~ Rapport de ZHPDiag v2013.10.6.16 - Nicolas Coolman (06/10/2013) ~ Lancé par valentin (06/10/2013 15:32:46) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16686 (Defaut) GCIE: Google Chrome v30.0.1599.66 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 1 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v13.0.0.4042 Microsoft Security Client FR-FR Language Pack v2.1.1116.0 Norton Internet Security v18.6.0.29 Windows Defender W7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4043 MB (48% free) System Restore: Activé (Enable) System drive C: has 375 GB (83%) free of 451 GB ---\\ Mode de connexion au système ~ Computer Name: VALENTIN-HP ~ User Name: valentin ~ All Users Names: valentin, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\valentin\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\valentin\AppData\Roaming\ ~ %Desktop% : C:\Users\valentin\Desktop\ ~ %Favorites% : C:\Users\valentin\Favorites\ ~ %LocalAppData% : C:\Users\valentin\AppData\Local\ ~ %StartMenu% : C:\Users\valentin\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 375 Go of 451 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go) E: CD-ROM drive (Not Inserted) F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 35 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 04s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/73 ~ Mes musiques (My Musics) : 5/43 ~ Mes Videos (My Videos) : 1/16 ~ Mes Favoris (My Favorites) : 1/80 ~ Mes Documents (My Documents) : 1/1045 ~ Mon Bureau (My Desktop) : 3/2568 ~ Menu demarrer (Programs) : 1/24 ~ Hidden Files: Scanned in 00mn 39s ---\\ Processus lancés [MD5.FF1E66379B94E168504D611A151263C2] - (...) -- C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3099616] [PID.1600] =>PUP.BitGuard [MD5.ACD3675D56D1EC37197C43E553EC171A] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3507088] [PID.2596] [MD5.C796AC1332CC47940FB877CF9C2CEB49] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [1015808] [PID.3896] [MD5.C98EF7E083579C0D588D0E909F48A90A] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728] [PID.3940] [MD5.E7BFAEC48B638814F9DA09FF1F4B723A] - (.Conduit - Search Protect by Conduit.) -- C:\Users\valentin\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640] [PID.4000] =>Toolbar.Conduit [MD5.41D1214B86A06FD29423A797EBDA17E4] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160] [PID.4228] [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.4336] [MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696] [PID.4520] [MD5.8192B2E274607D1D530F5C191698C544] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944] [PID.4612] [MD5.A73731A0B0A165907799E9AFB461F856] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096] [PID.4712] [MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.4740] [MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.4876] [MD5.37287D98A1BF5D56AA729CEB9B27C6B1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.2356] [MD5.10B01048B1DA075CD1EE27E30B4CF342] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [308816] [PID.4544] =>Toolbar.Google [MD5.4E32BB719A92E1B10A24E89C6ED96A13] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8053248] [PID.4836] [MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1380] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1552] [MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1576] [MD5.2B9A15DFDC14B4ECB1E8FC13AE43E60F] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056] [PID.1692] =>Toolbar.Conduit [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1776] [MD5.CFD54D70F76E84E1E737AE1140FBC5C0] - (.Garmin Ltd or its subsidiaries - Garmin Core Update Service.) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504] [PID.1840] [MD5.2BEC76BDCD1BC080210325E7B5094834] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200] [PID.1920] [MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008] [PID.2020] [MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2416] [MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2472] [MD5.4AA2CC5979AFF984227364F2C23B04F3] - (.Wajam - Auto-updater.) