Windows\Prefetch\ISAFETHLP64.EXE-E88463EB.pf =>Trojan.Staser
O45 - LFCP:[MD5.C38A748961B4D205806F7A36BB036992] - 01/08/2015 - 17:23:32 ---A- - C:\Windows\Prefetch\ISAFEVIRUSSCANNER.EXE-AD415958.pf =>Trojan.Staser
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{fd65383f-4d00-11e2-8002-806e6f6e6963}\AutoRun\command. (.ArenaNet - Guild Wars 2 Game Client.) -- D:\Gw2Setup.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:10/05/2011 - 16:28:48 ---A- . (.Windows (R) Win 7 DDK provider - ASRock App Charger Driver.) -- C:\Windows\System32\Drivers\AsrAppCharger.sys [17192]
O58 - SDL:01/12/2014 - 12:39:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:04/11/2011 - 08:05:08 ---A- . (...) -- C:\Windows\System32\Drivers\CtHDb.sys [24152]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:06/05/2013 - 20:38:53 ---A- . (.FNet Co., Ltd. - FNetTbos.sys.) -- C:\Windows\System32\Drivers\FNETTBOH_305.SYS [32320]
O58 - SDL:23/12/2012 - 14:30:25 ---A- . (.FNet Co., Ltd. - FNetUrPx.sys.) -- C:\Windows\System32\Drivers\FNETURPX.SYS [15936]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:19/06/2013 - 17:26:06 ---A- . (.Hide My IP - WFP driver.) -- C:\Windows\System32\Drivers\hmip64.sys [30056]
O58 - SDL:10/04/2015 - 20:56:56 ---A- . (.Infonaut - Infonaut Driver x64.) -- C:\Windows\System32\Drivers\innfd_1_10_0_14.sys [58224] =>PUP.Infonaut
O58 - SDL:16/04/2015 - 09:55:45 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O58 - SDL:14/04/2015 - 10:01:34 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O58 - SDL:17/09/2010 - 18:42:48 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [79680]
O58 - SDL:17/09/2010 - 18:42:48 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [201280]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/08/2015 - 18:41:48 ---A- . (...) -- C:\Users\Lilian.Lilian-PC\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 27/07/2015 - 18:42:03 ---A- . (...) -- C:\Users\Lilian.Lilian-PC\Desktop\SmiteInstaller.exe [65751896]
O61 - LFC: 28/07/2015 - 18:42:03 ---A- . (...) -- C:\Users\Lilian.Lilian-PC\Downloads\yet_another_cleaner_neto.exe [867160] =>PUP.YetAnotherCleaner
O61 - LFC: 30/07/2015 - 18:41:57 ---A- . (...) -- C:\Users\Lilian.Lilian-PC\AppData\Roaming\appdataFr2.bin [20]
~ 314 Fichiers temporaires (Temporary files)
~ 12 Fichiers cookies (Cookies files)
~ Files: 22 Legitimates Filtered in 00mn 16s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 04/07/2011 - C:\Windows\System32\DRIVERS\cfosspeed6.sys (cFosSpeed) .(.cFos Software GmbH - cFosSpeed Driver.) - LEGACY_CFOSSPEED
O64 - Services: CurCS - 10/04/2015 - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (innfd_1_10_0_14) .(.Infonaut - Infonaut Driver x64.) - LEGACY_INNFD_1_10_0_14 =>PUP.Infonaut
O64 - Services: CurCS - 14/05/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>PUP.Elex
O64 - Services: CurCS - 03/07/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT =>PUP.Elex
O64 - Services: CurCS - 27/07/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys (iSafeKrnlMon) .(.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - LEGACY_ISAFEKRNLMON =>PUP.Elex
O64 - Services: CurCS - 23/07/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3 =>PUP.Elex
O64 - Services: CurCS - 14/04/2015 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>PUP.Elex
~ Legacy: 101 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- c:\users\teso2\appdata\local\unicobrowser\application\unicobrowser.exe (.not file.) =>PUP.UnicoBrowser
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {425ED333-6083-428a-92C9-0CFC28B9D1BF} - (V9) - http://www.v9.com =>PUP.V9Software
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {425ED333-6083-428a-92C9-0CFC28B9D1BF} - (V9) - http://www.v9.com =>PUP.V9Software
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1D56B4C2144B1709B0C668524BF31D25] [SPRF][30/07/2015] (...) -- C:\Users\Lilian.Lilian-PC\AppData\Roaming\appdataFr2.bin [20]
[MD5.D9D6C46777135897F8097AB035635CC8] [SPRF][27/07/2015] (...) -- C:\Users\Lilian.Lilian-PC\Desktop\SmiteInstaller.exe [65751896]
~ Files: 2 Legitimates Filtered in 00mn 07s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "E8E877ED6825FF148AE54DA13648DD38" . (.Boxore Client.) -- C:\Windows\Installer\{DE778E8E-5286-41FF-A85E-D41A6384DD83}\Boxore.ico =>Adware.Boxore
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:usrcheckbox="1"
