cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.21.56 - Nicolas Coolman (21/10/2013)
~ Lanc� par Elisa (21/10/2013 11:03:50)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : P7GBG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du syst�me
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du syst�me

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI
Java 7 Update 40

---\\ Informations sur le syst�me
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3683 MB (64% free)
System Restore: Activ� (Enable)
System drive C: has 537 GB (91%) free of 584 GB

---\\ Mode de connexion au syst�me
~ Computer Name: TUC-TUC
~ User Name: Elisa
~ All Users Names: HomeGroupUser$, Elisa, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Elisa\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Elisa\AppData\Roaming\
~ %Desktop% : C:\Users\Elisa\Desktop\
~ %Favorites% : C:\Users\Elisa\Favorites\
~ %LocalAppData% : C:\Users\Elisa\AppData\Local\
~ %StartMenu% : C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 537 Go of 584 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/425
~ Mes Favoris (My Favorites) : 1/42
~ Mes Documents (My Documents) : 2/266
~ Mon Bureau (My Desktop) : 2/32
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2752]
[MD5.FA970C3CD01B2CCFDDA356A9636BEC25] - (.SpeedUpMyPC - Uniblue SpeedUpMyPC Monitor.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [26968] [PID.2740] =>Rogue.SpeedUpMyPC
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770608] [PID.4840]
[MD5.16DCC8ACC504A6662BB04A0ED9454A4D] - (.SFR - Propri�t�s de la connexion SFR.) -- C:\Program Files (x86)\SFR\Kit\9props.exe [959808] [PID.5028]
[MD5.38161F642AA7A2882914DDB0E90FF41C] - (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216] [PID.4124]
[MD5.B814022BC9999C2B721A02EC4310295A] - (.Smart PC Solutions - PC Speed Maximizer Smart Scan.) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe [423736] [PID.4516] =>Rogue.PCSpeedMaximizer
[MD5.937C68CC824ECFE133F171FA23B72B87] - (.Smart PC Solutions - Performance Monitor.) -- C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe [900408] [PID.2268] =>Rogue.PCSpeedMaximizer
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.1328]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4464]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4036]
[MD5.33D99B9EE34DED2A819AC99CC3E5C8A5] - (...) -- C:\ProgramData\HP Photo Creations\Communicator.exe [185920] [PID.1528]
[MD5.37141C916D40158FC72585A5319BC81B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8115200] [PID.5772]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js (.not file.)
~ Firefox Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Encore plus de jeux.lnk - Cl� orpheline
O4 - GS\Desktop [Public]: Jeux.lnk . (...) -- C:\Program Files (x86)\bfgclient\bfgclient.exe
O4 - GS\Desktop [Public]: Jouer � Adventure Chronicles - A la Recherche des Tresors Perdus.lnk . (...) -- C:\Program Files (x86)\Adventure Chronicles - A la Recherche des Tresors Perdus\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Cursed House.lnk . (...) -- C:\Program Files (x86)\Cursed House\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Dr Mal - Practice of Horror.lnk . (...) -- C:\Program Files (x86)\Dr Mal - Practice of Horror\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Hallowed Legends - Le Bateau Squelette Edition Collector.lnk . (...) -- C:\Program Files (x86)\Hallowed Legends - Le Bateau Squelette Edition Collector\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Il etait une fois a Chicago.lnk . (...) -- C:\Program Files (x86)\Il etait une fois a Chicago\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Le Jeu de la Vie.lnk . (...) -- C:\Program Files (x86)\Le Jeu de la Vie\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Midnight Mysteries - Les Sorcieres d Abraham Edition Collector.lnk . (...) -- C:\Program Files (x86)\Midnight Mysteries - Les Sorcieres d Abraham Edition Collector\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Sherlock Holmes - Le Chien des Baskerville Edition Collector.lnk . (...) -- C:\Program Files (x86)\Sherlock Holmes - Le Chien des Baskerville Edition Collector\LaunchGame.bfg
O4 - GS\Desktop [Public]: Jouer � Strike Solitaire.lnk . (...) -- C:\Program Files (x86)\Strike Solitaire\LaunchGame.bfg
O4 - GS\Desktop [Public]: SpeedUpMyPC.lnk . (.SpeedUpMyPC - Uniblue SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>Rogue.SpeedUpMyPC
O4 - GS\Program [Public]: 123 Free Solitaire for Children.lnk . (...) -- C:\Program Files (x86)\123 Free Solitaire for Children\123FreeSolitaireForChildren.exe
O4 - GS\Program [Public]: Desktop.lnk - Cl� orpheline
O4 - GS\Program [Public]: Encore plus de jeux.lnk - Cl� orpheline
O4 - GS\Program [Public]: Free Spider Solitaire.lnk . (...) -- C:\Program Files (x86)\Free Spider Solitaire\FreeSpider.exe
O4 - GS\QuickLaunch [Elisa]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Elisa]: SpeedUpMyPC.lnk . (.SpeedUpMyPC - Uniblue SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>Rogue.SpeedUpMyPC
O4 - GS\TaskBar [Elisa]: 123 Free Solitaire for Children.lnk . (...) -- C:\Program Files (x86)\123 Free Solitaire for Children\123FreeSolitaireForChildren.exe
O4 - GS\TaskBar [Elisa]: Bel Atout.lnk . (...) -- C:\Program Files (x86)\Jeux de cartes\Bel Atout\belatout.exe
O4 - GS\TaskBar [Elisa]: Bo-Jong.lnk . (...) -- C:\Users\Elisa\Documents\Bo-Jong\Bo-Jong.exe
O4 - GS\TaskBar [Elisa]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.)