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064] [PID.2524] =>Toolbar.Wajam [MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2556] [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3256] [MD5.07E1BF2B3776AA67A621DED3810C1626] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [815160] [PID.3908] [MD5.514455F6586473791C5C6B25BA4E1BAB] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.3244] [MD5.983FC69644DDF0486C8DFEA262948D1A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3616] [MD5.D75C4B4A8FE6D7FD74A7EECDBAEC729F] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.5168] [MD5.E07F8E78D08D9269E3365C2A4F637191] - (.Hewlett-Packard Development Company L.P. - HP Connection Manager Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1098296] [PID.5620] [MD5.758C2CE427C343F780A205E28555C98D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.6076] ~ Processes Running: Scanned in 00mn 04s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default] ore_on_startup": ["http://feed.snapdo.com =>Hijacker.SmartBar ~ Google Browser: 1 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.) M2 - MFEP: prefs.js [valentin - extensions\8hffxtbr@Allin1Convert_8h.com] [] Allin1Convert v5.33.2.22293 (..) =>Adware.Allin1Convert ~ Firefox Browser: 5 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com =>Hijacker.SearchGol R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar R3 - URLSearchHook: DVDVideoSoftTB Toolbar [64Bits] - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.16.2.2) -- C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll =>Toolbar.Conduit ~ IE Browser: 17 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Complitly [64Bits] - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - Complitly - Helps you search the web.) -- C:\Users\valentin\AppData\Roaming\Complitly\Complitly.dll =>Adware.PredictAd O2 - BHO: TBSB04240 [64Bits] - {4F37A8FE-00B3-430F-85AA-F97F12E8B651} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files (x86)\Force Download Toolbar\tbcore3.dll O2 - BHO: DVDVideoSoftTB [64Bits] - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll =>Toolbar.Conduit O2 - BHO: Wajam IE BHO [64Bits] - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files (x86)\Wajam\IE\priam_bho.dll =>Toolbar.Wajam O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll =>Toolbar.DeltaSearch O2 - BHO: PricePeep [64Bits] - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} . (.PricePeep - PricePeep.) -- C:\Program Files (x86)\PricePeep\pricepeep.dll =>Adware.PricePeep ~ BHO: 19 Legitimates Filtered in 00mn 06s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Driver Detective.lnk . (.PC Drivers Headquarters - Driver Detective.) -- C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe O4 - GS\Desktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe O4 - GS\Desktop [Public]: Garmin Express.lnk . (.Garmin - Express.) -- C:\Program Files (x86)\Garmin\Express\Express.exe =>.Garmin Corporation O4 - GS\Desktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co O4 - GS\Desktop [Public]: SmartPCFixer.lnk . (...) -- C:\Program Files\SmartPCFixer\SmartPcFixer.exe O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS O4 - GS\TaskBar [valentin]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe O4 - GS\TaskBar [valentin]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe O4 - GS\Desktop [valentin]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe O4 - GS\Desktop [valentin]: Continue Codec Pack Installation.lnk . (...) -- C:\Users\valentin\AppData\Local\Temp\ICReinstall_UltimateCodec.exe O4 - GS\Desktop [valentin]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe ~ Global Startup: 70 Legitimates Filtered in 00mn 19s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKCU\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe O4 - HKCU\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Users\valentin\AppData\Roaming\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS O4 - HKLM\..\Wow6432Node\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. - HPCMDelayStart Application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [SearchProtectAll] . (.Conduit - Search Protect by Conduit.) -- C:\Program Files (x86)\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe O4 - HKUS\S-1-5-21-2938033825-3981200138-3061306153-1000\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Users\valentin\AppData\Roaming\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit ~ Application: Scanned in 00mn 02s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{85E30FCF-4E69-4D88-AB2F-3040196EC4B8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{85E30FCF-4E69-4D88-AB2F-3040196EC4B8}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{85E30FCF-4E69-4D88-AB2F-3040196EC4B8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{85E30FCF-4E69-4D88-AB2F-3040196EC4B8}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{85E30FCF-4E69-4D88-AB2F-3040196EC4B8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{85E30FCF-4E69-4D88-AB2F-3040196EC4B8}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard O23 - Service: CDMA Device Service (CDMA Device Service) . (.Pas de propriétaire - VIA Telecom Service.) - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe O23 - Service: Search Protect by Conduit Updater (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe =>Toolbar.Conduit O23 - Service: WajamUpdater (WajamUpdater) . (.Wajam - Auto-updater.