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:version="2.6.1694.246"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:060df2cd="GlAu/YP/c/Au/YZ/GxAp/YZ/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:1c311243="GxAp/X2/FPAm/X6/FlAu/XD/ax/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:51d2f2ea="JlAu/XV/c/Ap/X6/axAD/X6/cPAz/Xl/GP////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:65114b36="VP/l////"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:c24899a6="Vl/3/CJ/MP/g/CZ////%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:d94388d2="GxAp/X2/FPAm/X6/FlAu/XD/ax/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024\57208309372463445\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1869BA0951D281A460CB4BB286583B68] [WIS][07/05/2015] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\73273bc.msi [5685248] =>Adware.Boxore
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\LookThisUp_RASAPI32 =>PUP.LookThisUp
HKLM\SOFTWARE\Microsoft\Tracing\LookThisUp_RASMANCS =>PUP.LookThisUp
HKLM\SOFTWARE\Microsoft\Tracing\SafeGuard_RASAPI32 =>PUP.SafeGuard
HKLM\SOFTWARE\Microsoft\Tracing\SafeGuard_RASMANCS =>PUP.SafeGuard
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32 =>PUP.StormWatch
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS =>PUP.StormWatch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32 =>Adware.Boxore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS =>Adware.Boxore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock UpSetup_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock UpSetup_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BubbleDock_FR_0210-6f5bb19e_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DefaultTabSearch_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DefaultTabSearch_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\delta-homes_RASAPI32 =>Hijacker.DeltaHomes
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FLVPlayerSetup_RASAPI32 =>PUP.FLVPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FLVPlayerSetup_RASMANCS =>PUP.FLVPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1701-6469dbb0_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1701-6469dbb0_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_14656_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\lollipop_10181049_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32 =>Toolbar.DeltaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32 =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASMANCS =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationMonitor_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationMonitor_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationSysTray_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NotationSysTray_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Notation_RASAPI32 =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Notation_RASMANCS =>Hijacker.Proxy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_1_RASAPI32 =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_1_RASMANCS =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_RASAPI32 =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_RASMANCS =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuickShare_RASAPI32 =>PUP.QuickShare
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\QuickShare_RASMANCS =>PUP.QuickShare
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Qvo6_RASAPI32 =>Hijacker.Qvo6
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_v2_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_v2_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_agriculture-simulator-2012_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_agriculture-simulator-2012_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_monopoly_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_monopoly_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_navicat (1)_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_navicat (1)_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_navicat_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_navicat_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\softwareupdater_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\softwareupdater_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32 =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\toolbar_vit_sweetim_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\toolbar_vit_sweetim_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASMANCS =>PUP.VAFPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1678_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1678_RASMANCS =>Adware.Yontoo
~ BTK: 365 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110611501155}] (BrowsersApp_Pro_v1.1) =>PUP.CrossRider
[HKCR\CLSID\{11111111-1111-1111-1111-110611571177}] (HQProVideo 1.6V11.11) =>PUP.CrossRider
[HKCR\CLSID\{11111111-1111-1111-1111-110611901165}] (HQCinema Pro 2.1V18.01) =>PUP.CrossRider
[HKCR\CLSID\{11111111-1111-1111-1111-110611971195}] (Ge-Force) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220422182296}] (CrossriderApp0041896.Sandbox) =>PUP.CrossRider