O4 - GS\TaskBar [Elisa]: Free Spider Solitaire.lnk . (...) -- C:\Program Files (x86)\Free Spider Solitaire\FreeSpider.exe
O4 - GS\TaskBar [Elisa]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Elisa]: Romi.lnk . (.G�rard Brochu - Romi.) -- C:\Users\Elisa\Documents\romi_romi_7.5_francais_10942\Romi.exe
O4 - GS\Program [Elisa]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Elisa]: Lollipop.lnk . (...) -- C:\Users\Elisa\AppData\Local\Lollipop\Lollipop.exe (.not file.) =>Adware.Lollipop
O4 - GS\Desktop [Elisa]: Farmington Tales.lnk . (...) -- C:\Zylom Games\Farmington Tales\Farmington Tales.exe
O4 - GS\Desktop [Elisa]: Favoris - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [Elisa]: Images - Raccourci.lnk . (...) -- C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
O4 - GS\Desktop [Elisa]: Optimizer Pro.lnk - Cl� orpheline =>PUP.OptimizerPro
O4 - GS\Desktop [Elisa]: PC Speed Maximizer.lnk . (.Smart PC Solutions - PC Speed Maximizer.) -- C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe =>Rogue.PCSpeedMaximizer
O4 - GS\Desktop [Elisa]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe (.not file.) =>Toolbar.DeltaSearch
O4 - GS\Desktop [Elisa]: Super TextTwist.lnk . (.GameHouse - Text Twist.) -- C:\Zylom Games\Super TextTwist\TextTwist.exe
O4 - GS\Desktop [Elisa]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe =>.Nicolas Coolman
~ Global Startup: 73 Legitimates Filtered in 00mn 06s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Startup [Elisa]: Alertes de surveillance de l'encre - HP Deskjet 1050 J410 series (Copie 1).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SRS Premium Sound HD] . (.SRS Labs, Inc. - SRS Control Panel.) -- C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [TODDMain] . (.Pas de propri�taire - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propri�t�s de la connexion SFR.) -- C:\Program Files (x86)\SFR\Kit\9props.exe
O4 - HKCU\..\Run: [PC Speed Maximizer] . (.Smart PC Solutions - Fix PC problems and optimize performance.) -- C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe =>Rogue.PCSpeedMaximizer
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(R) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [TPUReg] . (.Pegatron Corporation - TOSHIBA Password Utility.) -- C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\RunOnce: [RAInstaller C:\Users\Elisa\zylom\Nightmares from the Deep - The Cursed Heart Premium Edition] . (.Microsoft Corporation - Interpr�teur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2205263597-2392721365-670168616-1001\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propri�t�s de la connexion SFR.) -- C:\Program Files (x86)\SFR\Kit\9props.exe
O4 - HKUS\S-1-5-21-2205263597-2392721365-670168616-1001\..\Run: [PC Speed Maximizer] . (.Smart PC Solutions - Fix PC problems and optimize performance.) -- C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe =>Rogue.PCSpeedMaximizer
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E29427F-1120-4AC5-B6CF-D51256789249}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50C25A4-B12F-4DC5-A63F-CAC9EDD3FE09}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E29427F-1120-4AC5-B6CF-D51256789249}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A50C25A4-B12F-4DC5-A63F-CAC9EDD3FE09}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\OPTIMI~1\OPTPRO~2.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Service Software Update (Software_update (Software_update) . (.The Software Group - Software Update.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
O23 - Service: TOSHIBA eco Utility Service (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
~ Services: 13 Legitimates Filtered in 00mn 12s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [928]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [932]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SpeedUpMyPC.job [274] =>Rogue.SpeedUpMyPC
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [EPUpdater] (...) -- C:\Users\Elisa\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe (.not file.) [0] =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [Pricora 1.4-codedownloader] (...) -- C:\Program Files (x86)\Pricora 1.4\Pricora 1.4-codedownloader.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [Pricora 1.4-enabler] (...) -- C:\Program Files (x86)\Pricora 1.4\Pricora 1.4-enabler.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [Pricora 1.4-updater] (...) -- C:\Program Files (x86)\Pricora 1.4\Pricora 1.4-updater.exe (.not file.) [0] =>Adware.Pricora
[MD5.FC387225841FF92463C5F65054998E0B] [APT] [SoftwareUpdateTaskMachineCore] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore
[MD5.FC387225841FF92463C5F65054998E0B] [APT] [SoftwareUpdateTaskMachineUA] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore
[MD5.D753BF17E24C4D5588E5FC6ABD51FD86] [APT] [SpeedUpMyPC] (.SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [395608] =>Rogue.SpeedUpMyPC
[MD5.00000000000000000000000000000000] [APT] [{26585708-DFD5-4E46-AEA9-0545231121AA}] (...) -- C:\Users\Elisa\Desktop\Dicozip.exe (.not file.) [0]
[MD5.8AE13B97BFCAD6C7D3B8C8A1C298EFB4] [APT] [{EC22262C-BE22-4C13-BDD3-1053C49C80B9}] (...) -- C:\Program Files (x86)\ZHPDiag\unins000.exe [694736]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 13s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Adventure Chronicles: A la Recherche des Tr�sors Perdus - (...) [HKLM][64Bits] -- BFG-Adventure Chronicles - A la Recherche des Tresors Perdus