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe =>Toolbar.Wajam ~ Services: 20 Legitimates Filtered in 01mn 22s ---\\ Tâches planifiées en automatique (O39) [MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\valentin\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution ~ Scheduled Task: 20 Legitimates Filtered in 00mn 18s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (dmsovsit) . (. - .) - C:\Windows\system32\drivers\dmsovsit.sys (.not file.) ~ Drivers: 87 Legitimates Filtered in 00mn 02s ---\\ Logiciels installés (O42) O42 - Logiciel: Allin1Convert Firefox Toolbar - (.Mindspark Interactive Network.) [HKLM][64Bits] -- Allin1Convert_8hbar Uninstall Firefox =>Adware.Allin1Convert O42 - Logiciel: Ares 2.1.6 - (.Ares Development Group.) [HKLM][64Bits] -- Ares O42 - Logiciel: Complitly - (.Complitly.) [HKLM][64Bits] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1 =>Adware.PredictAd O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta =>Toolbar.DeltaSearch O42 - Logiciel: EDR_3 - (.La Monnaie de Paris.) [HKLM][64Bits] -- EDR.scr O42 - Logiciel: Force Download Toolbar - (.Force Download.) [HKLM][64Bits] -- Force Download Toolbar O42 - Logiciel: PricePeep - (.betwikx LLC.) [HKLM][64Bits] -- PricePeep =>Adware.PricePeep O42 - Logiciel: Search Protect by conduit - (.Conduit.) [HKLM][64Bits] -- SearchProtect =>Toolbar.Conduit O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>Toolbar.Wajam ~ Logic: 168 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Allin1Convert_8h] =>Adware.Allin1Convert [HKCU\Software\Ares] [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Complitly] =>Adware.PredictAd [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Cr_Installer] =>PUP.CrossRider [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Delta] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\SweetPacks] =>PUP.SweetIM [HKCU\Software\Wajam] =>Toolbar.Wajam [HKCU\Software\ded9dcb46ae814] [HKLM\Software\Wow6432Node\AedgePerformanceBCN] =>Adware.SPointer [HKLM\Software\Wow6432Node\Allin1Convert_8h] =>Adware.Allin1Convert [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\Delta] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\SimplyGen] =>Adware.PredictAd [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetPacks] =>PUP.SweetIM [HKLM\Software\Wow6432Node\ded9dcb46ae814] ~ Key Software: 253 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04/10/2013 - 21:22:24 - [9,077] ----D C:\Program Files (x86)\Allin1Convert_8h =>Adware.Allin1Convert O43 - CFD: 14/04/2012 - 23:54:04 - [1,916] ----D C:\Program Files (x86)\Ares O43 - CFD: 21/09/2013 - 10:42:05 - [1,572] ----D C:\Program Files (x86)\Complitly =>Adware.PredictAd O43 - CFD: 05/09/2013 - 16:59:07 - [0,883] ----D C:\Program Files (x86)\Conduit O43 - CFD: 22/08/2013 - 16:51:16 - [2,392] ----D C:\Program Files (x86)\Delta O43 - CFD: 16/09/2013 - 14:47:06 - [0] ----D C:\Program Files (x86)\Duuqu =>Toolbar.DeltaSearch O43 - CFD: 03/09/2012 - 17:58:40 - [3,736] ----D C:\Program Files (x86)\Force Download Toolbar O43 - CFD: 21/09/2013 - 10:42:02 - [0,257] ----D C:\Program Files (x86)\FTdownloader V4.0 =>Adware.Downware O43 - CFD: 04/10/2013 - 21:52:37 - [0,770] ----D C:\Program Files (x86)\PricePeep =>Adware.PricePeep O43 - CFD: 04/10/2013 - 21:52:00 - [0,495] ----D C:\Program Files (x86)\Wajam =>Toolbar.Wajam O43 - CFD: 01/10/2011 - 11:07:27 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 21/09/2013 - 11:52:42 - [8,569] ----D C:\ProgramData\BitGuard =>PUP.BitGuard O43 - CFD: 22/08/2013 - 16:52:01 - [23,535] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 22/08/2013 - 16:50:59 - [1,443] ----D C:\Users\valentin\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 01/10/2011 - 11:07:27 - [0,018] ----D C:\Users\valentin\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 21/09/2013 - 10:42:28 - [0,474] ----D C:\Users\valentin\AppData\Roaming\Complitly =>Adware.PredictAd O43 - CFD: 22/08/2013 - 16:51:10 - [0,259] ----D C:\Users\valentin\AppData\Roaming\Delta O43 - CFD: 24/09/2013 - 18:09:57 - [0,308] ----D C:\Users\valentin\AppData\Roaming\File Scout O43 - CFD: 03/09/2012 - 17:55:37 - [0,335] ----D C:\Users\valentin\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 05/09/2013 - 16:59:52 - [29,440] ----D C:\Users\valentin\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 10/05/2012 - 17:18:29 - [0] ----D C:\Users\valentin\AppData\Roaming\Sweetpacks =>PUP.SweetIM O43 - CFD: 04/10/2013 - 22:44:56 - [2,657] ----D