~ BCK: 4557 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 16/07/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 22/07/1658 0 | (bfd46d07) . (...) - c:\Program Files (x86)\SectionDouble\SectionDouble.dll
SS - | Disabled 19/10/2011 395136 | (cFosSpeedS) . (.cFos Software GmbH.) - C:\Program Files\ASRock\XFast LAN\spd.exe
SS - | Demand 23/12/2012 79360 | (Creative ALchemy AL6 Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
SS - | Demand 23/12/2012 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
SS - | System 22/07/1658 0 | (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (...) - C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg =>PUP.SystemK
SS - | Auto 22/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/07/1658 0 | (HiPatchService) . (...) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SS - | Disabled 12/10/2011 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
SS - | Demand 10/04/2015 278600 | (insvc_1.10.0.14) . (.Infonaut.) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut
SS - | Demand 22/07/1658 0 | (kyjerexu) . (...) - C:\Program Files (x86)\03000200-1430243594-0500-0006-000700080009\knseAD55.tmp
SS - | Demand 28/04/2015 146944 | (liwucuni) . (...) - C:\Users\teso2\AppData\Local\03000200-1430250995-0500-0006-000700080009\cnsdDE03.tmp
SS - | Demand 10/04/2015 2823496 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 26/06/2015 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
SS - | Disabled 22/07/1658 0 | (Notation) . (...) - C:\Program Files (x86)\Notation\Notation.exe =>Hijacker.Proxy
SS - | Disabled 22/07/1658 0 | (NotationMonitor) . (...) - C:\Program Files (x86)\Notation\NotationMonitor.exe =>Hijacker.Proxy
SS - | Demand 28/04/2015 113664 | (pusetufy) . (...) - C:\Users\teso2\AppData\Roaming\03000200-1430243594-0500-0006-000700080009\jnsm21D1.tmp
SS - | Demand 10/03/2015 187072 | (Razer Game Scanner Service) . (...) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 24/07/2015 838336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 05/03/2015 426160 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
SS - | Disabled 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/06/2015 245760 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 19/10/2011 423424 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
SR - | Auto 04/11/2011 104448 | (CtHdaSvc) . (.Creative Technology Ltd.) - C:\Windows\sysWow64\CtHdaSvc.exe
SR - | Auto 16/04/2015 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 12/03/2015 129168 | (RzKLService) . (.Razer Inc..) - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
SR - | Demand 22/07/1658 0 | (TrustedInstaller) . (...) - C:\Windows\servicing\TrustedInstaller.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Lilian at 01/08/2015 18:43:17
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Lilian at 01/08/2015 18:43:19
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 120
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 29
Fichiers trouvés (Files found) : 81

[HKLM\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222] =>PUP.SystemK^
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>PUP.Elex^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57EA96CA-4648-4CB3-8594-3E1A9E37E86F}] =>PUP.QuickShare^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>PUP.Elex^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32] =>PUP.SpeedUpMyPC
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASAPI32] =>PUP.QuickShare
[HKLM\Software\Wow6432Node\Microsoft\Tracing\QuickShare_RASMANCS] =>PUP.QuickShare
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0041896.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0041896.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0041896.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0041896.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411181196}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611491169}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611501155}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611571177}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611901159}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611901165}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611971195}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422182296}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622492269}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622502255}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622572277}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622902259}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622902265}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622972295}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0041896.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0041896.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0041896.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0041896.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181196}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0DA5D75B5B33B4B83724742699814F] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C506B89D971FBA3418F37674F3BC1244] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E95E6C2F69DE1E4449ECD2AA116D329A] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEA78903E905F6C41BA2E3CC615507CA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^