O42 - Logiciel: Cursed House - (...) [HKLM][64Bits] -- BFG-Cursed House
O42 - Logiciel: Dr. Mal: Practice of Horror - (...) [HKLM][64Bits] -- BFG-Dr Mal - Practice of Horror
O42 - Logiciel: Le Jeu de la Vie - (...) [HKLM][64Bits] -- BFG-Le Jeu de la Vie
~ Logic: 142 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\592dd8ce16dba14]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Delta]
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\TPUKey]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\Wow6432Node\592dd8ce16dba14]
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
~ Key Software: 223 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/10/2013 - 15:08:21 - [101,003] ----D C:\Program Files (x86)\Adventure Chronicles - A la Recherche des Tresors Perdus
O43 - CFD: 02/10/2013 - 13:28:18 - [0] ----D C:\Program Files (x86)\Delta
O43 - CFD: 17/10/2013 - 15:00:15 - [98,395] ----D C:\Program Files (x86)\Dr Mal - Practice of Horror
O43 - CFD: 17/10/2013 - 14:28:57 - [30,001] ----D C:\Program Files (x86)\Il etait une fois a Chicago
O43 - CFD: 17/10/2013 - 14:35:37 - [141,487] ----D C:\Program Files (x86)\Le Jeu de la Vie
O43 - CFD: 21/10/2013 - 10:57:28 - [0] ----D C:\Program Files (x86)\PriceGong =>Adware.PriceGong
O43 - CFD: 02/10/2013 - 13:27:26 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 21/10/2013 - 10:52:52 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 21/10/2013 - 10:51:40 - [0] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 29/09/2013 - 21:08:00 - [1,116] ----D C:\ProgramData\Trymedia =>Adware.Trymedia
O43 - CFD: 14/08/2013 - 13:05:22 - [23,535] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 05/09/2013 - 20:42:04 - [0,002] ----D C:\Users\Elisa\AppData\Roaming\island_tribe_4_bfg_fr
O43 - CFD: 02/10/2013 - 13:28:10 - [0,001] ----D C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 17/10/2013 - 15:00:11 - [0,004] ----D C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dr Mal - Practice of Horror
O43 - CFD: 17/10/2013 - 14:28:19 - [0,004] ----D C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Il etait une fois a Chicago
O43 - CFD: 17/10/2013 - 14:34:47 - [0,003] ----D C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Le Jeu de la Vie
O43 - CFD: 19/10/2013 - 18:12:37 - [0,001] ----D C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>Toolbar.Wajam
~ Program Folder: 209 Legitimates Filtered in 01mn 06s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] - 13/10/2013 - 05:00:52 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [386923]
O44 - LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] - 13/10/2013 - 05:00:52 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386923]
~ Files: 103 Legitimates Filtered in 01mn 46s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.3255906FEF7176CF1F1F8A1F133005F9] - 02/10/2013 - 12:26:28 ---A- - C:\Windows\Prefetch\PLAYER_SETUP[1].EXE-53C4AAC9.pf
O45 - LFCP:[MD5.C7027CBB498EB2DD7D9783E027648240] - 02/10/2013 - 12:28:10 ---A- - C:\Windows\Prefetch\RJATYDIMOFU.EXE-63F24F28.pf
O45 - LFCP:[MD5.7B66CB0B6AB001444DA64A9A635F5EEC] - 02/10/2013 - 12:28:18 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-484A2228.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.CD98DFDEEAD44C87E0F92A0A8445CF4D] - 02/10/2013 - 12:28:19 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-C2829031.pf =>PUP.BitGuard
O45 - LFCP:[MD5.EB8F7C28AF524D2DEC4A3E9A5E910B4C] - 02/10/2013 - 12:28:20 ---A- - C:\Windows\Prefetch\DELTASRV.EXE-D6B916EB.pf
O45 - LFCP:[MD5.AAA82EE09072AFE02CD87DCCA24CA785] - 02/10/2013 - 12:28:23 ---A- - C:\Windows\Prefetch\DELTA4IE.EXE-D13F7138.pf
O45 - LFCP:[MD5.504B5C693471FA889ACCCB720E7D04E4] - 02/10/2013 - 12:28:23 ---A- - C:\Windows\Prefetch\OPTPROSTART.EXE-65F7E6B1.pf
O45 - LFCP:[MD5.C186F8E90C22CAC76A389B64DE082015] - 02/10/2013 - 12:28:32 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FA03D2EB.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.42CAC207F6A72B5F729CED9E439E5DA7] - 02/10/2013 - 12:28:34 ---A- - C:\Windows\Prefetch\DEALPLYUPDATEVER.EXE-1C6E4720.pf =>PUP.DealPly
O45 - LFCP:[MD5.71D45EACE548B0CF8EDD14CC84C954A9] - 05/10/2013 - 19:32:34 ---A- - C:\Windows\Prefetch\123FREESOLITAIREFORCHILDREN.E-E0054983.pf
O45 - LFCP:[MD5.0C45DC4C9ABE76011ADBBDF756A724F1] - 05/10/2013 - 19:52:41 ---A- - C:\Windows\Prefetch\JEWELLEGENDS_ATLANTIS.EXE-EAF887A1.pf
O45 - LFCP:[MD5.0DADC61A2C21E957D4A7CADB6F255DA0] - 06/10/2013 - 16:01:35 ---A- - C:\Windows\Prefetch\BIGKAHUNAWORDS_S5_L4_GF754T1L-0BB4B639.pf
O45 - LFCP:[MD5.4416391E0491D6CFA12368B0FBD1C1E9] - 06/10/2013 - 16:03:23 ---A- - C:\Windows\Prefetch\AMAZING-PYRAMIDS_S5_L4_GF5706-B4080AA3.pf
O45 - LFCP:[MD5.FB1F14A5C3AC7F2412797F85820328D7] - 06/10/2013 - 16:04:02 ---A- - C:\Windows\Prefetch\WORDMONACO_S5_L4_GF1128T1L4_D-281B6E5C.pf
O45 - LFCP:[MD5.C816828738B373CC5A4179373D7E3DB3] - 06/10/2013 - 16:04:02 ---A- - C:\Windows\Prefetch\WORDMONACO_S5_L4_GF1128T1L4_D-6F314CFB.pf
O45 - LFCP:[MD5.4FAE08314BCA1ABCEA56D7E3D830D5A5] - 06/10/2013 - 16:07:57 ---A- - C:\Windows\Prefetch\SETUP_GF1128T1L4_D2172079901_-A60E92B6.pf
O45 - LFCP:[MD5.B0B6EED4D884D23AAD1519F478A19AB7] - 06/10/2013 - 16:08:26 ---A- - C:\Windows\Prefetch\CRADLE-OF-EGYPT_S5_L4_GF6880T-2C862F10.pf