C:\Users\valentin\AppData\Local\Allin1Convert_8h =>Adware.Allin1Convert O43 - CFD: 19/09/2013 - 14:05:09 - [0,106] ----D C:\Users\valentin\AppData\Local\Ares O43 - CFD: 05/09/2013 - 19:01:07 - [2,533] ----D C:\Users\valentin\AppData\Local\Conduit O43 - CFD: 16/09/2013 - 14:42:21 - [0] ----D C:\Users\valentin\AppData\Local\Duuqu =>Toolbar.DeltaSearch O43 - CFD: 05/09/2013 - 16:57:43 - [0,054] ----D C:\Users\valentin\AppData\Local\Wajam =>Toolbar.Wajam O43 - CFD: 21/09/2013 - 11:52:52 - [0,001] ----D C:\Users\valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard O43 - CFD: 04/10/2013 - 21:51:38 - [0,001] ----D C:\Users\valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>Toolbar.Wajam ~ 187 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 399 Legitimates Filtered in 03mn 40s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.F0AAAEC9AD5A2DD7944302396CC4D03C] - 04/10/2013 - 20:55:32 ---A- . (...) -- C:\Windows\ntbtlog.txt [175030] O44 - LFC:[MD5.28B4F72274D81E607370F4E423C27881] - 06/10/2013 - 14:37:59 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [32064] O44 - LFC:[MD5.28B4F72274D81E607370F4E423C27881] - 06/10/2013 - 14:37:59 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [32064] O44 - LFC:[MD5.28B4F72274D81E607370F4E423C27881] - 06/10/2013 - 14:37:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [32064] O44 - LFC:[MD5.28B4F72274D81E607370F4E423C27881] - 06/10/2013 - 14:37:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [32064] O44 - LFC:[MD5.92C704590FCEDDA971B7A77945DCCDA4] - 29/09/2013 - 18:17:13 ---A- . (.Pas de propriétaire - About Page.) -- C:\Windows\SysNative\RtNicProp64.dll [74272] O44 - LFC:[MD5.92C704590FCEDDA971B7A77945DCCDA4] - 29/09/2013 - 18:17:13 ---A- . (.Pas de propriétaire - About Page.) -- C:\Windows\System32\RtNicProp64.dll [74272] O44 - LFC:[MD5.93F1EED804FA69D48CD0228220D83EB5] - 29/09/2013 - 18:24:53 ---A- . (...) -- C:\Windows\SysNative\RaCoInst.log [5376] O44 - LFC:[MD5.93F1EED804FA69D48CD0228220D83EB5] - 29/09/2013 - 18:24:53 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [5376] ~ Files: 33 Legitimates Filtered in 02mn 13s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] ~ Drivers: 16 Legitimates Filtered in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0D9FE781-CF0A-4971-94CC-A8F22D545C30} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web) - http://www.searchgol.com =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - http://eu.ask.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {75b4241f-171e-44a3-bf44-23613b6e3e03} - (Ask Web Search) - http://search.tb.ask.com O69 - SBI: SearchScopes [HKCU] {979008EE-5F1E-4885-A4C6-3F0A7A8D9F52} - (01NET.com V1 Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} - (Wikipedia) - http://fr.wikipedia.org O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - http://search.sweetim.com =>PUP.SweetIM O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.885E9EB42889CA547F4E3515DCDE5D3D] [SPRF][14/05/2006] (...) -- C:\Users\valentin\AppData\Local\Temp\7za.exe [476672] [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][28/08/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\valentin\AppData\Local\Temp\AskSLib.dll [248008] [MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\valentin\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][07/08/2013] (...) -- C:\Users\valentin\AppData\Local\Temp\dfgavrqw.dll [0] [MD5.2CE6EEF84B7F306858C23000F017E2A0] [SPRF][19/03/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\Extract.bat [80] [MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF][15/10/2008] (...) -- C:\Users\valentin\AppData\Local\Temp\Extract.exe [50432] [MD5.54F530FC8928E532C437F2AB931306EF] [SPRF][25/05/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\gghelp.exe [1479504] [MD5.F2099E9E3AF48582D82FE2955AFDD6B9] [SPRF][04/10/2013] (...) -- C:\Users\valentin\AppData\Local\Temp\ICReinstall_UltimateCodec.exe [678968] [MD5.E5B227778022AC9F7BC6445E1A9BF580] [SPRF][08/05/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\instloffer.exe [64880] [MD5.E817C62144F90E405B7D0F2FDC0DE9AE] [SPRF][13/07/2012] (.SweetIM Technologies Ltd. - MultiMi Installer by SweetPacks.) -- C:\Users\valentin\AppData\Local\Temp\MultiMiSDM.exe [382296] =>PUP.SweetIM [MD5.0BF369C8765A03092F0337D80BA519C6] [SPRF][29/03/2012] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\valentin\AppData\Local\Temp\MyBabylonTB.exe [862832] =>Toolbar.Babylon [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\valentin\AppData\Local\Temp\nsi52CD.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\valentin\AppData\Local\Temp\nsi6518.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\valentin\AppData\Local\Temp\nstF276.