C:\Program Files (x86)\CoolSaalECoUpon =>PUP.CoolSaleCoupon^
C:\Program Files (x86)\CoolSaleCouuppon =>PUP.CoolSaleCoupon^
C:\Program Files (x86)\CoOOLSSaLoeeCoupon =>PUP.CoolSaleCoupon^
C:\Program Files (x86)\CrossBrowse-1.4V13.04 =>PUP.CrossBrowser^
C:\Program Files (x86)\dEaal4reaal =>PUP.Deal4reaL^
C:\Program Files (x86)\eAusytoshop =>PUP.EasyToShop^
C:\Program Files (x86)\Elex-tech =>PUP.Elex^
C:\Program Files (x86)\FFleXibleSHOpper =>PUP.FlexibleShoper^
C:\Program Files (x86)\FlexibloeSShoPper =>PUP.FlexibleShoper^
C:\Program Files (x86)\gmsd_fr_005010021 =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_486 =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_495 =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_552 =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_618 =>PUP.CrossRider^
C:\Program Files (x86)\Infonaut_1.10.0.14 =>PUP.Infonaut^
C:\Program Files (x86)\Priceless =>PUP.PriceLess^
C:\Program Files (x86)\savaer ibOx =>PUP.SaverBox^
C:\Program Files (x86)\WowCCoupoin =>PUP.WOwCoupon^
C:\Program Files (x86)\WowCCoupoon =>PUP.WOwCoupon^
C:\Program Files (x86)\WoWCeoupon =>PUP.WOwCoupon^
C:\Program Files (x86)\WowCouupon =>PUP.WOwCoupon^
C:\Program Files (x86)\WowuCouppon =>PUP.WOwCoupon^
C:\Program Files (x86)\WWoawCoupon =>PUP.WOwCoupon^
C:\ProgramData\BetterPriceChec =>PUP.BetterPriceChec^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\ssavaernaEt =>PUP.SaveNet^
C:\Users\Lilian.Lilian-PC\AppData\Roaming\Elex-tech =>PUP.Elex^
C:\Users\Lilian.Lilian-PC\AppData\Local\avaxvyyvyf =>PUP.SearchProtect^
C:\Program Files (x86)\Software =>Adware.Boxore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe =>PUP.Elex^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe =>PUP.Elex^
C:\Windows\Tasks\4126d003-52af-4405-8870-9c38eaf51664-1.job =>PUP.CrossRider^
C:\Windows\Tasks\4126d003-52af-4405-8870-9c38eaf51664-5.job =>PUP.CrossRider^
C:\Windows\Tasks\4126d003-52af-4405-8870-9c38eaf51664-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-1 =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-11.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-2.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-3.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-4.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-5.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-6.job =>PUP.CrossRider^
C:\Windows\Tasks\5a379bca-416d-4a80-9186-e5c8ef846c60-7.job =>PUP.CrossRider^
C:\Windows\Tasks\67662e70-b55a-4eb1-bd4a-2db123c6ad9d-1.job =>PUP.CrossRider^
C:\Windows\Tasks\67662e70-b55a-4eb1-bd4a-2db123c6ad9d-5.job =>PUP.CrossRider^
C:\Windows\Tasks\67662e70-b55a-4eb1-bd4a-2db123c6ad9d-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\704b6984-416f-457a-ac34-ff8870284dd0-1.job =>PUP.CrossRider^
C:\Windows\Tasks\704b6984-416f-457a-ac34-ff8870284dd0-5.job =>PUP.CrossRider^
C:\Windows\Tasks\704b6984-416f-457a-ac34-ff8870284dd0-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\7968905b-190e-499d-81ad-f58daec54437-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5 =>PUP.CrossRider^
C:\Windows\Tasks\7968905b-190e-499d-81ad-f58daec54437-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5_user =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-1.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-11.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-2.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-3.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-4.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-5.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-6.job =>PUP.CrossRider^
C:\Windows\Tasks\878c26b4-7f0e-45ed-8c89-03c173efa966-7.job =>PUP.CrossRider^
C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-3 =>PUP.CrossRider^
C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5 =>PUP.CrossRider^
C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-5_user =>PUP.CrossRider^
C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-6 =>PUP.CrossRider^