O45 - LFCP:[MD5.7C999F2BF45F661D397CE6E551EB6A65] - 06/10/2013 - 16:08:26 ---A- - C:\Windows\Prefetch\CRADLE-OF-EGYPT_S5_L4_GF6880T-AC0F4FF0.pf
O45 - LFCP:[MD5.18C159F8E848E1156652E2F68F91735F] - 06/10/2013 - 16:13:27 ---A- - C:\Windows\Prefetch\LOST-IN-REEFS_S5_L4_GF2800T1L-517D3B12.pf
O45 - LFCP:[MD5.39E5E184E8A47B4EBFD9AF78469E0754] - 06/10/2013 - 16:13:27 ---A- - C:\Windows\Prefetch\LOST-IN-REEFS_S5_L4_GF2800T1L-9501D0DC.pf
O45 - LFCP:[MD5.E7092FEA7533DDAA09CCE648B3A2CEAA] - 06/10/2013 - 16:13:28 ---A- - C:\Windows\Prefetch\CURSED-HOUSE_S5_L4_GF6589T1L4-48F25CC4.pf
O45 - LFCP:[MD5.0E2534E922983D6DA2D7DC6EA9C947AD] - 06/10/2013 - 16:13:28 ---A- - C:\Windows\Prefetch\SETUP_GF6880T1L4_D2172082978_-79A8F552.pf
O45 - LFCP:[MD5.EAD0BA102A84ED2B3566017955398099] - 06/10/2013 - 16:13:42 ---A- - C:\Windows\Prefetch\APOTHECARIUM-THE-RENAISSANCE--1CAD6029.pf
O45 - LFCP:[MD5.09A8069893373152F96CE6FE0476A540] - 06/10/2013 - 16:13:42 ---A- - C:\Windows\Prefetch\APOTHECARIUM-THE-RENAISSANCE--B47ED520.pf
O45 - LFCP:[MD5.5C45683DC38359B29981D7FE4810B026] - 06/10/2013 - 16:14:51 ---A- - C:\Windows\Prefetch\MIDNIGHT-MYSTERIES-WITCHES-OF-69D911F9.pf
O45 - LFCP:[MD5.9833EAD82677DBFE74A65B029E700C9B] - 06/10/2013 - 17:04:40 ---A- - C:\Windows\Prefetch\MIDNIGHT-MYSTERIES-WITCHES-OF-DA1050DF.pf
O45 - LFCP:[MD5.EE825D60E0CD86FC4392BECE4E8BCC32] - 06/10/2013 - 17:04:40 ---A- - C:\Windows\Prefetch\MIDNIGHT-MYSTERIES-WITCHES-OF-F72CF750.pf
O45 - LFCP:[MD5.B08838410FBCDDDEE0A0D0EE1397D7B8] - 06/10/2013 - 17:05:14 ---A- - C:\Windows\Prefetch\SETUP_GF7659T1L4_D2172086126_-C804EA1D.pf
O45 - LFCP:[MD5.8F39778C350FE7E17381541ED372A431] - 06/10/2013 - 19:57:21 ---A- - C:\Windows\Prefetch\WORDMONACO.EXE-F3D65A6D.pf
O45 - LFCP:[MD5.682D32625BE2D0E8D78841B10C83D33C] - 06/10/2013 - 21:03:20 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-44C90B62.pf
O45 - LFCP:[MD5.FDC743B0294588254B0F06994819FAB5] - 07/10/2013 - 11:19:17 ---A- - C:\Windows\Prefetch\FIRSTRUN.EXE-3834855C.pf
O45 - LFCP:[MD5.30BBD8F1B7481D6A02E82FE360C6A237] - 07/10/2013 - 11:20:10 ---A- - C:\Windows\Prefetch\9CONF.EXE-7E09A4E9.pf
O45 - LFCP:[MD5.4D28914FB64DEC34F7520E9E18F9A365] - 07/10/2013 - 13:58:45 ---A- - C:\Windows\Prefetch\AMAZING PYRAMIDS.EXE-23D6C3A3.pf
O45 - LFCP:[MD5.8225C2423D29D586EEE21AF3C1F950F5] - 08/10/2013 - 08:21:07 ---A- - C:\Windows\Prefetch\TOSDESKTOPASSIST.EXE-5A75A078.pf
O45 - LFCP:[MD5.70064D4C37908837E055F08B6C1879DA] - 08/10/2013 - 08:33:14 ---A- - C:\Windows\Prefetch\HP-DQEX5.EXE-2642C010.pf
O45 - LFCP:[MD5.38C10BCE8A2BCDB84F2B9FBC1DF81618] - 08/10/2013 - 08:42:51 ---A- - C:\Windows\Prefetch\DJ1050_J410_1313.EXE-5DD01CBE.pf
O45 - LFCP:[MD5.6FD2D233153691703251631341D61EC1] - 08/10/2013 - 08:43:19 ---A- - C:\Windows\Prefetch\HP-DQEX5.EXE-72CC3D4B.pf
O45 - LFCP:[MD5.9C9CAB0A227AB0FF56EB25275EF93F89] - 08/10/2013 - 19:48:27 ---A- - C:\Windows\Prefetch\LOSTINREEFS.EXE-382B2E07.pf
O45 - LFCP:[MD5.C29845354CCBBD7297F23320DF889491] - 10/10/2013 - 04:21:19 ---A- - C:\Windows\Prefetch\PHOTOPRODUCT.EXE-B74C27D4.pf
O45 - LFCP:[MD5.17ABEAF2FF46BB9AE54BC741F3DC8A21] - 10/10/2013 - 04:21:28 ---A- - C:\Windows\Prefetch\PHOTOPRODUCTCORE.EXE-8E292799.pf
O45 - LFCP:[MD5.A66EDDD6594744099DB3402351A668A3] - 12/10/2013 - 15:51:41 ---A- - C:\Windows\Prefetch\APOTHECARIUMSE.EXE-CBEAC9F2.pf
O45 - LFCP:[MD5.FB3B2327BDF677318BABB0E42A71F098] - 12/10/2013 - 16:51:43 ---A- - C:\Windows\Prefetch\MFPBFLJ.EXE-66ACD99D.pf
O45 - LFCP:[MD5.F77AF20ABA239FDD3B662B5839666600] - 13/10/2013 - 10:09:20 ---A- - C:\Windows\Prefetch\7.2.241.0OEMBINGBARSETUP-PART-9441ED70.pf
O45 - LFCP:[MD5.35E793F8C6F6A24D0ECFFE1FD32B4CF9] - 13/10/2013 - 20:09:05 ---A- - C:\Windows\Prefetch\PRINCESSISABELLA_THERISEOFANH-0E00FBF3.pf
O45 - LFCP:[MD5.76F6BFAB12761A00F9E2203DC25B40B0] - 13/10/2013 - 21:04:03 ---A- - C:\Windows\Prefetch\BHXXNJD.EXE-1FBA35EA.pf
O45 - LFCP:[MD5.B98E3C78D6DBF581590B4C32FC7FA212] - 14/10/2013 - 03:34:37 ---A- - C:\Windows\Prefetch\ROMI.EXE-F7E508AD.pf
O45 - LFCP:[MD5.176401540018B2363FB2911EDDF67A88] - 14/10/2013 - 17:02:46 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.ABCF338525996C3931D8A5FA70659A48] - 15/10/2013 - 06:43:15 ---A- - C:\Windows\Prefetch\TRUELINK+.EXE-9CF1FDF1.pf
O45 - LFCP:[MD5.DB48C4E238767C7DCC3E0CE0495E36DF] - 15/10/2013 - 19:53:13 ---A- - C:\Windows\Prefetch\CRADLE OF EGYPT.EXE-F85A936D.pf
O45 - LFCP:[MD5.FF931D0D79CF16E8BB5F3253A8AC85E2] - 15/10/2013 - 20:53:10 ---A- - C:\Windows\Prefetch\TJFDFZB.EXE-A2B30F5A.pf
O45 - LFCP:[MD5.F15F6EA54D3E86B5D60CC22F9AEA50BB] - 17/10/2013 - 06:48:45 ---A- - C:\Windows\Prefetch\EBAY.COREAPP.EXE-59312D07.pf
O45 - LFCP:[MD5.2884ADF1822A94750B06DAED45432E0A] - 17/10/2013 - 13:25:46 ---A- - C:\Windows\Prefetch\STRIKE-SOLITAIRE_S5_L4_GF7442-7F2FC434.pf
O45 - LFCP:[MD5.736349B58BE30FF479F2968B2DA4E8CF] - 17/10/2013 - 13:25:46 ---A- - C:\Windows\Prefetch\STRIKE-SOLITAIRE_S5_L4_GF7442-A3084E8B.pf
O45 - LFCP:[MD5.451B896B64E49A16E378FC2A0EEA51EC] - 17/10/2013 - 13:26:12 ---A- - C:\Windows\Prefetch\5CARD_S5_L4_GF71T1L4_D2178776-390CAF2B.pf
O45 - LFCP:[MD5.21CF9CCCCF514C34FADE46E4B857116C] - 17/10/2013 - 13:26:12 ---A- - C:\Windows\Prefetch\5CARD_S5_L4_GF71T1L4_D2178776-FB85523D.pf
O45 - LFCP:[MD5.F2FE9CE59AB4D16B6386098EB32C31E0] - 17/10/2013 - 13:26:45 ---A- - C:\Windows\Prefetch\IL-ETAIT-UNE-FOIS-A-CHICAGO_S-27DBC2CC.pf
O45 - LFCP:[MD5.03F0A00924118ABD500D92641FDA61F5] - 17/10/2013 - 13:26:45 ---A- - C:\Windows\Prefetch\IL-ETAIT-UNE-FOIS-A-CHICAGO_S-B00D4C7F.pf
O45 - LFCP:[MD5.908B4651907EDC16F97564B119B9254D] - 17/10/2013 - 13:26:58 ---A- - C:\Windows\Prefetch\SETUP_GF7442T1L4_D2178776569_-D634DD04.pf
O45 - LFCP:[MD5.16B7B30F657B7192513523EA25D3BDA2] - 17/10/2013 - 13:27:26 ---A- - C:\Windows\Prefetch\VVCXTXN.EXE-79CA5E9E.pf
O45 - LFCP:[MD5.ECD3B5D8BC3E308E6A83938CDAB59532] - 17/10/2013 - 13:27:35 ---A- - C:\Windows\Prefetch\SETUP_GF71T1L4_D2178776818_L4-A5136E8B.pf
O45 - LFCP:[MD5.63253942D9ABB6ED1AFD081A0013CB06] - 17/10/2013 - 13:27:48 ---A- - C:\Windows\Prefetch\LE-JEU-DE-LA-VIE_S5_L4_GF7432-0B21AA30.pf
O45 - LFCP:[MD5.98F73462F4C7C85557A8A3D1C184AA3D] - 17/10/2013 - 13:27:48 ---A- - C:\Windows\Prefetch\LE-JEU-DE-LA-VIE_S5_L4_GF7432-FE922CFF.pf
O45 - LFCP:[MD5.B4AE00BDE6282E0B618201851637A59D] - 17/10/2013 - 13:29:06 ---A- - C:\Windows\Prefetch\DR-MAL-PRACTICE-OF-HORROR_S5_-7DDA3D80.pf
O45 - LFCP:[MD5.D265E481788497E0B1FE407276781016] - 17/10/2013 - 13:29:06 ---A- - C:\Windows\Prefetch\DR-MAL-PRACTICE-OF-HORROR_S5_-D8A942A0.pf
O45 - LFCP:[MD5.F23601C6B0FF3108810AC7F1CA0D508A] - 17/10/2013 - 13:29:06 ---A- - C:\Windows\Prefetch\SETUP_GF2924T1L4_D2178777085_-6116DB1E.pf
O45 - LFCP:[MD5.E47FDCEA71D18A9A026033E4EE46FE3C] - 17/10/2013 - 13:29:10 ---A- - C:\Windows\Prefetch\GBXRSDT.EXE-E2EC1735.pf
O45 - LFCP:[MD5.E877C496A01BC5A66C4B65CED5115DF1] - 17/10/2013 - 13:30:11 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-LE-BATEAU-SQ-65983BDC.pf
O45 - LFCP:[MD5.DB102307E73A88798AE5153996518C81] - 17/10/2013 - 13:30:11 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-LE-BATEAU-SQ-A9F6DB86.pf
O45 - LFCP:[MD5.62048B49BC2612CF9D3977B8FA7F1D3B] - 17/10/2013 - 13:35:17 ---A- - C:\Windows\Prefetch\SETUP_GF7432T1L4_D2178777580_-5B72CCCC.pf
O45 - LFCP:[MD5.BCD81D7125DC53F612EFFFB06E89E336] - 17/10/2013 - 13:35:39 ---A- - C:\Windows\Prefetch\NSCE0B.TMP-DEAE9578.pf
O45 - LFCP:[MD5.827394B5D40AC2FA6D333E7F3AF2BF06] - 17/10/2013 - 13:35:40 ---A- - C:\Windows\Prefetch\NSD443.TMP-981EBC89.pf
O45 - LFCP:[MD5.9E40790C721235BDBE17B1C68B674BAE] - 17/10/2013 - 13:35:44 ---A- - C:\Windows\Prefetch\NDHZTNC.EXE-1F86527B.pf
O45 - LFCP:[MD5.5AC3AB0230A0986B1D6FF10CBB15A543] - 17/10/2013 - 14:00:15 ---A- - C:\Windows\Prefetch\SETUP_GF7950T1L4_D2178778011_-34AA6794.pf
O45 - LFCP:[MD5.ADE0E2D79489F6CCC49B4E5214FE9014] - 17/10/2013 - 14:00:17 ---A- - C:\Windows\Prefetch\NS5968.TMP-CFCB4C3B.pf
O45 - LFCP:[MD5.9D187DDDC9C6866A6DAE355479BFD656] - 17/10/2013 - 14:00:17 ---A- - C:\Windows\Prefetch\NS5F24.TMP-79A4E2E4.pf
O45 - LFCP:[MD5.D8FE1C45C87ACFF08091DAD78B083871] - 17/10/2013 - 14:00:27 ---A- - C:\Windows\Prefetch\VVNHGLF.EXE-B0FE9C7F.pf
O45 - LFCP:[MD5.8991DE73FF051A67890ED4D3C8B4937C] - 17/10/2013 - 14:01:07 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-SAMHAIN_S5_L-2538DF16.pf
O45 - LFCP:[MD5.D2DE7FD7A07013A8E6BF7F0E061832C1] - 17/10/2013 - 14:01:07 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-SAMHAIN_S5_L-AF31B872.pf
O45 - LFCP:[MD5.80F641826F2174A9F19CE24E58C70A70] - 17/10/2013 - 14:02:21 ---A- - C:\Windows\Prefetch\ADVENTURE-CHRONICLES-A-LA-REC-06A24711.pf
O45 - LFCP:[MD5.064C39DAECB168E9AE671638A4AD2884] - 17/10/2013 - 14:02:21 ---A- - C:\Windows\Prefetch\ADVENTURE-CHRONICLES-A-LA-REC-C318E463.pf
O45 - LFCP:[MD5.AD0CF10949AA5DDEB819BF4D90E69F56] - 17/10/2013 - 14:02:21 ---A- - C:\Windows\Prefetch\SETUP_GF8056T1L4_D2178778628_-0072F1FE.pf
O45 - LFCP:[MD5.E51F65E697B38B29DDE0C488B3D5D764] - 17/10/2013 - 14:06:02 ---A- - C:\Windows\Prefetch\SHERLOCK-HOLMES-LE-CHIEN-DES--9A425ED2.pf
O45 - LFCP:[MD5.7EC89AB541520A46E46F8B3A87D2C150] - 17/10/2013 - 14:06:02 ---A- - C:\Windows\Prefetch\SHERLOCK-HOLMES-LE-CHIEN-DES--E57553E1.pf
O45 - LFCP:[MD5.709F08E3824D715EEBB2A869DC3F7938] - 17/10/2013 - 14:06:04 ---A- - C:\Windows\Prefetch\SETUP_GF6658T1L4_D2178792834_-13668B69.pf
O45 - LFCP:[MD5.CC867A119D5FBF954CB277A20125FC3D] - 17/10/2013 - 14:06:04 ---A- - C:\Windows\Prefetch\XDJFBJZ.EXE-798538F2.pf
O45 - LFCP:[MD5.858BC3803CECDD5F268DD5FA09B7F8D5] - 17/10/2013 - 14:06:48 ---A- - C:\Windows\Prefetch\TREASURE-ISLAND_S5_L4_GF883T1-2A6BA9A2.pf
O45 - LFCP:[MD5.D2FDD9B42B5F872C80949A6410D8EEE0] - 17/10/2013 - 14:06:48 ---A- - C:\Windows\Prefetch\TREASURE-ISLAND_S5_L4_GF883T1-AAA920AD.pf
O45 - LFCP:[MD5.F2B6AF1AB2F5B400071F2F5332D8FA8A] - 17/10/2013 - 14:08:10 ---A- - C:\Windows\Prefetch\SETUP_GF2820T1L4_D2178793268_-86E16D79.pf
O45 - LFCP:[MD5.6EC486F94E0D7CF23828BB68BA9BB671] - 17/10/2013 - 14:08:27 ---A- - C:\Windows\Prefetch\PQQCQPZ.EXE-EA66B37C.pf
O45 - LFCP:[MD5.41ABE185AE0BCC57DBCE89FA34FB6845] - 17/10/2013 - 14:15:29 ---A- - C:\Windows\Prefetch\SETUP_GF6031T1L4_D2178793930_-D0473F79.pf
O45 - LFCP:[MD5.3D17AD8E7976A70C6FEFE1CA7C2F7040] - 17/10/2013 - 14:18:06 ---A- - C:\Windows\Prefetch\NSBDF5.TMP-29E9864B.pf
O45 - LFCP:[MD5.6C9E2468671DC18F4246CDFB1A7A6D01] - 17/10/2013 - 14:18:06 ---A- - C:\Windows\Prefetch\NSC5A4.TMP-630303E7.pf
O45 - LFCP:[MD5.2AF03F06BF61659E383ADDA5C8FD0736] - 17/10/2013 - 14:40:20 ---A- - C:\Windows\Prefetch\VOYAGE-EN-MER_S5_L4_GF2919T1L-A2A690B8.pf
O45 - LFCP:[MD5.D4065C86BB4811AEB7A820555065B15C] - 17/10/2013 - 14:40:20 ---A- - C:\Windows\Prefetch\VOYAGE-EN-MER_S5_L4_GF2919T1L-D62EBF98.pf
O45 - LFCP:[MD5.856D12D30CC1F5CB29DA59D57AD39933] - 17/10/2013 - 14:41:34 ---A- - C:\Windows\Prefetch\SETUP_GF2919T1L4_D2178811200_-ED9766B0.pf
O45 - LFCP:[MD5.8108FB8D480A4103993D27E5F0A2139E] - 17/10/2013 - 19:56:36 ---A- - C:\Windows\Prefetch\LBWQJXH.EXE-2DDABA7D.pf
O45 - LFCP:[MD5.0264EC1D6C500B2A7B2805361DC2DBD6] - 17/10/2013 - 19:56:47 ---A- - C:\Windows\Prefetch\SEAJOURNEY.EXE-CFF5A026.pf
O45 - LFCP:[MD5.5C0E796614262E22906E646B74A7179E] - 18/10/2013 - 19:55:06 ---A- - C:\Windows\Prefetch\FIVECARDDELUXE.EXE-89B279C9.pf
O45 - LFCP:[MD5.49AC5B485DCB0359EA285B20E661554D] - 18/10/2013 - 20:55:00 ---A- - C:\Windows\Prefetch\NKJMPMM.EXE-EC0EC034.pf
O45 - LFCP:[MD5.9E9154F999EC21162BF665493F46C6AC] - 18/10/2013 - 21:25:57 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1.EXE-E52DAF48.pf
O45 - LFCP:[MD5.8DE48CC30587DB674ACE628B34445AF6] - 18/10/2013 - 21:28:06 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1.EXE-19B9780B.pf
O45 - LFCP:[MD5.2616ACE9D8CE9EBC73541CF8608F0966] - 18/10/2013 - 21:28:33 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1 (1).EXE-D2257E2A.pf
O45 - LFCP:[MD5.0D7DF66033A7B2A1939BF901BD9F3AE5] - 18/10/2013 - 21:29:56 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1 (2).EXE-3797EF67.pf
O45 - LFCP:[MD5.749B709172461281753228D9754DDC84] - 18/10/2013 - 21:30:06 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1.EXE-D04982EC.pf
O45 - LFCP:[MD5.6E4AC1DD654084547D4B79952AF5B7CB] - 19/10/2013 - 17:07:04 ---A- - C:\Windows\Prefetch\FREECELL-3D.EXE-1C544675.pf
O45 - LFCP:[MD5.23DB410FDD81607FCB9196CF71F4FF26] - 19/10/2013 - 17:07:04 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-4251BD20.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.EB3A07E61289A34B1B1C0834F31EBBF9] - 19/10/2013 - 17:07:42 ---A- - C:\Windows\Prefetch\PCSM32_FR_PPI_AFD_ST.EXE-C04D8ED7.pf
O45 - LFCP:[MD5.2C70F29C6E611B52CCD212FDFD00891C] - 19/10/2013 - 17:10:32 ---A- - C:\Windows\Prefetch\KLONDIKE-SOLITAIREV1_0.EXE-A4758854.pf
O45 - LFCP:[MD5.9E64C5ECD8A8A5E747D18A5D4F9DAE0E] - 19/10/2013 - 17:10:39 ---A- - C:\Windows\Prefetch\KLONDIKE-SOLITAIREV1_0.EXE-40359C0B.pf
O45 - LFCP:[MD5.9DE42472CF4A6810CE6674B5C15991B5] - 19/10/2013 - 17:12:55 ---A- - C:\Windows\Prefetch\IE_APPROVEEXT.EXE-094C348C.pf
O45 - LFCP:[MD5.56A814980C12A7AB9BC96F1C39C128E2] - 19/10/2013 - 17:12:55 ---A- - C:\Windows\Prefetch\KLONDIKE-SOLITAIREV1_0.EXE-95CF729E.pf
O45 - LFCP:[MD5.CF82DFBBD95D2340D20640978EC67099] - 19/10/2013 - 17:12:55 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.EXE-4CC694A1.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.197E4AB05A7E95D4B85774C1A870029D] - 19/10/2013 - 17:12:55 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.TMP-3F12CC87.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.64EB420812D7DDC62526F8281FB55FD5] - 19/10/2013 - 17:12:55 ---A- - C:\Windows\Prefetch\WAJAM_DOWNLOAD.EXE-034269E1.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.CF1525E6DB9593498B3EDB6C2785E1A6] - 19/10/2013 - 17:15:12 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-73D70C70.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.8E5DF632703879D4CDF61CF79F66489B] - 19/10/2013 - 17:15:12 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-BEE66CEB.pf =>Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.DE49E4D4FB29AA097BB552FE34A2A780] - 19/10/2013 - 17:21:02 ---A- - C:\Windows\Prefetch\TASKILLFORM.EXE-2FB9A53D.pf
O45 - LFCP:[MD5.D1D9A6A48088ACAF5511EBDBFBF15D1C] - 19/10/2013 - 17:27:30 ---A- - C:\Windows\Prefetch\INS2831.EXE-275089D5.pf
O45 - LFCP:[MD5.C946465F3FDF4B6E9360F6258F65DC71] - 19/10/2013 - 17:28:20 ---A- - C:\Windows\Prefetch\BOXOREINSTALLER.EXE-469F112A.pf =>Adware.Boxore
O45 - LFCP:[MD5.C215A6D31C86D981685A99815966D968] - 19/10/2013 - 17:28:20 ---A- - C:\Windows\Prefetch\OBBOXORE_0307-76302122.EXE-C16661AE.pf =>Adware.Boxore
O45 - LFCP:[MD5.5F6E6358F07AFDA5C197019906BBDCA6] - 19/10/2013 - 17:28:57 ---A- - C:\Windows\Prefetch\FREE-SPIDER-SOLITAIRE-3.0-EN.-625F9984.pf
O45 - LFCP:[MD5.06A56D39D5C994B4A52C5E79042F9412] - 19/10/2013 - 17:28:57 ---A- - C:\Windows\Prefetch\FREE-SPIDER-SOLITAIRE-3.0-EN.-65B944D0.pf
O45 - LFCP:[MD5.5E8F0248D043A3ACEAA901D4D8C08CAD] - 19/10/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\EF.EXE-5F42DBEE.pf
O45 - LFCP:[MD5.8BD1096CABED5E0AC716B537B3FF2A40] - 19/10/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\MF.EXE-8AD665D6.pf
O45 - LFCP:[MD5.9F95AFC0066275CD3BCD71FB8C1F4C5E] - 19/10/2013 - 17:36:22 ---A- - C:\Windows\Prefetch\EF.EXE-047123A9.pf
O45 - LFCP:[MD5.5BDD705E5C299AB119F6E4F472021C04] - 19/10/2013 - 17:36:22 ---A- - C:\Windows\Prefetch\MF.EXE-3004AD91.pf
O45 - LFCP:[MD5.4E8BD73A470D112BA181A0B9F1149D9C] - 19/10/2013 - 17:36:26 ---A- - C:\Windows\Prefetch\PP.EXE-7C8702BF.pf
O45 - LFCP:[MD5.1CA6B3F5415F64341C558AC6A8C86C31] - 19/10/2013 - 17:36:27 ---A- - C:\Windows\Prefetch\13.EXE-A8237306.pf
O45 - LFCP:[MD5.3D47AF95E2DE290929CD1B3EDF4C6367] - 19/10/2013 - 17:36:27 ---A- - C:\Windows\Prefetch\PRICEGONG.EXE-1CE6BFE7.pf =>Adware.PriceGong
O45 - LFCP:[MD5.B266F760F32D21C7CDB6659CBCA8F575] - 19/10/2013 - 19:52:07 ---A- - C:\Windows\Prefetch\HALLOWEDLEGENDS_SAMHAIN.EXE-5FA4090D.pf =>PUP.weDownloadManager
O45 - LFCP:[MD5.334873CBF91A62E9263B7ACAADC1F497] - 19/10/2013 - 20:52:27 ---A- - C:\Windows\Prefetch\GDCHNNG.EXE-49280EB8.pf
O45 - LFCP:[MD5.D94460E2DAAD8289D349EF6D7BBB388C] - 19/10/2013 - 20:52:58 ---A- - C:\Windows\Prefetch\BU_.EXE-4728D472.pf
O45 - LFCP:[MD5.B15091BA03A32E7ADDB06C6FB4DC9B8E] - 20/10/2013 - 03:58:52 ---A- - C:\Windows\Prefetch\SPMREMINDER.EXE-46F72303.pf
O45 - LFCP:[MD5.4F17AA07B9A305FA93547C8DD10B246E] - 20/10/2013 - 03:58:52 ---A- - C:\Windows\Prefetch\SPMSMARTSCAN.EXE-5660B591.pf
O45 - LFCP:[MD5.FCDBFFD8D979B9E5E8FA86F5B4463FEC] - 20/10/2013 - 16:01:08 ---A- - C:\Windows\Prefetch\FREESPIDER.EXE-0C6A8E81.pf
O45 - LFCP:[MD5.0408E8534934B9857D19453F564EB643] - 20/10/2013 - 17:47:36 ---A- - C:\Windows\Prefetch\BO-JONG.EXE-B40F28DB.pf
O45 - LFCP:[MD5.DF7AE40BE196629DE053452A47FCAB43] - 20/10/2013 - 18:23:16 ---A- - C:\Windows\Prefetch\SPNOTIFIER.EXE-FC35DDED.pf
O45 - LFCP:[MD5.8228E8B8DBF6BE20485AD50C37C64D79] - 20/10/2013 - 19:45:40 ---A- - C:\Windows\Prefetch\GMACTIVATOR.EXE-9B0ECC6A.pf
O45 - LFCP:[MD5.8C153E0253C155AD7396E9128FAC1409] - 20/10/2013 - 19:46:03 ---A- - C:\Windows\Prefetch\JOC.EXE-B301C289.pf
O45 - LFCP:[MD5.1D0FD18DBA8CF9BBA35E413C12BE532D] - 20/10/2013 - 19:47:51 ---A- - C:\Windows\Prefetch\BXPZGLW.EXE-D988C23B.pf
O45 - LFCP:[MD5.F52C817368BFE8D5ADDA7766933DA59F] - 20/10/2013 - 19:48:39 ---A- - C:\Windows\Prefetch\XNKZZHK.EXE-7E6025D9.pf
O45 - LFCP:[MD5.A1F90C692E73971946FA89C66113E40C] - 20/10/2013 - 19:48:50 ---A- - C:\Windows\Prefetch\TREASUREISLAND.EXE-F81F25FF.pf
O45 - LFCP:[MD5.16C6D288F920C493B391CCEEB2198924] - 20/10/2013 - 20:49:18 ---A- - C:\Windows\Prefetch\BFGPROCESS.EXE-F82DDBBF.pf
O45 - LFCP:[MD5.6A4FD55ECA1C2552416CB11E8895A8BF] - 21/09/2013 - 17:06:58 ---A- - C:\Windows\Prefetch\SCRABBLE.EXE-B03F7D56.pf
O45 - LFCP:[MD5.2EC66EF5CCAEF1F7617E617A90980C3E] - 21/09/2013 - 17:20:27 ---A- - C:\Windows\Prefetch\BOOTSTRAPPER.EXE-A76488EF.pf
O45 - LFCP:[MD5.EF423622B9E3CB767CB30299B1F3BC58] - 21/09/2013 - 20:24:54 ---A- - C:\Windows\Prefetch\ZY-SCRABBLE.EXE-EE0FBAFD.pf
O45 - LFCP:[MD5.075AA38C6856B1C7700B6537FD269AAE] - 21/10/2013 - 04:49:06 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf
O45 - LFCP:[MD5.F5D9A2F68833ADED9BD55C8C76764F19] - 21/10/2013 - 05:10:03 ---A- - C:\Windows\Prefetch\BUBBLE DOCK ADDONSUI.EXE-58B34BD2.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.6D6D94EC8D9973DC5D3E7520F6AFBE45] - 21/10/2013 - 09:59:35 ---A- - C:\Windows\Prefetch\RELPOST.EXE-AC41CDAF.pf
O45 - LFCP:[MD5.F856B346A4063A2BC7E55B0DB952B900] - 21/10/2013 - 10:01:00 ---A- - C:\Windows\Prefetch\TOASTNOTIFIER.EXE-271D6148.pf
O45 - LFCP:[MD5.BF0C6BF063273D66DAF707DDA8840A92] - 21/10/2013 - 10:01:16 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-5F240164.pf
O45 - LFCP:[MD5.2085728F53A4CA7E5EC3135055736BAD] - 21/10/2013 - 10:01:24 ---A- - C:\Windows\Prefetch\GAMESAPPINTEGRATIONSERVICE.EX-D44D8C89.pf
O45 - LFCP:[MD5.8DAFFE9E8006C5FCB1D1B045601EC949] - 22/09/2013 - 08:41:41 ---A- - C:\Windows\Prefetch\DICOZIP.EXE-53CEEAB1.pf
O45 - LFCP:[MD5.2D0E913DF4168E6A2521BB0E2457BE5D] - 22/09/2013 - 15:49:44 ---A- - C:\Windows\Prefetch\GAMEINSTALLER.EXE-05E5C6C9.pf
O45 - LFCP:[MD5.5F9ADC31E46A537BF3356C492E858742] - 22/09/2013 - 19:46:52 ---A- - C:\Windows\Prefetch\ORDEROFTHEROSE.EXE-12AB5459.pf
O45 - LFCP:[MD5.CFD670E9C3914C55B1AAC7F5BBD08A6F] - 22/09/2013 - 21:22:07 ---A- - C:\Windows\Prefetch\ZY-WORDMOJO.EXE-F6E40AD9.pf
O45 - LFCP:[MD5.97FF96F3752BEBF05C09CA8DF471CAD8] - 23/09/2013 - 19:31:19 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-0004E8A2.pf
O45 - LFCP:[MD5.4334C5F3F41D36A7992FE18B548FD551] - 24/09/2013 - 02:50:36 ---A- - C:\Windows\Prefetch\UPT4PC_FR_62.EXE-33852CCE.pf
O45 - LFCP:[MD5.6CC460F804286915682D08A494DAF9F9] - 24/09/2013 - 03:32:02 ---A- - C:\Windows\Prefetch\TEXTTWIST.EXE-5F78505C.pf
O45 - LFCP:[MD5.3EA2AA62C4FEA25B5600CAF4191820AD] - 25/09/2013 - 20:25:43 ---A- - C:\Windows\Prefetch\RAINBOWWEB2.EXE-5B327775.pf
O45 - LFCP:[MD5.58DE92A96EA24698D4FBBCB6E6128DD5] - 29/09/2013 - 19:50:51 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-LE-BATEAU-SQ-A76EC136.pf
O45 - LFCP:[MD5.F2F744A8BBED9C04F1CC6D866F8290DE] - 29/09/2013 - 19:51:04 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-LE-BATEAU-SQ-A3C551F4.pf
O45 - LFCP:[MD5.8654839099578A6559569C85D51C2DD4] - 29/09/2013 - 19:51:05 ---A- - C:\Windows\Prefetch\HALLOWED-LEGENDS-LE-BATEAU-SQ-CAF49914.pf
O45 - LFCP:[MD5.370BBC63CAD3A2850A3534C5342071EE] - 29/09/2013 - 19:54:01 ---A- - C:\Windows\Prefetch\GAMEINSTALLER.EXE-CCF39E14.pf
O45 - LFCP:[MD5.670DA7A8625F94F5FDA28D350995F4C1] - 29/09/2013 - 20:40:32 ---A- - C:\Windows\Prefetch\GAMEINSTALLER.EXE-8132F8D2.pf
O45 - LFCP:[MD5.EB3F077EFC908C396A7BC0149499A1C2] - 29/09/2013 - 20:43:19 ---A- - C:\Windows\Prefetch\JEWEL-LEGENDS-ATLANTIS_S5_L4_-244375F3.pf
~ Prefetcher: 400 Legitimates Filtered in 00mn 06s



---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 17/08/2013 - 06:29:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
~ Drivers: 19 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 19/10/2013 - 11:09:17 ---A- . (...) -- C:\Users\Elisa\Documents\PC Speed Maximizer\CookiesException.txt [356] =>Rogue.PCSpeedMaximizer
O61 - LFC: 19/10/2013 - 11:09:17 ---A- . (...) -- C:\Users\Elisa\Downloads\freecell-3d [1].exe [6475013]
O61 - LFC: 19/10/2013 - 11:09:17 ---A- . (...) -- C:\Users\Elisa\Downloads\image.jpeg [131884]
O61 - LFC: 20/10/2013 - 11:09:13 ---A- . (...) -- C:\Users\Elisa\AppData\Roaming\Borak.Bo-Jong.Pref [73]
O61 - LFC: 20/10/2013 - 11:09:16 ---A- . (...) -- C:\Users\Elisa\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 20/10/2013 - 11:09:16 ---A- . (...) -- C:\Users\Elisa\AppData\Roaming\ZHP\ZHPDiag.txt [123189] =>.Nicolas Coolman
O61 - LFC: 21/10/2013 - 11:09:16 ---A- . (...) -- C:\Users\Elisa\AppData\Roaming\ZHP\Log.txt [45830] =>.Nicolas Coolman
O61 - LFC: 21/10/2013 - 11:09:16 ---A- . (...) -- C:\Users\Elisa\AppData\Roaming\ZHP\TestsZHPDiag.txt [2844] =>.Nicolas Coolman
~ 73 Fichiers temporaires (Temporary files)
~ Files: 373 Legitimates Filtered in 01mn 23s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - http://www.searchgol.com =>Hijacker.SearchGol
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\Elisa\AppData\Local\Temp\BoxoreInstaller.exe [620656] =>Adware.Boxore
[MD5.6E17B80952A3880D742CB2F321FC781F] [SPRF][08/10/2013] (...) -- C:\Users\Elisa\AppData\Local\Temp\defaultCache.reg [1469404]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 59 Legitimates Filtered in 00mn 00s



---\\ Export de cl�s de registre al�atoires (O91)
[HKCU\Software\592dd8ce16dba14]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\592dd8ce16dba14]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\592dd8ce16dba14]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\592dd8ce16dba14]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\592dd8ce16dba14]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\592dd8ce16dba14]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\592dd8ce16dba14]:usrcheckbox="1"
[HKCU\Software\592dd8ce16dba14]:version="2.6.1694.246"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:usrcheckbox="1"
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:version="2.6.1694.246"
~ Export Key Software: Scanned in 00mn 01s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.09C0A82DBFE03EA3371A73609D678285] [WIS][02/10/2013] (.The Software Group - Software Update Helper.) -- C:\Windows\Installer\1a82d575.msi [45056] =>Adware.Boxore
~ WIS: 62 Legitimates Filtered in 00mn 12s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Disabled 10/09/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SR - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SS - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SR - | Auto 07/10/2013 240736 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SR - | Auto 13/10/2011 156672 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 08/08/2013 559552 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
SR - | Auto 05/12/2012 201872 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SS - | Auto 19/10/2013 119408 | (Software_update) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 19/10/2013 119408 | (Software_update_m) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 04/01/2013 116240 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SR - | Demand 27/07/2012 53384 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 25/08/2012 291240 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
SR - | Demand 28/07/2012 458152 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Elisa at 21/10/2013 11:11:36
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Elisa at 21/10/2013 11:11:38

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (21/10/2013)
Cl�s trouv�es (Keys found) : 76
Valeurs trouv�es (Values found) : 7
Dossiers trouv�s (Folders found) : 12
Fichiers trouv�s (Files found) : 13

[HKLM\SYSTEM\CurrentControlSet\Services\Software_update (Software_update] =>Adware.Boxore^
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1] =>Rogue.SpeedUpMyPC
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PC Speed Maximizer =>Rogue.PCSpeedMaximizer^
C:\Program Files (x86)\PriceGong =>Adware.PriceGong^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^
C:\ProgramData\Trymedia =>Adware.Trymedia^
C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^
C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>Toolbar.Wajam^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong =>Adware.PriceGong
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro =>PUP.OptimizerPro
C:\Users\Elisa\AppData\Local\Software =>Adware.Boxore
C:\Users\Elisa\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe =>Rogue.SpeedUpMyPC^
C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe =>Rogue.PCSpeedMaximizer^
C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe =>Rogue.PCSpeedMaximizer^
C:\Windows\Tasks\SpeedUpMyPC.job =>Rogue.SpeedUpMyPC^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>Rogue.SpeedUpMyPC^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKLM\Software\DomaIQ] =>Adware.DomaIQ^
C:\Users\Elisa\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore^
[HKCU\Software\592dd8ce16dba14]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKLM\Software\Wow6432Node\592dd8ce16dba14]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
C:\Windows\Installer\1a82d575.msi =>Adware.Boxore^
~ Additionnel Scan: 212340 Items scanned in 00mn 44s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33047509-rogue-speedupmypc =>Rogue.SpeedUpMyPC
~ http://nicolascoolman.webs.com/apps/blog/show/33449013-rogue-pcspeedmaximizer =>Rogue.PCSpeedMaximizer
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq =>Adware.DomaIQ
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/29710349-adware-trymedia =>Adware.Trymedia
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager =>PUP.weDownloadManager
~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol =>Hijacker.SearchGol
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/28419247-toolbar-avira =>Toolbar.Avira
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ MSI: 29 link(s) detected in 00mn 44s



~ 1864 Legitimates filtered by white list
End of the scan (1096 lines in 08mn 36s)(0)

Publicité


Signaler le contenu de ce document

Publicité