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\valentin\AppData\Local\Temp\nsx59EE.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\valentin\AppData\Local\Temp\nsy30C.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\valentin\AppData\Local\Temp\nsyAF90.exe [110936] =>Toolbar.Conduit [MD5.876758374902C84D0DB998E31FDCD08C] [SPRF][21/03/2011] (.Pas de propriétaire - Toolbar Offer.) -- C:\Users\valentin\AppData\Local\Temp\Offer100.exe [15168] [MD5.C15D59C890F23DC780EE1AF1F54D556F] [SPRF][04/10/2013] (...) -- C:\Users\valentin\AppData\Local\Temp\optimizerpro.exe [5807624] =>PUP.OptimizerPro [MD5.A7549BF38C0FC1A0CC42F00FF3400915] [SPRF][30/09/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\SCC.dll [9638] [MD5.872E9D3DC886561AF1D27C72C4166727] [SPRF][12/06/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\Setup.exe [818424] [MD5.8F7CEAE35A52169DD5D3C786C6DB2F15] [SPRF][24/09/2013] (...) -- C:\Users\valentin\AppData\Local\Temp\setup_fsu_cid.exe [251766] [MD5.1A3D1A7349253561EF89D017F6EDD5FC] [SPRF][13/07/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\valentin\AppData\Local\Temp\SIMEEIInstaller.exe [2626512] =>PUP.SweetIM [MD5.EA5C1D73FB6840B69E5034ACE95684AF] [SPRF][17/07/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\valentin\AppData\Local\Temp\SPStub.exe [68968] =>Toolbar.Conduit [MD5.8DE9D8FDA8DF6DD2E1B99A1F297FAA8A] [SPRF][17/07/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\valentin\AppData\Local\Temp\tb01NE.dll [5134624] =>Toolbar.Conduit [MD5.C87E31670C09E7F4EF1859B4E88EA29A] [SPRF][22/07/2013] (...) -- C:\Users\valentin\AppData\Local\Temp\temp.bat [453] [MD5.943F313974A830D4634C73BEB8103F5E] [SPRF][17/07/2013] (.Conduit Ltd. - ToolbarHelper Application.) -- C:\Users\valentin\AppData\Local\Temp\ToolbarHelper.exe [86816] =>Toolbar.Conduit [MD5.C8DC5FE467F5732AF9FFCA2CFA4BC0FE] [SPRF][08/05/2012] (.SweetIM Technologies Ltd. - SweetIM Setup.) -- C:\Users\valentin\AppData\Local\Temp\toolbar_vit_sweetim.exe [6125360] =>PUP.SweetIM [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][13/07/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\{17790BB9-BCCF-44A3-AC61-B804B7C10037}.bat [0] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][21/07/2012] (...) -- C:\Users\valentin\AppData\Local\Temp\{46EFB102-9707-4955-89C3-420370E4286F}.bat [0] ~ Files: 63 Legitimates Filtered in 01mn 44s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{0B3EC9E3-CBD0-4CFE-801E-36493C403872}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe O87 - FAEL: "UDP Query User{2FA966F5-D75D-4302-8315-0DBDCA53D3B2}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe O87 - FAEL: "{887B328F-E042-4AE3-8BB6-777B5ABDC90C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM O87 - FAEL: "{2D419755-304A-48FE-9115-63EAF7321291}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM ~ Firewall: 179 Legitimates Filtered in 00mn 03s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "25BD30E1BC5D83343A835E62DDD4D41B" . (.Bing Bar.) -- C:\Windows\Installer\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}\icon_installer_ico =>Toolbar.Bing O90 - PUC: "79407899D9A1CF9449F9CE4F89A6ABF1" . (.ForceDownload.) -- C:\Windows\Installer\{99870497-1A9D-49FC-949F-ECF4986ABA1F}\ARPPRODUCTICON.exe ~ Update Products: 69 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\ded9dcb46ae814\2.6.1673.238\upd]:="upd=1" [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:dllName="BrowserDefender.dll" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:exeName="BrowserDefender.exe" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:folderName="BrowserDefender" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:serviceName="BrowserDefendert" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:version="2.6.1562.220" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKCU\Software\ded9dcb46ae814]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKCU\Software\ded9dcb46ae814]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard [HKCU\Software\ded9dcb46ae814]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard [HKCU\Software\ded9dcb46ae814]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\ded9dcb46ae814]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\ded9dcb46ae814]:SERVICE_NAME="BitGuard" =>PUP.BitGuard [HKCU\Software\ded9dcb46ae814]:usrcheckbox="" [HKCU\Software\ded9dcb46ae814]:version="2.6.1673.238" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard [HKLM\Software\Wow6432Node\ded9dcb46ae814]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:SERVICE_NAME="BitGuard" =>PUP.BitGuard [HKLM\Software\Wow6432Node\ded9dcb46ae814]:usrcheckbox="" [HKLM\Software\Wow6432Node\ded9dcb46ae814]:version="2.6.1673.238" ~ Export Key Software: Scanned in 00mn 02s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 21/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 21/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 21/09/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe SS - | Demand 01/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe SR - | Auto 19/09/2013 3099616 | (BitGuard) . (...) - C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard SR - | Auto 02/08/2011 159232 | (CDMA Device Service) . (...) - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe SR - | Auto 08/05/2013 97056 | (CltMngSvc) . (.Conduit.) - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe =>Toolbar.Conduit SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SR - | Auto 22/08/2013 220504 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe SS - | Auto 13/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 27/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Auto 05/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe SR - | Demand 13/09/2011 1098296 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe SR - | Demand 06/09/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 05/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe SR - | Auto 12/01/2011 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 18/02/2011 2372096 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 17/04/2011 130008 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SR - | Auto 25/01/2011 296448 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Auto 23/01/2012 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 10/07/2013 109064 | (WajamUpdater) . (.Wajam.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe =>Toolbar.Wajam SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 35s ---\\ Scan Additionnel (O88) Database Version : 12942 - (06/10/2013) Clés trouvées (Keys found) : 399 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 40 Fichiers trouvés (Files found) : 64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Wajam^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep^ [HKLM\SYSTEM\CurrentControlSet\Services\BitGuard] =>PUP.BitGuard^ [HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^ [HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater] =>Toolbar.Wajam^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Firefox] =>Adware.Allin1Convert^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1] =>Adware.PredictAd^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta] =>Toolbar.DeltaSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep] =>Adware.PricePeep^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>Toolbar.Wajam^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}] =>Adware.PredictAd [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}] =>Adware.PricePeep [HKLM\Software\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}] =>Adware.PricePeep [HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}] =>Adware.PricePeep [HKLM\Software\Wow6432Node\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}] =>Adware.PricePeep [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}] =>Adware.PricePeep [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}] =>Adware.PredictAd [HKLM\Software\Wow6432Node\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}] =>Adware.PredictAd [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F37A8FE-00B3-430F-85AA-F97F12E8B651}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F37A8FE-00B3-430F-85AA-F97F12E8B651}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F37A8FE-00B3-430F-85AA-F97F12E8B651}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Adware.PricePeep [HKLM\Software\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Adware.PricePeep [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch [HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch [HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}] =>Parasite.Pugi [HKLM\Software\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}] =>Parasite.Pugi [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep [HKLM\Software\Classes\AppID\Complitly.DLL] =>Adware.PredictAd [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\PricePeep.DLL] =>Adware.PricePeep [HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent [HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKCU\Software\{EBC7E151-8AF5-4026-B48E-0A8642BE4FDE}] =>Toolbar.Conduit [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\PricePeep.PricePeepBho] =>Adware.PricePeep [HKLM\Software\Classes\PricePeep.PricePeepBho.1] =>Adware.PricePeep [HKLM\Software\Classes\suggestmeyes.suggestmeyesbho] =>Adware.PredictAd [HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1] =>Adware.PredictAd [HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\AedgePerformanceBCN] =>Adware.SPointer [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\Cr_Installer] =>PUP.CrossRider [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKCU\Software\Complitly] =>Adware.PredictAd [HKLM\Software\Wow6432Node\SimplyGen] =>Adware.PredictAd [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1] =>Adware.PredictAd [HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep] =>Adware.PricePeep [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D4F18B-902D-4794-807B-D6C5314B4FF7}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D4F18B-902D-4794-807B-D6C5314B4FF7}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKLM\Software\Classes\AppID\priam_bho.DLL] =>Toolbar.Wajam [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon [HKLM\Software\Classes\Installer\Features\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing [HKLM\Software\Classes\Installer\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Classes\Installer\Features\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Classes\Installer\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.DVDVideoSoft [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.DVDVideoSoft [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] =>Toolbar.DVDVideoSoft [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}] =>Toolbar.DVDVideoSoft [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}] =>Toolbar.DVDVideoSoft [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Firefox] =>Adware.Allin1Convert [HKCU\Software\Allin1Convert_8h] =>Adware.Allin1Convert [HKCU\Software\AppDataLow\Software\Allin1Convert_8h] =>Adware.Allin1Convert [HKLM\Software\Wow6432Node\Allin1Convert_8h] =>Adware.Allin1Convert [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB04240.IEToolbar] =>Toolbar.Agent [HKLM\Software\Classes\TBSB04240.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB04240.TBSB04240] =>Toolbar.Agent [HKLM\Software\Classes\TBSB04240.TBSB04240.3] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB04240] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB04240.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar.CT2269050] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3307695] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent [HKLM\Software\Classes\wajam.WajamBHO] =>Toolbar.Wajam [HKLM\Software\Classes\wajam.WajamBHO.1] =>Toolbar.Wajam [HKLM\Software\Classes\wajam.WajamDownloader] =>Toolbar.Wajam [HKLM\Software\Classes\wajam.WajamDownloader.1] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB04240.IEToolbar] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB04240.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB04240.TBSB04240] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB04240.TBSB04240.3] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB04240] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB04240.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2269050] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3307695] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO.1] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader.1] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{872b5b88-9db5-4310-bdd0-ac189557e5f5} =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtectAll =>Toolbar.Conduit^ C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\8hffxtbr@Allin1Convert_8h.com =>Adware.Allin1Convert^ C:\Program Files (x86)\Allin1Convert_8h =>Adware.Allin1Convert^ C:\Program Files (x86)\Complitly =>Adware.PredictAd^ C:\Program Files (x86)\Duuqu =>Toolbar.DeltaSearch^ C:\Program Files (x86)\FTdownloader V4.0 =>Adware.Downware^ C:\Program Files (x86)\PricePeep =>Adware.PricePeep^ C:\Program Files (x86)\Wajam =>Toolbar.Wajam^ C:\ProgramData\Babylon =>Toolbar.Babylon^ C:\ProgramData\BitGuard =>PUP.BitGuard^ C:\Users\valentin\AppData\Roaming\BabSolution =>Hijacker.BabSolution^ C:\Users\valentin\AppData\Roaming\Babylon =>Toolbar.Babylon^ C:\Users\valentin\AppData\Roaming\Complitly =>Adware.PredictAd^ C:\Users\valentin\AppData\Roaming\OfferBox =>PUP.OfferBox^ C:\Users\valentin\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\valentin\AppData\Roaming\Sweetpacks =>PUP.SweetIM^ C:\Users\valentin\AppData\Local\Allin1Convert_8h =>Adware.Allin1Convert^ C:\Users\valentin\AppData\Local\Duuqu =>Toolbar.DeltaSearch^ C:\Users\valentin\AppData\Local\Wajam =>Toolbar.Wajam^ C:\Users\valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^ C:\Users\valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>Toolbar.Wajam^ C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\Force Download Toolbar =>Toolbar.Conduit C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\DVDVideoSoftTB =>Toolbar.DVDVideoSoft C:\Users\valentin\AppData\Roaming\SearchProtect =>Toolbar.Conduit C:\Users\valentin\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\valentin\AppData\Local\Software =>Adware.Boxore C:\Users\valentin\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\valentin\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\valentin\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\valentin\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\valentin\AppData\LocalLow\DVDVideoSoftTB =>Toolbar.DVDVideoSoft C:\Users\valentin\AppData\LocalLow\Allin1Convert_8h =>Adware.Allin1Convert C:\Users\valentin\AppData\Local\Temp\BabylonToolbar =>Toolbar.Babylon C:\Users\valentin\AppData\Local\Temp\Iminent =>Adware.IMBooster C:\Users\valentin\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard^ C:\Users\valentin\AppData\Roaming\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^ C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe =>Toolbar.Conduit^ C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe =>Toolbar.Wajam^ C:\Users\valentin\AppData\Roaming\Complitly\Complitly.dll =>Adware.PredictAd^ C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll =>Toolbar.Conduit^ C:\Program Files (x86)\Wajam\IE\priam_bho.dll =>Toolbar.Wajam^ C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll =>Toolbar.DeltaSearch^ C:\Program Files (x86)\PricePeep\pricepeep.dll =>Adware.PricePeep^ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^ C:\Program Files (x86)\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^ [HKCU\Software\SweetPacks] =>PUP.SweetIM^ [HKCU\Software\Wajam] =>Toolbar.Wajam^ [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\SweetPacks] =>PUP.SweetIM^ C:\Users\valentin\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^ C:\Users\valentin\AppData\Local\Temp\MultiMiSDM.exe =>PUP.SweetIM^ C:\Users\valentin\AppData\Local\Temp\MyBabylonTB.exe =>Toolbar.Babylon^ C:\Users\valentin\AppData\Local\Temp\nsi52CD.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\nsi6518.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\nstF276.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\nsx59EE.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\nsy30C.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\nsyAF90.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\optimizerpro.exe =>PUP.OptimizerPro^ C:\Users\valentin\AppData\Local\Temp\SIMEEIInstaller.exe =>PUP.SweetIM^ C:\Users\valentin\AppData\Local\Temp\SPStub.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\tb01NE.dll =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit^ C:\Users\valentin\AppData\Local\Temp\toolbar_vit_sweetim.exe =>PUP.SweetIM^ C:\Windows\Installer\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}\icon_installer_ico =>Toolbar.Bing^ [HKCU\Software\ded9dcb46ae814\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^ [HKCU\Software\ded9dcb46ae814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKLM\Software\Wow6432Node\ded9dcb46ae814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ C:\Users\valentin\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox C:\Users\valentin\AppData\Local\Temp\square_sweetim.bmp =>PUP.SweetIM C:\Users\valentin\AppData\Local\Temp\SweetIESetup.exe.7z =>PUP.SweetIM C:\Users\valentin\AppData\Local\Temp\SweetIMSetup.exe.7z =>PUP.SweetIM C:\Users\valentin\AppData\Local\Temp\toolbar_sweetim.bmp =>PUP.SweetIM C:\Users\valentin\AppData\Local\Temp\square_babylon.bmp =>PUP.SweetIM C:\Users\valentin\AppData\Local\Temp\square_babylonv2.bmp =>PUP.SweetIM C:\Users\valentin\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon C:\Users\valentin\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon C:\Users\valentin\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe =>Toolbar.Babylon ~ Additionnel Scan: 295868 Items scanned in 02mn 11s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google ~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar ~ http://nicolascoolman.webs.com/apps/blog/show/30478407-adware-allin1convert =>Adware.Allin1Convert ~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol =>Hijacker.SearchGol ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke ~ http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi =>Parasite.Pugi ~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ MSI: 36 link(s) detected in 02mn 12s ~ 1346 Legitimates filtered by white list End of the scan (1457 lines in 14mn 26s)(0)