C:\Windows\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\8f994e69-f187-4fc4-b82a-c31f826d01f8-7 =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-1.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-11.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-2.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-3.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-4.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-5.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-6.job =>PUP.CrossRider^
C:\Windows\Tasks\e1255d9e-3d00-4b50-93ec-eab815238ef9-7.job =>PUP.CrossRider^
C:\Windows\Tasks\fun4u_notification_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fun4u_notification_service =>PUP.CrossRider^
C:\Windows\Tasks\fun4u_updating_service.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fun4u_updating_service =>PUP.CrossRider^
[HKCU\Software\24Seven savings] =>PUP.24sevenSavings^
[HKLM\Software\Wow6432Node\2d20a8a0-fc0c-47bc-a3f6-92c9a9ce7c74] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\351ab93f-d4cf-4f60-96ed-f411273746e7] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\5aa51ca8-cbfb-4e52-a9b4-f049518b86a0] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\8ae6d333-f739-4a9d-965c-4fc91f721a85] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CrossBrowse-1.4V13.04-nv-ie] =>PUP.CrossBrowser^
[HKLM\Software\Wow6432Node\CrossBrowse-1.4V13.04-nv] =>PUP.CrossBrowser^
[HKLM\Software\Wow6432Node\CrossBrowse-1.4V13.04] =>PUP.CrossBrowser^
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex^
[HKLM\Software\Wow6432Node\HQProVideo 1.6V11.11-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\HQProVideo 1.6V11.11] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16] =>PUP.SuperClick^
[HKLM\Software\Wow6432Node\VideoMedia+Player_v2.3-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\WordProser_1.10.0.2] =>PUP.WordProser^
[HKLM\Software\Wow6432Node\dcceeb25-9167-ba24-2fa4-f9cd0b715024] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\a538fd8bc3ab946]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
C:\Windows\Installer\73273bc.msi =>Adware.Boxore^
[HKCR\CLSID\{11111111-1111-1111-1111-110611501155}] (BrowsersApp_Pro_v1.1) =>PUP.CrossRider^
[HKCR\CLSID\{11111111-1111-1111-1111-110611571177}] (HQProVideo 1.6V11.11) =>PUP.CrossRider^
[HKCR\CLSID\{11111111-1111-1111-1111-110611901165}] (HQCinema Pro 2.1V18.01) =>PUP.CrossRider^
[HKCR\CLSID\{11111111-1111-1111-1111-110611971195}] (Ge-Force) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220422182296}] (CrossriderApp0041896.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 265167 Items scanned in 00mn 10s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>PUP.ComNotification
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://nicolascoolman.fr/33161900-adware-simplefiles =>Adware.SimpleFiles
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://www.nicolascoolman.fr/blog/ =>Hijacker.OurSurfing
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://nicolascoolman.fr/pup-quickshare =>PUP.QuickShare
http://www.nicolascoolman.fr/blog/ =>PUP.24sevenSavings
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.SuperClick
http://www.nicolascoolman.fr/blog/ =>PUP.WordProser
http://www.nicolascoolman.fr/blog/ =>PUP.CoolSaleCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.Deal4reaL
http://nicolascoolman.fr/pup-easytoshop =>PUP.EasyToShop
http://nicolascoolman.fr/pup-flexibleshoper =>PUP.FlexibleShoper
http://www.nicolascoolman.fr/blog/ =>PUP.PriceLess
http://www.nicolascoolman.fr/blog/ =>PUP.SaverBox
http://www.nicolascoolman.fr/blog/ =>PUP.WOwCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.BetterPriceChec
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/blog/ =>PUP.SaveNet
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://www.nicolascoolman.fr/blog/ =>PUP.YetAnotherCleaner
http://www.nicolascoolman.fr/blog/ =>PUP.UnicoBrowser
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.LookThisUp
http://www.nicolascoolman.fr/blog/ =>PUP.SafeGuard
http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/blog/ =>PUP.FLVPlayer
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-lollipop =>Adware.Lollipop
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://www.nicolascoolman.fr/blog/ =>PUP.NetEngine
http://www.nicolascoolman.fr/blog/ =>Adware.PricePeep
http://nicolascoolman.fr/27068497-hijacker-privitizevpn =>Hijacker.PrivitizeVPN
http://nicolascoolman.fr/hijacker-qvo6 =>Hijacker.Qvo6
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedUpMyPC
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/pup-vafplayer =>PUP.VAFPlayer
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/adware-predictad =>Adware.PredictAd
~ MSI: 66 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

~ 1097 Legitimates filtered by white list
End of the scan (1386 lines in 02mn 00s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité